New · April 2026 cohort ISACA Accredited Training Organization

ISACA TRI-CERT BOOTCAMP · CISA + CISM + CRISC

Earn 3 ISACA certifications in 2 weeks —
and train to perform like a real IT auditor.

Pass CISA, CISM, and CRISC through an immersive live bootcamp paired with the Cubelet AI governance simulator — built to develop real-world audit, risk, and governance judgment, not recall.

Apply for the next cohort See if you qualify for employer sponsorship

THE DIFFERENCE

Most certification programs teach you to pass tests. This one trains you to make real audit decisions.

§ 01 · THE THESIS

It isn't a knowledge gap. It's a judgment gap.

You can read the Review Manual cover to cover and still miss the one thing the exam actually tests — how to reason the ISACA way, under pressure, with incomplete evidence.

TODAY'S PATH

6–12 mo

to self-prep across three credentials

THE MATERIAL

Abstract

dense frameworks, no reps with real evidence

AFTER PASSING

Not ready

for a real engagement on day one

§ 02 · THE THREE CREDENTIALS

Three credentials, three lenses, one integrated practice.

Roughly 60% of their body of knowledge overlaps — governance, IT controls, risk, evidence. Learning them together means you see the same scenario through three lenses while the reasoning is still fresh.

CISA 5 domains · 150 items

The Auditor's Lens

Certified Information Systems Auditor. The most recognized IS audit credential in the world — 151,000+ holders across 188 countries. Scope risk-based audits, evaluate IT general controls, defend evidence sufficiency.

  • · ITAF standards & risk-based planning
  • · IT general & application controls
  • · Evidence sampling & workpaper discipline
  • · SOC 1 / SOC 2, CMMC, SOX mappings
  • · QAE practice & exam-strategy labs
CISM 4 domains · 150 items

The Manager's Lens

Certified Information Security Manager. 88,000+ holders. The preferred credential on the CISO track. Translate technical risk to the board, build a program that delivers ROI, lead incident response under scrutiny.

  • · Enterprise governance alignment
  • · Risk management against appetite
  • · Program development & KPIs
  • · Incident classification & BIA
  • · ISO 27001 & NIST CSF framing
CRISC 4 domains · 150 items

The Risk Lens

Certified in Risk & Information Systems Control. The authoritative risk credential for professionals who translate IT risk into capital-allocation language. Build a risk register that informs decisions, not one that collects dust.

  • · COSO ERM & ISO 31000 frameworks
  • · Qualitative & quantitative analysis
  • · Control design & KRIs / KCIs
  • · Third-party & emerging-tech risk
  • · Risk reporting to boards

Want CDPSE? Add it as an auxiliary module for $2,495. Corporate & team rates on request.

§ 03 · THE DIFFERENTIATOR

AI in the flow of training.

Real scenarios. Socratic probing. Four-dimensional scoring. Every cohort gets access to the Cubelet AI governance simulator — the same judgment engine Divergence built for ISACA and CMMC practitioner prep.

FNC-003 · CISA Assessor Lens

turn 3 of 12

SCENARIO

FinSecure operates a core banking platform on legacy IBM midrange. IT Operations has been applying emergency patches directly to production without change tickets — the manager says they have verbal CIO approval, documented after the fact. You pull the 90-day change log and find 34 undocumented changes, three of which coincide with customer transaction anomalies in the incident log.

ASSESSOR PROBE · Q1

"From a CISA perspective — what is the primary risk this scenario presents? Is it an IT risk, a business risk, or both? Walk me through your reasoning."

COMPLICATING FACTOR · turn 6

The IT Director just informed you the ITSM platform was migrated 45 days ago. Logs prior exist only on legacy tape backups, which may not be recoverable in your audit window. How does this affect your scope statement and sampling-sufficiency conclusion?

MIRROR MOMENT · end of session

"You went straight to action when the methodology called for evidence classification first. A licensed auditor is expected to see not just what the risk is — but who owns it."

WHAT THE SIMULATOR BRINGS

  • 100+ scenarios

    Drawn from real audits, incidents, and governance dilemmas — not canned multiple-choice.

  • Lens pivoting

    Same scenario, different lens (CISA vs. CRISC vs. CISM) — so you see where the reasoning diverges.

  • Cross-framework map

    Connects ISACA reasoning to NIST 800-53, CMMC, ISO 27001, SOC 2 — the way you'll use it on the job.

  • Agent coach

    On-demand feedback on strengths, gap vocabulary, directional errors, and a personalized study plan.

Built by our sibling platform Cubelet AI / GRID42. Exclusive to Euler Center / Divergence Academy cohorts.

§ 04 · THE FORMAT

Two weeks. Built for the working practitioner.

9 AM – 5 PM, virtual live. Domain deep-dives, workpaper exercises, group debriefs, and scenario runs that pivot the same case through three different lenses.

  1. 01 → PRE-WORK

    Profile & diagnostic

    Official Review Manuals, QAE database, Self-Study Online, plus a simulator diagnostic that maps your strengths and gaps across all three credentials. Your instructor reviews before Day 1.

  2. 02 → DAYS 1–4 · CISA

    The auditor's mind

    Domain deep-dives, workpaper exercises, and simulator scenarios that teach you to scope, sample, and defend evidence sufficiency.

  3. 03 → DAYS 5–7 · CISM

    The manager's mind

    Governance architecture, risk treatment against business appetite, program ROI, and incident response. Group debriefs where your cohort plays CIO, CISO, and board.

  4. 04 → DAYS 8–10 · CRISC

    The risk mind

    Risk identification leaders act on, quantification in CFO-grade language, control design, KRI selection, third-party & emerging-tech exposure. Final cross-domain integration sessions.

  5. 05 → EXAM WINDOW

    Voucher in hand

    Three ISACA exam vouchers, one-year ISACA membership, 90 days of simulator access. Office hours with your instructor through your first sitting.

  6. 06 → AFTER

    A practitioner community

    Divergence alumni span Big Four, internal audit, defense contractors, banks, SaaS, and federal oversight. You plug in to a working group that keeps sharing artifacts long after you pass.

§ 05 · TIME COMPRESSION

Six to twelve months of prep, compressed into two intentional weeks.

OPTION 1

Self-study the traditional way

  • 6–12 months across three credentials
  • Abstract frameworks without reps on real evidence
  • No feedback loop — you don't know when you're reasoning wrong
  • Pass the exam, still not job-ready on day one

ESTIMATED ~600 HOURS

OPTION 2

The Tri-Cert Accelerator

  • 2 weeks, cohort of 15, live 9–5
  • Three lenses taught against the same scenarios
  • AI simulator with four-dimensional scoring & mirror moments
  • Leave with judgment — not just a passing score

80 LIVE HOURS · ~42 CPE · 90 DAYS POST-ACCESS

§ 06 · TUITION

Three credentials, one bundle.

$6K–$12K equivalent training value. Priced as an investment in the next 12–18 months of your career — not three separate courses over a year.

TRI-CERT · 2026 COHORT

$8,995 $10,485

Save $1,490 vs. individual enrollment

Apply now Sponsorship kit

TUITION INCLUDES

  • Three ISACA exam vouchers

    One attempt each for CISA, CISM, CRISC

    $2,235 value

  • Three ISACA Review Manuals

    Official, latest job-practice editions

    $390 value

  • Three QAE databases

    Questions, Answers & Explanations — 12-month access

    $897 value

  • ISACA Self-Study Online Review

    All three credentials

    included

  • One-year ISACA membership

    Unlocks CPEs and retake discounts

    $135 value

  • Up to 42 ISACA CPE hours

    ~14 per credential, logged under our ATP designation

    ATP-logged

  • 90 days simulator access

    Cubelet AI governance engine, post-cohort

    exclusive

  • Office hours with the instructor

    Through your first exam sittings

    included

§ 07 · EMPLOYER SPONSORSHIP

Your employer should pay for this. We make that easy.

We issue invoices, W-9s, and itemized receipts for CPE reporting. Teams of three or more receive a discount. Dedicated cohorts can be scheduled for 10+. VA/VR&E benefits and Microsoft Partner co-sell funding may apply — we help you navigate.

Download the sponsorship kit Request a team quote

ROI KIT INCLUDES

  • Justification memo template addressed to your manager or L&D lead
  • Comparative cost table vs. three separate vendors
  • Skills matrix mapped to internal audit, GRC, and security roles
  • W-9, ACH/wire instructions, PO intake form
  • CPE reporting deliverables for your compliance team

§ 08 · FAQ

Before you apply.

Is this a CPE grab or actual exam prep?

+

Both — and we're honest about it. Some of your cohort will be there to refresh reasoning and bank CPE hours. Others sit the exams within 60 days of graduation. The simulator and scenario debriefs are what make this a bootcamp instead of a video dump — and the exam candidates usually drive the most engagement, which makes the room better for everyone.

Why all three together? Why not one at a time?

+

Because the three credentials share roughly 60% of their body of knowledge — governance, IT controls, risk frameworks, audit evidence — and the real exam questions test your ability to hold multiple lenses at once. Two immersive weeks means you see the same scenario from three angles while the reasoning is still fresh. CDPSE is different (technical privacy engineering) which is why we offer it as an optional add-on.

What if I only want CISA?

+

We offer each cert as a standalone course — see CISA Prep, CISM Prep, and CRISC Prep in our programs list. The tri-cert bundle exists for professionals who know they want all three over the next 12–18 months and would rather compress the learning into two weeks than stretch it across a year.

What are the experience requirements?

+

You can sit for all three exams with zero prerequisites. To earn the credentials, ISACA requires documented experience: 5 years for CISA (waivers up to 3), 5 years for CISM with 3 in management (waivers up to 2), and 3 years for CRISC (no waivers). Most candidates pass first and complete experience documentation in the 5-year window that follows. Our instructors advise on waivers and career moves that accelerate eligibility.

How is the simulator actually used day-to-day?

+

Every session has a simulator block. You run a scenario, your instructor watches the scoring trace, and the cohort debriefs — comparing reasoning chains, identifying where the CISA lens diverged from the CRISC lens, and rewinding with a complicating factor injected. You also get 90 days of post-cohort access to practice independently.

What if I don't pass on the first try?

+

You keep your ISACA membership, you keep 90 days of simulator access, and your instructor holds targeted office hours for retake prep. Retake fees are paid directly to ISACA at the member rate your included membership unlocks. We don't sell "pass guarantees" — the industry has proven those to be gimmicks. We sell the discipline and the engine that make passing the predictable outcome.

Who is teaching this?

+

The lead instructor is a practicing systems auditor quad-credentialed across CISA, CISM, CRISC, and CDPSE — one of the few instructors in North America holding all four ISACA GRC certifications. Divergence Academy is an ISACA Accredited Training Organization (ATO).

§ 09 · REGISTER INTEREST

Two weeks. Three lenses. A new way of thinking.

Fifteen seats per cohort. Next cohort begins April 27, 2026. Application review is rolling — earlier applicants get their choice of cohort month.

Apply for the next cohort Talk to admissions

DIVERGENCE ACADEMY · ISACA ACCREDITED TRAINING ORGANIZATION · POWERED BY CUBELET AI