+ Reply to Thread
Results 1 to 11 of 11
  1. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #1

    Default Anyone know anything about becoming a CISA?

    seems like a market that will always be around.... anyone know how tough it is to get into? what is pay scale? how does one get required experience?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Nov 2008
    Location
    Florida
    Posts
    258

    Certifications
    some
    #2
    I remember seeing a pay chart showing CISA getting paid in the 6 figure range. Look in the ISACA site. They list requirements.
    Reply With Quote Quote  

  4. Coffee Addict coffeeking's Avatar
    Join Date
    Feb 2008
    Location
    WORLD
    Posts
    304

    Certifications
    BSIT from OIT, CCNA, CCNA:Sec, SECURITY+, MCITP: SQL SRVR 2008, CISA
    #3
    4 years of full time experience in one of their listed domains, from what I have heard their criteria of what they count as experience isn't that extensive, only they can tell you this better, just send them an email listing your experience and they should be able to tell you. Also, it is not a technical cert, more of a management cert and from what I have heard it is not one of the tough ones. I work with a few guys who have this is and I don't think anyone of them ever failed it....I can't confirm anything because I don't have one yet, but just things I have heard. GOOD LUCK!
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    People with the CISA cert are usually IT auditors that work with compliance auditing for SOX, GLBA, HIPAA, etc. Auditors belong to professional organizations like The Institute of Internal Auditors (IIA). You need to work for several years as a professional auditor to qualify for the CISA.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  


  6. Join Date
    Jun 2007
    Posts
    1,859
    #5
    From what I recall it ends up being 3 years of experience in any combination of the ISACA job practice areas. 2 years credit is given for having a bachelor's degree, and if I remember correctly only 2 years of experience from the total 5 can be substituted by other means.

    In any event, the job practice areas are sufficiently broad. As was previously posted, this is more of a management than a technical cert, and if you've done that type of management-level work then it is likely covered in one or more of the job practice areas. Either you've done this type of work or you haven't, and there's really not much else to it...

    The toughest thing that I recall about the exam was getting up early on Saturday and sitting somewhere for 3 hours so that I could get through all 200 (I think) questions. Definitely not as easy as the PMP but certainly as tedious. This is not an exam that can be passed without knowing the material or sufficient study; I procrastinated quite a bit and didn't study enough, but I had setup an ISO/IEC 20000 audit program as well as managed an organization's regular response to SAS 70 audits in the past, so I knew enough about the theory to pass this exam. Honestly, when I completed the exam I wasn't certain whether I had passed or not.

    I remember that submitting the proof of experience was a somewhat convoluted process. ISACA required quite a bit of documentation to establish that I met the experience requirements, and I had to submit an official copy of my bachelor's transcript.

    Overall, earning the CISA has had relatively no effect on me or my business at this point. That might be a different story if I were going at IT auditing full force and put myself out there as someone who is here to *****-slap IT audits, but I'm not. I would be a bit dubious about salary projections for the any certifications, as it seems to me that the vendors of these certs or the people that sell training for them would want these to skew on the high side. There are too many factors other than a cert that go into anyone's compensation.

    Here's the thread I posted when I recently passed the CISA: I am a...

    Best wishes to you,

    MS
    Reply With Quote Quote  

  7. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #6
    thanks for the replies guys. damn, im frustrated. seems like a catch 22. need the experience to get the title, but cant afford the pay cut to start back at the bottom for 3 years. im really looking for somehting to augment my current IT skills and make myself more marketable, make a little more $$, but more importantly, open new doors for me. im kind of sick of the "net admin at someone's business" career path. it could be bad experiences from my last 2 jobs... i just dont know how to get anything at a decent company. i hear people talking about how great their jobs are... they make all this cash, great benefits, interesting company etc etc.... i just have no idea.

    ugh.
    Reply With Quote Quote  


  8. Join Date
    Jun 2007
    Posts
    1,859
    #7
    Quote Originally Posted by tdean View Post
    thanks for the replies guys. damn, im frustrated. seems like a catch 22. need the experience to get the title, but cant afford the pay cut to start back at the bottom for 3 years. im really looking for somehting to augment my current IT skills and make myself more marketable, make a little more $$, but more importantly, open new doors for me. im kind of sick of the "net admin at someone's business" career path. it could be bad experiences from my last 2 jobs... i just dont know how to get anything at a decent company. i hear people talking about how great their jobs are... they make all this cash, great benefits, interesting company etc etc.... i just have no idea.

    ugh.
    My advice to you would be to design, implement, and manage an audit program as a "net admin at someone's business". Whether the business you're working for is requesting it or not, you can develop quite a bit of useful experience that will eventually accumulate to meet the requirements of the CISA. You might also be seen as someone taking the bull by the horns, which will look good on your resume and might get you into one of these great jobs of which you speak.

    It is my experience that almost all businesses are subject to some type of audit. There is plenty of opportunity here IMO....

    MS
    Reply With Quote Quote  

  9. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #8
    Quote Originally Posted by eMeS View Post
    My advice to you would be to design, implement, and manage an audit program as a "net admin at someone's business". Whether the business you're working for is requesting it or not, you can develop quite a bit of useful experience that will eventually accumulate to meet the requirements of the CISA. You might also be seen as someone taking the bull by the horns, which will look good on your resume and might get you into one of these great jobs of which you speak.

    It is my experience that almost all businesses are subject to some type of audit. There is plenty of opportunity here IMO....

    MS
    hmmm, thats so crazy it just might work! seriously though, i know what you're saying... nothing is stopping me from doing it as i work somewhere anyway. if they are audited, the info is already there. i could use my next job as my own lab.
    Reply With Quote Quote  

  10. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #9
    I work with a CISA and he's definitely not in the six figure range. A lot of non-auditors have the CISA, at least in the financial industry. Many large (top 100 in assets) banks and credit unions have a CISA on staff for policy development and business continuity. In my experience many of the CISA certified individuals which I have met are often high management (Sr VP of IT, CSO, etc).
    Reply With Quote Quote  

  11. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #10
    I should point out here that people are not handed $100K+ jobs simply for passing the CISA, CISM, or CISSP certification exam. It's their prior work experience that gets them 90% of that salary and the cert(s) help with getting the other 10%.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  12. Stop,Collaborate + Listen LarryDaMan's Avatar
    Join Date
    May 2008
    Location
    DC Suburbs
    Posts
    792

    Certifications
    CISSP, CISA, PMP, FITSP-M, Security+, Network+, A+, (expired: CCNA, CCENT)
    #11
    Quote Originally Posted by JDMurray View Post
    I should point out here that people are not handed $100K+ jobs simply for passing the CISA, CISM, or CISSP certification exam. It's their prior work experience that gets them 90% of that salary and the cert(s) help with getting the other 10%.
    Truer words were never written. No organization is going to expose themselves to the massive liabilities that could be incurred due to a faulty audit or inadequate security just because you have a CISSP or CISA.

    That is why it is very rare for someone to break into security without first having other related experience. An entry level security job could almost be considered an oxymoron.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks