+ Reply to Thread
Results 1 to 10 of 10
  1. Member pipemajor's Avatar
    Join Date
    Jul 2009
    Posts
    63

    Certifications
    CCENT
    #1

    Default CISA - Certified Information Systems Auditor

    I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

    The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

    And yes, I'm currently unemployed.
    Reply With Quote Quote  

  2. SS -->
  3. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #2
    The CISA is a tough cert to get because of the experience which you're mentioning. I work with three CISAs and combined they have 20-30 years of IT audit experience. I do IT audits but I've only been here for a year. For me to be able to get a CISA (even though I actually DO audits) I'd have to be here another four years or find another job over the next four that lets me continue to do audits.

    I talked to one of our CISAs and he said that you don't necessarily need 5 years of experience in auditing - if you have experience in other domains it may count for the experience. check their experience requirements again.

    ALSO, you can take the CISA exam without getting the actual cert. This will allow you to tell employers that you have passed the CISA, you just do not meet the experience requirements. However, with your time in the field of IT you probably meet the experience requirements anyway.
    Reply With Quote Quote  

  4. Network Security tpatt100's Avatar
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,886

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #3
    I wanted to take this test because I was doing auditing half of the time at my current job of five years. Pretty much the audits were technical and administrative in nature. Only problem for me is my job situation changed and the test is only offered twice a year. I would have had to pay by Sept 24th to take the December one which I was not sure if I could allocate study time if I got a new job soon.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #4
    Quote Originally Posted by pipemajor View Post
    I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

    The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

    And yes, I'm currently unemployed.
    If i were you i'd sign up for the exam it seems like you more than meet the criteria. The requirements page lists what you can use and frankly most It managers would qualify.
    Reply With Quote Quote  

  6. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,363

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #5
    Quote Originally Posted by pipemajor View Post
    I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

    The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

    And yes, I'm currently unemployed.
    I feel that you can get your experience credited even if it's not directly related to Auditing, specially that you managed teams of auditors, best way is to ask the test organization itself.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  


  7. Join Date
    Jun 2007
    Posts
    1,859
    #6
    Personally I question the marketability of ISACA's certifications. It could be because I spend my time mostly doing other things, but I've yet to see anything come across my desk that required a CISA. I'm not sure that I'd be looking at the CISA as the ticket out of unemployment.

    Based on what you've told us about your background, you can likely substitute some of what you've done for some of the direct audit experience requirements.

    As others have said, "audit experience" is fairly broad. There are many ways to achieve this, and you've likely hit some of it. The other key factor is that the experience has to have been obtained in the 10-year period preceding the application date.

    I'm more inclined to get any certification as a way to take official credit for the work that I've done, as opposed to earning the credential to get the work. The CISA is no different. My specific experience was direct management of an organization's SAS 70 response, and setting up and managing internal audit programs to meet ISO/IEC 20000 requirements. I have other audit experience as well, but you don't have to list everything...only what meets the requirements.

    I have mixed feelings about the exam. It wasn't really that tough, but it was difficult to study for. When I took it I really hadn't had much time to study, and so I wasn't sure how I did on it. The one thing that I can really say is that the exam is long....if I remember correctly it was 200 questions on a Saturday morning. At some point I felt as if I was just going through the motions. I would rank it as mildly harder than the PMP, but much less difficult than many of the technical exams that people at this site mostly take.

    You might also consider the CIA certification, here's a link to that: Certified Internal Auditor - The Institute of Internal Auditors

    Aside from auditing, the place that I would probably be looking at the moment for the next (1-2 years) hot high-level certification is the CBAP. More information at http://www.theiiba.org/AM/Template.c...ContentID=4688 .

    MS
    Last edited by eMeS; 09-06-2009 at 07:22 PM.
    Reply With Quote Quote  

  8. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #7
    Funny that you say that. I just did a Monster search out of curiosity about what you said. I found 16 pages of jobs listing the CISA as either a requirement or something they would like to see on your resume.
    Currently working on: Resting
    Reply With Quote Quote  


  9. Join Date
    Jun 2007
    Posts
    1,859
    #8
    Quote Originally Posted by veritas_libertas View Post
    Funny that you say that. I just did a Monster search out of curiosity about what you said. I found 16 pages of jobs listing the CISA as either a requirement or something they would like to see on your resume.
    I did the same search...looks like it was mostly recruiters and agencies that posted out there.

    My work comes directly from customers, so looking on Monster or some other job board for full-time or contract-to-full-time work at a much lower rate than I'm willing to work isn't an option.

    MS
    Last edited by eMeS; 09-07-2009 at 01:26 AM.
    Reply With Quote Quote  

  10. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #9
    Quote Originally Posted by eMeS View Post
    My work comes directly from customers, so looking on Monster or some other job board for full-time or contract-to-full-time work at a much lower rate than I'm willing to work isn't an option.

    MS
    Gotcha! I was wondering why you would say that.
    Currently working on: Resting
    Reply With Quote Quote  


  11. Join Date
    Jun 2007
    Posts
    1,859
    #10
    Quote Originally Posted by veritas_libertas View Post
    Gotcha! I was wondering why you would say that.
    No worries...I know a ton of people that do different audit jobs full-time in companies. A few of them have a CISA or a CIA, but it's a small percentage of the total population.

    I just don't equate "marketable" as necessarily equal to what staffing agencies and recruiters say they want.

    MS
    Last edited by eMeS; 09-07-2009 at 01:31 AM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks