+ Reply to Thread
Results 1 to 4 of 4
  1. Junior Member Registered Member
    Join Date
    Oct 2017

    Default Advice, security/auditor path

    Hi all.

    I would like to start more knowledge and certifications, for what I have been reading in this site, everything depend on the path and background.

    First let me summarize my background, I have a bachelor degree in computer science, lot of knowledge in networking, servers, linux administration and many of its services, Cisco router/switches configuration. Since almost 2 years ago I switched to support security projects so I have learned about PCI, SOX.

    Second, I'm aiming to be more like a internal auditor and security "manager" or specialist role, no too much of a security admin that apply all the security (however I want to know about it). But work with the auditors, controls, oversee security, risk management, define and update security policies, etc..

    I'm a little overwhelmed with all the info I find, I was thinking on the SEC+ to start and get an update on all the new info, refresh some technical info, learn on new attacks, methods, etc. is it a good start?
    any other good to start with ?

    then what? I was thinking in CISA and CISM but I don't have 5 years or more as auditor or in security.

    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Jun 2016
    Having worked extensively in the cyber security management, GRC and audit field in my opinion what you should do is get the Cissp to give you that full overview of security. Get a role in this area - I.e. big 4 - and go for CISA and CISM. You can pass exam and wait till you have experience to get the cert. These 3 are main ones. You can also do SANS 507 - GSNA cert which looks at the technical side of auditing - networks, OS, web applications.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2013

    Cisco (3), CompTIA (2), EC-Council (2), GIAC (3), ISACA (1), ISC2 (1)
    Do you have the experience to meet the CISSP requirement? If so, skip Security+ and go for the CISSP.

    As far as CISA, there are experience waivers for education so I would see if you qualify for any of those. I would also look at the domains because they aren’t all traditional auditing things and it’s possible you actually have experience the qualifies.

    Look at your company and see if you can get a GRC role, or look outside of your company...but I would try to get at minimum CISSP...preferably CISSP and CISA before you leave because it will be easier to find a role and you can get paid more. I would also start learning about the different frameworks...NIST 800 series and RMF, ISO, COBIT, etc.
    Reply With Quote Quote  

  5. Junior Member Registered Member
    Join Date
    Jan 2016
    I would do Cobit and the CISSP training, you can take the exam later on
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks