Certs to pursue to get more "technical" knowledge as an IT Auditor...?

CV33CV33 Member Posts: 22 ■□□□□□□□□□
My boss wants our audit team to gain more technical knowledge so that we can apply that in our auditing work.

We already have our CISAs but he wants to get deeper than that. We all skipped A+, Sec+, Network+, & Server+ and opted for an advanced cert out of the gate.

I suggested CISSP but he is thinking about us doing A+, Sec+, Network+, & Server+ before CISSP.

I tend to think that may be a waste of time & money. Can anyone who has gone through both sets speak to this? Any recommendations?

Thanks ahead!

Comments

  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    He is right, the CISA overlaps with many CISSP domains. You will get more general high level knowledge if you go for Network+. Based on the environment you are currently running, you will get also more technical knowledge if you go for the Microsoft certifications, those focus more on technical requirements. As an example, you will be able to audit inheritance paths in Active Directory better if you understand how group memberships work.

    Usually people get this type of experience because they transition over time from technical roles to more administrative type roles like CISSP and CISA and bring the technical experience having worked as Helpdesk or System Admins. Since you can't go backwards now in terma of roles, getting Network+ and MCSA certs would be better. Also, if your boss has any type of authority he can always put a request to build you guys an internal lab with full access for you where you can play around and gain experience by labbing.
  • CV33CV33 Member Posts: 22 ■□□□□□□□□□
    TheFORCE wrote: »
    He is right, the CISA overlaps with many CISSP domains. You will get more general high level knowledge if you go for Network+. Based on the environment you are currently running, you will get also more technical knowledge if you go for the Microsoft certifications, those focus more on technical requirements. As an example, you will be able to audit inheritance paths in Active Directory better if you understand how group memberships work.

    Usually people get this type of experience because they transition over time from technical roles to more administrative type roles like CISSP and CISA and bring the technical experience having worked as Helpdesk or System Admins. Since you can't go backwards now in terma of roles, getting Network+ and MCSA certs would be better. Also, if your boss has any type of authority he can always put a request to build you guys an internal lab with full access for you where you can play around and gain experience by labbing.


    Not quite what I wanted to hear. That's a much longer road.

    You really feel like leaving comptia out and pursuing CISSP would leave a gap in knowledge?
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    CV33 wrote: »
    Not quite what I wanted to hear. That's a much longer road.

    You really feel like leaving comptia out and pursuing CISSP would leave a gap in knowledge?

    CISSP is geared towards people that want to take the path towards management it is not focused on technical knowledge. Comptia, Microsoft and Cisco certs are more technically focused because they are atleast the latter 2 vendor spcific. You get more technical knowledge if you pursuing vendor specific certs. Cissp is vendor neutral just like the CISA. Read the CISSP domains for more information but there is a reason the CISSP is called the "mile wide and an inch deep" certification. You will not get any more technical knowledge from the cissp.
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    If you feel like you don't want to do CompTIA certs, I understand, but they should not be discredited at all. Everyone should have basic technical knowledge that those certs test you on. Have you thought about the GIAC - GSNA cert? GIAC Certifications | GSNA | Systems | Network Auditor | Certification
    I am a Jack of all trades, Master of None
  • CV33CV33 Member Posts: 22 ■□□□□□□□□□
    TheFORCE wrote: »
    CISSP is geared towards people that want to take the path towards management it is not focused on technical knowledge. Comptia, Microsoft and Cisco certs are more technically focused because they are atleast the latter 2 vendor spcific. You get more technical knowledge if you pursuing vendor specific certs. Cissp is vendor neutral just like the CISA. Read the CISSP domains for more information but there is a reason the CISSP is called the "mile wide and an inch deep" certification. You will not get any more technical knowledge from the cissp.

    Hmm. From that standpoint, I can see how A+ at a minimum would be valid.

    I'm just not sure if the other 3 are worth the time. Maybe network+.

    I'm just trying to make sure I make the most efficient use of my time...
  • CV33CV33 Member Posts: 22 ■□□□□□□□□□
    danny069 wrote: »
    If you feel like you don't want to do CompTIA certs, I understand, but they should not be discredited at all. Everyone should have basic technical knowledge that those certs test you on. Have you thought about the GIAC - GSNA cert? GIAC Certifications | GSNA | Systems | Network Auditor | Certification

    Yes, we felt like the GSNA cert would be the capstone cert because it seems to be the most hands on for an auditor. That is definitely on the list but last.
Sign In or Register to comment.