Path to Begin for Security Professional
wdebrian
Registered Users Posts: 1 ■□□□□□□□□□
I am the Director of Security for a medium sized business, and have worked in Security for quite some time. I have my CISSP among others. Unfortunately, I am not up to speed on many of the entry level certificates that exist these days. I have a co-worker that has recently worked in sales completing RFP's, but has a lot of institutional knowledge on overall security audit tasks as she has assisted me with SOC 2 preparation among other things. She's a good friend of mine and wants to be out of the Sales role and focus on Security to actually begin a career path. She is a very sharp lady, young and VERY detail oriented. Therefore, I am bringing her onto my staff to assist with SOC 2 audit, internal client security audits, policy work, etc. I will teach her the in's and out's of Risk Assessments, vulnerability scanning and more.
What would you recommend for certs to learn the basics. I have already recommended the SEC+ cert as well as possibly tackling the GISF. She is NOT highly technical in terms of existing networking/IT knowledge, but she is very knowledgeable of business processes, and security fundamentals. I am essentially taking her under my wing to help her on this path.
Again, I don't see her being a pen tester or along those lines. What would be the recommended path for non-technical certs that you all recommend. I have my own thoughts, but wanted to really hear from others as my views may be tainted.
What would you recommend for certs to learn the basics. I have already recommended the SEC+ cert as well as possibly tackling the GISF. She is NOT highly technical in terms of existing networking/IT knowledge, but she is very knowledgeable of business processes, and security fundamentals. I am essentially taking her under my wing to help her on this path.
Again, I don't see her being a pen tester or along those lines. What would be the recommended path for non-technical certs that you all recommend. I have my own thoughts, but wanted to really hear from others as my views may be tainted.
Comments
-
mokaz Member Posts: 172According to the few keywords i could grab from your post, i'd say that something like CISA should be geared towards your needs.. But she might not qualify yet for the required experience..
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Add ITIL to your list, if she is good with business processes ITIL could elevate her even more. The PMI-RMP might be another one. To get a bit more in-depth beginner knowledge you can also consider the GSEC.
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□Security+ for the win. Can't think of a better entry-level learn the basics 101 test or study program.
-
leboratorical Member Posts: 46 ■■■□□□□□□□I think you're on the right path with the Security+ in order to fill out the 'minimum' of the technical areas. Also, it sounds like your co-worker is on, and wants to be on more of the GRC/audit pathway.
If that is right, then you might also want to consider something like the CCSK if you're also moving into the cloud, but the ISACA CISA, CRISC and CGEIT certs are all options.
Otherwise, it might help to do some specifics - you say vulnerability scanning etc. Are there Qualys specific qualys that will help in her early years? -
stryder144 Member Posts: 1,684 ■■■■■■■■□□I was going to suggest looking into COBIT 5, by ISACA, but their site is unavailable.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□I too would suggest something like the CISA but after some fundamental knowledge...even if it's just from Sec+ and Net+. CISA is based on processes and managing risk for the business instead of getting into the weeds of technology...but CISA has an experience requirement so it wouldn't help immediately. Eventually the CISSP needs to be on her roadmap because it's one of the big ones to get but at this point it's more of a future thought.