Thinking of CISA cert next.... good idea?

djasonslickdjasonslick Member Posts: 42 ■■□□□□□□□□
Hi - I'm a IT Security Professional with 20 years of IT experience now. Have had a diverse background of experiences over the years. I passed CISSP in January and starting to think of what's next.
I've become interested in the GRC - Risk Assessment/Compliance lane of security and think I may want to specialize.
I believe I may like the role of an IT auditor. Had an interview with E&Y earlier this year - Did not get an offer - but was impressed with org and culture of the organization and job itself. I like the travel/remote aspect of these jobs.

Anyway, I'm thinking CISA may be a good next step to get me into this type of a job/lifestyle.
Does anybody have any other input/thoughts/ideas that may re enforce or change my mind?

Thanks in advance everyone!

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    To apply for CISA, you need to have real audit experience... So get an auditor job, then get your CISA..
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    To apply for CISA, you need to have real audit experience... So get an auditor job, then get your CISA..

    No you don't need IT Audit experience to become a CISA.

    Once a CISA candidate has passed the CISA certification exam and has met the work experience requirements, the final step is to complete and submit a CISA Application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
    • A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
    • 60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
    • A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
    • A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
  • E Double UE Double U Member Posts: 2,240 ■■■■■■■■■■
    I've become interested in the GRC - Risk Assessment/Compliance lane of security and think I may want to specialize.

    How about CGEIT?

    CGEIT Exam Job Practice: 2013
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I'm considering going for this cert early next year. From what I've gathered, it should be relatively easy to pass for a person with related work experience and it seems very popular among job postings. I normally spend several months studying for a cert and I may only slate 6-8 weeks for this one. I could be wrong.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    I no longer work as a dedicated auditor so I let it drop off my hamster wheel of constant CPEs and annual dues. Really, its not about the number of acronyms after the name but how effective you are at the position at hand.

    - b/eads
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Since you passed CISSP, and are interested in GRC, CISA is a great choice! so is CISM
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • beniisanbeniisan Member Posts: 9 ■□□□□□□□□□
    I think if you want to work as an auditor, the CISA will help you to get that job.
    But as you already has the CISSP cert, it won't give you a bug burst in knowledge...
Sign In or Register to comment.