IT audit or IT security Specialist - Career Advice

shreenagshreenag Posts: 25Member ■■■□□□□□□□
Hello all, Need some career advice here...

So I have been involved in IT for the past 8 years and in Infosec for the past 2 years. earlier I used to be a VoIP Test engineer. Gradually moved into VoIP security and now doing IT audit related activities(remediation, controls testing) for the past 2 years.My concern with IT auditing is this is more of taking screenshots, reading documents updating excel sheets and less of Hands-0n work.

I am interested in becoming a security Specialist but not sure if I can transition into that after nearly 8-10 years of experience.
I am also not sure if I have the required skillset. My technical skill is limited to basic linux usage, basic pen testing skills, QA skills.I do not have any security product experience.I hold certifications in CCNA, CEH, ISO 27001 Lead Auditor and ISO 27001 Lead implementer.I wrote the CISSP but failed -668 and now preparing for the CISA as I am currenty working in IT audit.

I want to return to a more hands-on work and want to be a specialist rather than a IT sec generalist/ IT auditor.My future goal at least in the next 3-5 years is to work as a Security Program Manager in core Tech companies like MIcrosoft, Google,Amazon etc..
or in IT Security Business development in companies like PwC, Deloitte etc..

could you please let me know
  • if its better for me to stick to IT audit /IT sec management or can I move into some specialist role (like Red team/ Blue Team)after these many years of experience.I feel rather shallow after doing IT audit.
  • Should I continue doing CISA- CISSP - CISM or should I now focus on GCIH, GCIA, GPEN, OSCP kind of certifications

Any advice would be appreciated.


Sign In or Register to comment.