Anyone know anything about becoming a CISA?

seems like a market that will always be around.... anyone know how tough it is to get into? what is pay scale? how does one get required experience?

Find more posts tagged with

Comments

carboncopy

I remember seeing a pay chart showing CISA getting paid in the 6 figure range. Look in the ISACA site. They list requirements.

coffeeking

4 years of full time experience in one of their listed domains, from what I have heard their criteria of what they count as experience isn't that extensive, only they can tell you this better, just send them an email listing your experience and they should be able to tell you. Also, it is not a technical cert, more of a management cert and from what I have heard it is not one of the tough ones. I work with a few guys who have this is and I don't think anyone of them ever failed it....I can't confirm anything because I don't have one yet, but just things I have heard. GOOD LUCK!

JDMurray

People with the CISA cert are usually IT auditors that work with compliance auditing for SOX, GLBA, HIPAA, etc. Auditors belong to professional organizations like The Institute of Internal Auditors (IIA). You need to work for several years as a professional auditor to qualify for the CISA.

eMeS

From what I recall it ends up being 3 years of experience in any combination of the ISACA job practice areas. 2 years credit is given for having a bachelor's degree, and if I remember correctly only 2 years of experience from the total 5 can be substituted by other means.

In any event, the job practice areas are sufficiently broad. As was previously posted, this is more of a management than a technical cert, and if you've done that type of management-level work then it is likely covered in one or more of the job practice areas. Either you've done this type of work or you haven't, and there's really not much else to it...

The toughest thing that I recall about the exam was getting up early on Saturday and sitting somewhere for 3 hours so that I could get through all 200 (I think) questions. Definitely not as easy as the PMP but certainly as tedious. This is not an exam that can be passed without knowing the material or sufficient study; I procrastinated quite a bit and didn't study enough, but I had setup an ISO/IEC 20000 audit program as well as managed an organization's regular response to SAS 70 audits in the past, so I knew enough about the theory to pass this exam. Honestly, when I completed the exam I wasn't certain whether I had passed or not.

I remember that submitting the proof of experience was a somewhat convoluted process. ISACA required quite a bit of documentation to establish that I met the experience requirements, and I had to submit an official copy of my bachelor's transcript.

Overall, earning the CISA has had relatively no effect on me or my business at this point. That might be a different story if I were going at IT auditing full force and put myself out there as someone who is here to *****-slap IT audits, but I'm not. I would be a bit dubious about salary projections for the any certifications, as it seems to me that the vendors of these certs or the people that sell training for them would want these to skew on the high side. There are too many factors other than a cert that go into anyone's compensation.

Here's the thread I posted when I recently passed the CISA: http://www.techexams.net/forums/general-certification/41489-i-am.html

Best wishes to you,

MS

tdean

thanks for the replies guys. damn, im frustrated. seems like a catch 22. need the experience to get the title, but cant afford the pay cut to start back at the bottom for 3 years. im really looking for somehting to augment my current IT skills and make myself more marketable, make a little more $$, but more importantly, open new doors for me. im kind of sick of the "net admin at someone's business" career path. it could be bad experiences from my last 2 jobs... i just dont know how to get anything at a decent company. i hear people talking about how great their jobs are... they make all this cash, great benefits, interesting company etc etc.... i just have no idea.

ugh.

eMeS

tdean wrote: »

thanks for the replies guys. damn, im frustrated. seems like a catch 22. need the experience to get the title, but cant afford the pay cut to start back at the bottom for 3 years. im really looking for somehting to augment my current IT skills and make myself more marketable, make a little more $$, but more importantly, open new doors for me. im kind of sick of the "net admin at someone's business" career path. it could be bad experiences from my last 2 jobs... i just dont know how to get anything at a decent company. i hear people talking about how great their jobs are... they make all this cash, great benefits, interesting company etc etc.... i just have no idea.

ugh.

My advice to you would be to design, implement, and manage an audit program as a "net admin at someone's business". Whether the business you're working for is requesting it or not, you can develop quite a bit of useful experience that will eventually accumulate to meet the requirements of the CISA. You might also be seen as someone taking the bull by the horns, which will look good on your resume and might get you into one of these great jobs of which you speak.

It is my experience that almost all businesses are subject to some type of audit. There is plenty of opportunity here IMO....

MS

tdean

eMeS wrote: »

My advice to you would be to design, implement, and manage an audit program as a "net admin at someone's business". Whether the business you're working for is requesting it or not, you can develop quite a bit of useful experience that will eventually accumulate to meet the requirements of the CISA. You might also be seen as someone taking the bull by the horns, which will look good on your resume and might get you into one of these great jobs of which you speak.

It is my experience that almost all businesses are subject to some type of audit. There is plenty of opportunity here IMO....

MS

hmmm, thats so crazy it just might work!

seriously though, i know what you're saying... nothing is stopping me from doing it as i work somewhere anyway. if they are audited, the info is already there. i could use my next job as my own lab.

Paul Boz

I work with a CISA and he's definitely not in the six figure range. A lot of non-auditors have the CISA, at least in the financial industry. Many large (top 100 in assets) banks and credit unions have a CISA on staff for policy development and business continuity. In my experience many of the CISA certified individuals which I have met are often high management (Sr VP of IT, CSO, etc).

JDMurray

I should point out here that people are not handed $100K+ jobs simply for passing the CISA, CISM, or CISSP certification exam. It's their prior work experience that gets them 90% of that salary and the cert(s) help with getting the other 10%.

LarryDaMan

JDMurray wrote: »

I should point out here that people are not handed $100K+ jobs simply for passing the CISA, CISM, or CISSP certification exam. It's their prior work experience that gets them 90% of that salary and the cert(s) help with getting the other 10%.

Truer words were never written. No organization is going to expose themselves to the massive liabilities that could be incurred due to a faulty audit or inadequate security just because you have a CISSP or CISA.

That is why it is very rare for someone to break into security without first having other related experience. An entry level security job could almost be considered an oxymoron.