Information Security Career - How would you map the skills

manu27001manu27001 Member Posts: 13 ■□□□□□□□□□
A good career in Information Security has been a dream for many.
Currently the Info Sec area is pretty wide and you have to smartly choose your career path in order to make yourself special and valuable in front of potential employers.

I have seen roles like,

1. Security Administrator
2. Security Professional
3. Security Manager
4. Wireless Security Professional
5. Ethical Hacking Specialist
6. Cisco Security Professional
7. Security Auditor
8. Forensic Investigator
9. Penetration Tester

and many more ..

I think, Since each of the above roles require different mix of skills, everyone should wisely choose the certification path they require for their dream job.

For me,

Since 2000, I am a MCSE, MCDBA, CCNA and has been working as Network Engineer / Manager . Last year I took ITIL certification and now my plan is to concentrate on Info Sec field.

I have written CISSP exam , waiting for the result and next I will be doing

ISO 27001 LA ( lTo earn ISO 27001 in depth )
CHFI ( I like this)
CEH ( To polish my skills )

and then

CISM ( Be the Manager )

Keatron , JD , do you think this is a smart move? Your advise will be really helpful.

Thanks,
Manu

Comments

  • manu27001manu27001 Member Posts: 13 ■□□□□□□□□□
    I guess I should think of CISA before CISM ....

    Before being a Sec Manager, I wish to have good working experience in Auditing and Forensics ..
  • eMeSeMeS Member Posts: 1,875
    manu27001 wrote: »
    ISO 27001 LA ( lTo earn ISO 27001 in depth )

    Question: What is ISO 27001 LA?

    The only individual ISO/IEC 27* certifications that I'm aware of are:

    Information Security Foundation based on ISO/IEC 27002 - EXIN Exams

    and

    Information Security Management Advanced based on ISO/IEC 27002 - EXIN Exams

    I'll be taking these sometime in 2010...

    MS
  • gotcha88gotcha88 Member Posts: 2 ■□□□□□□□□□
    manu27001 wrote: »
    A good career in Information Security has been a dream for many.
    Currently the Info Sec area is pretty wide and you have to smartly choose your career path in order to make yourself special and valuable in front of potential employers.

    I have seen roles like,

    1. Security Administrator
    2. Security Professional
    3. Security Manager
    4. Wireless Security Professional
    5. Ethical Hacking Specialist
    6. Cisco Security Professional
    7. Security Auditor
    8. Forensic Investigator
    9. Penetration Tester

    and many more ..

    I think, Since each of the above roles require different mix of skills, everyone should wisely choose the certification path they require for their dream job.

    For me,

    Since 2000, I am a MCSE, MCDBA, CCNA and has been working as Network Engineer / Manager . Last year I took ITIL certification and now my plan is to concentrate on Info Sec field.

    I have written CISSP exam , waiting for the result and next I will be doing

    ISO 27001 LA ( lTo earn ISO 27001 in depth )
    CHFI ( I like this)
    CEH ( To polish my skills )

    and then

    CISM ( Be the Manager )

    Keatron , JD , do you think this is a smart move? Your advise will be really helpful.

    Thanks,
    Manu

    for CISM, u need 5 years of info sec experience mate!
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    eMeS wrote: »
    Question: What is ISO 27001 LA?
    MS

    ISO 27001 is the framework for Information Security best practices; and LA is the lead auditor.

    ISO 27001 is not an individual certification but something a department or a company as a whole would adopt as their framework and then the LA would go in and audit them against that framework. An LA is ideally a consultant working for a risk and governance services company.

    There is another role of Lead Implementer (LI); and there is training available for it, this would be the guy in your department if you were to adapt the standard. This guy would design, modify and create procedures, policies and processes that would reflect this standard in a given department of organization.

    ISO 27001 used be ISO 17799.

    I can give you more information on it since we have adopted this standard over the period of last year and are currently waiting to be audited and get the certification.
  • eMeSeMeS Member Posts: 1,875
    coffeeking wrote: »
    ISO 27001 is the framework for Information Security best practices; and LA is the lead auditor.

    ISO 27001 is not an individual certification but something a department or a company as a whole would adopt as their framework and then the LA would go in and audit them against that framework. An LA is ideally a consultant working for a risk and governance services company.

    There is another role of Lead Implementer (LI); and there is training available for it, this would be the guy in your department if you were to adapt the standard. This guy would design, modify and create procedures, policies and processes that would reflect this standard in a given department of organization.

    ISO 27001 used be ISO 17799.

    I can give you more information on it since we have adopted this standard over the period of last year and are currently waiting to be audited and get the certification.

    Thanks, but I think my question must not have been clear. I know what the ISO org certs are and what a lead auditor is.

    What I don't know is where is an official lead auditor certification being offered for individuals.

    What I was hoping for was a link to the certification program for it, as the only ISO 27K individual certs that I am aware of are the ones currently offered by Exin. Is the lead auditor simply just a training class that training companies put on on their own, or is there some official ISO/IEC backed credential similar to some of the other individual credentials that can be eanred around various ISO certs (e.g., ISO/IEC 20000 Consultant).

    MS
  • manu27001manu27001 Member Posts: 13 ■□□□□□□□□□
    Hi MS,

    Visit the following website ,

    Training
  • manu27001manu27001 Member Posts: 13 ■□□□□□□□□□
    Of course Gotchaa , I know , CISM needs 5 years exp ... I was not going to take it tomorrow ... I was just planning , u know ...
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    eMeS wrote: »
    Thanks, but I think my question must not have been clear. I know what the ISO org certs are and what a lead auditor is.

    What I don't know is where is an official lead auditor certification being offered for individuals.

    What I was hoping for was a link to the certification program for it, as the only ISO 27K individual certs that I am aware of are the ones currently offered by Exin. Is the lead auditor simply just a training class that training companies put on on their own, or is there some official ISO/IEC backed credential similar to some of the other individual credentials that can be eanred around various ISO certs (e.g., ISO/IEC 20000 Consultant).

    MS

    My bad, I must have misunderstood it.

    Well, manu27001 has already provided the link for you. I haven't been on the training myself but my colleagues went for it and if I am not mistaken they must gone with BSI. I can confirm that if you like.
  • eMeSeMeS Member Posts: 1,875
    coffeeking wrote: »
    My bad, I must have misunderstood it.

    Actually it was mine...I was wiped out yesterday and somehow when I typed up that question, I only got out about 1/4 of what I wanted to say.

    BTW, I'm very likely coming to your part of the world soon....perhaps we can get together for some, um, coffee?
    coffeeking wrote: »
    Well, manu27001 has already provided the link for you. I haven't been on the training myself but my colleagues went for it and if I am not mistaken they must gone with BSI. I can confirm that if you like.

    Here's the direct link to BSI's courses for ISO 27k: ISO/IEC 27001:2005 - Information security management system lead auditor: Five day course

    In my experience, BSI offers about the best training for many of the ISO certs.

    However, having seen a number of people that claim "lead auditor" and "lead consultant" credentials seems a bit odd to me. I know of no officially ISO/IEC recognized individual credentialing system that bestows these credentials for any ISO/IEC spec. There are however some certified consultant and certified auditor credentials that are valid. I could be missing it, but what I really think is happening is that individual organizations are creating their own training and offering to credential people as lead auditors and lead consultants. Very similar to BSI's "HISP" certification, which almost no one outside of BSI understands. Kind of strange thought when you meet people from BSI...if they are HISP certified, their business cards will almost always say "HISP Level X", and then if you're like me you have to go look up what "HISP" means....

    This all seems a bit odd to me and almost contrary to the purpose of ISO/IEC, which is standardization.

    The other thing that I would like to see in this area is all of the training providers/exam providers getting on the same page. BSI references ISO/IEC 27001 in the course title, whereas Exin for their exams references ISO/IEC 27002 in the exam titles. I know for a fact that the BSI training and Exin's exams actually cover the ISO/IEC 27000 series, and not specifically just 27001 or 27002. As many here know, there is a difference, although one that would probably only makes sense to someone regularly exposed to ISO certifications.

    To the OP, I'd be very careful about getting any of the lead auditor or lead consultant credentials that many companies offer. However, if you are going to do it, BSI is likely to be one of the most reputable places from which you could earn it.

    MS
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    eMeS wrote: »
    BTW, I'm very likely coming to your part of the world soon....perhaps we can get together for some, um, coffee?
    MS

    Sweet deal...what are you coming for? I am guessing to deliver training courses. But, sure just PM me whenever you are about to be here and I would love to get together, and sure we can have some Coffee. I am out for next couple of weeks; annual leave, but I am assuming that you wouldn't heading down here until after Christmas.
  • eMeSeMeS Member Posts: 1,875
    coffeeking wrote: »
    Sweet deal...what are you coming for? I am guessing to deliver training courses. But, sure just PM me whenever you are about to be here and I would love to get together, and sure we can have some Coffee. I am out for next couple of weeks; annual leave, but I am assuming that you wouldn't heading down here until after Christmas.

    Coming to do an ITIL gap analysis. Details and timing aren't clear yet. I'm willing to do it over Christmas, but it remains to be seen the exact date that the customer wants it. It's likely to occur in January.

    MS
  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    eMeS wrote: »
    Coming to do an ITIL gap analysis. Details and timing aren't clear yet. I'm willing to do it over Christmas, but it remains to be seen the exact date that the customer wants it. It's likely to occur in January.

    MS

    Just shoot me a PM when you are here; will get together.
Sign In or Register to comment.