Just starting out in technical IT career...

razz2525

I've been working in IT for 7 years but mostly in a business capacity, software compliance, asset management and licensing primarily, but I want to gain more technical knowledge and move into the IT auditing/access management field. I have a good basic understanding of IT Governance but perhaps unwisely, I'm taking the CISA exam in a few days thinking that I knew more than I apparently do. A co-worker told me to "get the exam out of the way" since that's the hardest part. So, I took a prep course paid for by my company and I'm in way over my head. I'm scoring an average of 60% on practice exams because certain terminology I'm simply unfamiliar with (like cryptography!).

I like to think positively but I'm not too hopeful about this exam. I need more time and more importantly, more hands-on experience. Is there some other certification or training I can take in order to gain more knowledge of internal controls and networking? Comptia A+?? I figure Comptia Security + will be over my head too. I need a good foundation and understanding of information systems before I can really break into auditing. My job within my IT department is focused more on financial auditing, but I think they'll support me in expanding my role to include a technical role.

Any ideas as to where to start?? Thanks so much.

ibcritn

I think studying for CISSP would be your best bet. Most certs like CCNA, CEH, various Microsoft certs are too technical for what you are looking to do.

CISSP goes through everything servers, networks, systems as a whole and the security concerns....it touches on both technical and business aspects.

I think studying for CISSP would give you the best ROI. You don't have to say go for the cert (would be great if you got it obviously!) I just think reading some books (Shon Harris All-in-one CISSP), or her video training series would be the most helpful.

[Deleted User]

If you are taking the CISA right now and need to know about different terms like 'cryptography' then you NEED to delve into a Security+ book right away. I don't know what is on the CISA but if you are running into stuff like that and you don't know what it is you should atleast try to get that foundation from the S+.

cabrillo24

Regardless of how you do on the exam, you do recognize that you need more training, which is never a bad thing. The CISSP/CISA/CISM type of examination are mid to high level technical/IT managerial focused examinations.

You should have started with your Network+ (I'm not too much of a fan of the A+ certificaiton, unless you're planning on building computers or providing help desk hardware support). Then I would have moved onto Security+. The Security+ exam is geared towards entry level security professionals, but you do need a background in networking, and the Network+ exam does go into a basic overview of security and terminology.

Best of luck on the CISA exam this weekend, I'll be taking it as well. Try to remained focus on the task at hand and complete as many practice exams between now and then. If you're scoring in the 60% you need to get into serious cram mode. Make sure to focus on the biggest domain first.

razz2525

Thanks for the advice. Any recommendations on a good S+ book I could get today?? Also, questions regarding the difference between what a data administrator and what a database administrator do are throwing me! I have no idea about database systems, data marts, etc.

I'm scoring well on IT Governance, Infrastructure/Lifecycle, and IS Audit Process domain questions, but not so great at all on Protection of IS Assets. Should I just be reviewing/re-reading the CISA Review Manual or should I just take practice questions all day and tomorrow?? Many of these questions are not covered in the manuals (like "denial-of-service," "ping of death," "brute force attack," etc., and I just guessed and got that question right even though I'd never heard of these.).

Thanks again!

cabrillo24

razz2525 wrote: »

Thanks for the advice. Any recommendations on a good S+ book I could get today?? Also, questions regarding the difference between what a data administrator and what a database administrator do are throwing me! I have no idea about database systems, data marts, etc.

I'm scoring well on IT Governance, Infrastructure/Lifecycle, and IS Audit Process domain questions, but not so great at all on Protection of IS Assets. Should I just be reviewing/re-reading the CISA Review Manual or should I just take practice questions all day and tomorrow?? Many of these questions are not covered in the manuals (like "denial-of-service," "ping of death," "brute force attack," etc., and I just guessed and got that question right even though I'd never heard of these.).

Thanks again!

When I took my Security+ about 5 years ago, Sybex was the standard, but that may have changed over the years, but they're pretty known to have pretty solid material. I don't think you can go wrong with any Security+ material to be honest, because it's not very grannular, it's a pretty straight forward exam expecting you to know terminologies and best practices.

At this point for your CISA, I would exclusively focus on the Protection of IS Assests, as it will account for 31% of your exam. I would do practice exams today and tomorrow focusing solely on that domain. If you bomb miserably on this domain, you can be assured that you'll find it nearly impossible to pass this exam. Not trying to scare you, but trying to emphasize to you that at this point and time, if this is your weakest domain, this is where you absolutely most focus on.

I would recommend going to the CCCURE website, and go their quiz section. They have a pretty good testing engine on there that is web based and free. Make sure you select "CISA", as by default the CISSP engine is pre-selected. Focus on the domain you're having most trouble with. Do sets of 10 questions at a time, and when you're feeling more comfortable, move on to 25 and so forth. But these next 2 days, if you can, every free second you have, should be dedicated to this domain.

alan2308

razz2525 wrote: »

Any recommendations on a good S+ book I could get today??

The guys in the Sec+ section really like this book, though it's not in stores last I heard.

Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide (9781439236369): Darril Gibson: Books

veritas_libertas

alan2308 wrote: »

The guys in the Sec+ section really like this book, though it's not in stores last I heard.

Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide (9781439236369): Darril Gibson: Books

+1, I here it's excellent!

earweed

alan2308 wrote: »

The guys in the Sec+ section really like this book, though it's not in stores last I heard.

Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide (9781439236369): Darril Gibson: Books

+1, it's gotten great results for a lot of people studying for the Sec+

razz2525

I got the S+ book and I like it already! Very well written. For future studying, are there comparable books for Network+? I'm seeing good reviews for Todd Lamine's study guide on the subject. Thanks!

rogue2shadow

razz2525 wrote: »

I got the S+ book and I like it already! Very well written. For future studying, are there comparable books for Network+? I'm seeing good reviews for Todd Lamine's study guide on the subject. Thanks!

I heard Mike's All-In-One series books are always great. Definitely check out professor messer's free videos for Net+ as a supplement:

Professor Messer's Free CompTIA Network+ Certification Training Course | Professor Messer - CompTIA A+, CompTIA Network+, Certification Training