Passed the CISSP - What Should I Do Next?

I'd like to get a couple more certifications and possibly pursue a career in auditing. I'd prefer to roam contract gig to contract gig, and it seems like this is a career that caters to that kind of lifestyle.

My background is 10+ years in Windows administration/engineering, server admin, hardening, maintenance, patch management, anti virus, etc.

So... What should I get next? CEH, CCNA, CWNA/CWSP? I'm up for suggestions, but I do have one small request - Please rank them in order of difficulty compared to the CISSP. I'm not burnt out, but if I crack open another 1200 page book like the CISSP next week I might just lose it.

Thanks in advance. Although this is my second post, I gotta tell you guys that I've trolled this site and you have all been extremely helpful.

Comments

  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    If you want to aim your career towards auditing then most technical certs won't do you much good. You should be looking at the certs offered by ISACA. However, those certs are for people that have already had years of experience in auditing and risk management. I don't know of an Auditing+ cert.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Sounds a lot like what my goals are as well. I am going to try to get a couple more base technical certs to refresh my network knowledge, then save my pennies for Systems and Network Auditor Certification: GSNA GSEC in another good one. Security Tube Python Scripting and the OSCP are also on the to look at list.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Most of the IS auditors that I work with carry a CISA cert. Check out the ISACA site as jd suggested.
  • bobloblawbobloblaw Member Posts: 228
    Thanks everyone. I'm going to check out the CISA as suggested. 750 pages for the AIO. I'll take it.

    Another quick one - Would getting the Security+ be even worth it at this point after obtaining the CISSP? It seems redundant, but I got a book here and it looks like a breeze comparatively.
  • bobloblawbobloblaw Member Posts: 228
    Just looked, and it seems like the next test for CISA isn't until June. It's not off the table, but I just can't wait that long to take something else. Anything else to check out? I'm open to anything. It doesn't have to be auditing, but just something that coincides with InfoSec and would be beneficial or in demand.
  • RoyalRavenRoyalRaven Member Posts: 142 ■■■□□□□□□□
    If you're even remotely interested in audit, join a local ISACA chapter. The tests are only offered twice a year, but the networking opportunities and presentations that most chapters put on are excellent ways to learn more about what goes on in the industry. I know 10x more about auditing than before I joined and I'm more on the technical side.
  • akazeroakazero Member Posts: 13 ■□□□□□□□□□
    Wait for the CISA. I help out (primary role is in infosec/forensics) on IT audit engagements, and CISA is pretty much the standard. Security+ is redundant if you already have CISSP.
  • bobloblawbobloblaw Member Posts: 228
    Thanks again everyone. Definitely gave me a lot to mull over.

    I'm going to go ahead knock out the Security+ in a week or so. I almost think I could take it blind after railroading a couple practice exams and skimming a recent book I have. If I was paying for it.... nah.

    Also landed on the CEH for now. After reading and speaking with a few people here and locally, it seems like a nice easy one that's interesting to boot. After that CISSP 250 JRR Tolkien riddle test, I'd prefer a 5-6 weeks of easy reading. Plus the book looks so unintimidating sitting next to Shon's book that doubles as a forearm workout/weapon.
  • uyen_nguyenuyen_nguyen Member Posts: 32 ■■□□□□□□□□
    I will relax hehehehe.
    English is my second language. My apology for my grammar errors.
  • instant000instant000 Member Posts: 1,745
    If you're going the angle to pursue auditing, then it helps to try to get the background behind it.


    Certwise:
    CISA makes sense


    Background Learning:
    ISO 27000, ISO 31000, 17000 (International, some of these may cost)
    FISMA / NIST FIPS, SP 800 series, (Free, More Depth)
    HIPAA (Free standard)
    PCI-DSS (Free standard)
    E-Book Service (Safari, Books 24x7, or something similar, to have library of knowledge at your fingertips)


    Balance:
    You need to balance your skillset. (For example, NIST categorizes controls for Managerial, Program Management, Operational, and Technical). You can develop a more complete picture of the risk a system poses, if you can understand the individual parts, as well as how they all fit together. You appear to have a strong technical background. Just focus on maintaining a balance in your skillset.


    Opportunity:
    If you're looking for opportunities with the government, start with studying FISMA, and looking for opportunities. Are you open to moving? You did mention that you didn't mind roaming from gig to gig.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
Sign In or Register to comment.