need help

nidhi0909nidhi0909 Registered Users Posts: 3 ■□□□□□□□□□
i want to start my career as a information security auditor. i completed my engineering in information technology in 2012 and working as a support engineer. i want to switch to information security path. please help me to choose the correct certification. i am confused whether to choose security+, sscp, giac etc. please help..


  • r0ckm4nr0ckm4n Member Posts: 63 ■■□□□□□□□□
    I would go for the Certified Information Systems Auditor (CISA) cert. If your company has an IT Audit group, try to get hired into that group. A lot of times it's easier to get into a position you have little or no experience in, if you already work for the company. I moved into infosec from a sysadmin job, when I got my start in infosec. I also recently moved from pentesting to web app pentesting within the same company. I interviewed with other companies trying to move into web app pentesting, but I was missing certain key skills. My company gladly moved me into a web app pentesting role.
  • chanakyajupudichanakyajupudi Member Posts: 712
    Start studying the security+. Gather more experience.

    In the Indian scenario most of the CISA's are Chartered Accountants.

    Infosec is growing. Studying is not the only way up. Experience matters.

    If there is , chapter in your city. Please join. They are a good place for networking.

    If you need any other details please feel free to get in touch !

    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]

  • nidhi0909nidhi0909 Registered Users Posts: 3 ■□□□□□□□□□
    Thanks a lot for the suggestion. I am trying to get into IT audit group of my company. Right now i am in Sap testing. Will be looking forward for Security+ or penetration testing field before getting into IT audit field.
  • nidhi0909nidhi0909 Registered Users Posts: 3 ■□□□□□□□□□
    Thanks chankya. I will soon get in touch with you to extract some more details regarding the Sans penetration testing or GSEC and GCFW courses.. I really want to get into IT auditing.
  • chanakyajupudichanakyajupudi Member Posts: 712
    GSEC is good. GCFW may not be a choice for the auditing world.

    There is a good way in joining the audit group in your company. They teach you the stuff you neef to know.

    GSNA may be a good option too. But you might have to weigh your ooptios as the courses from SANS are pretty expensive.

    You can get in touch via LinkedIN.

    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]

Sign In or Register to comment.