Seeking Advice: Pre-CISA Certifications
Greetings All,
I'm a System Administrator who's very determined to becoming an Auditor and I'm looking for advice. I have already purchased the study guide by Cannon and I have been reading it diligently. Assuming that I pass the exam, I'd still need over 2 years of experience that System Administration doesn't exactly cover. What would be good certifications to get which would help me in landing an Entry-level Auditing position? I have read on another site that Security+, SCCP, or GSEC would be good certifications to look at, but wanted to see what CISA's had to offer on this topic.
Thanks in advance for the feedback!
I'm a System Administrator who's very determined to becoming an Auditor and I'm looking for advice. I have already purchased the study guide by Cannon and I have been reading it diligently. Assuming that I pass the exam, I'd still need over 2 years of experience that System Administration doesn't exactly cover. What would be good certifications to get which would help me in landing an Entry-level Auditing position? I have read on another site that Security+, SCCP, or GSEC would be good certifications to look at, but wanted to see what CISA's had to offer on this topic.
Thanks in advance for the feedback!
Comments
-
vasyvasy
Member Posts: 68 ■■■□□□□□□□
Welcome
In your very first post, you've set the bar for yourself quite high
In my opinion, a certification is just a piece of paper... to quote someone from the forums, even a trained monkey would eventually gain any certification
The most important part is experience and knowledge, period. A certificate is just o proof of them both
If you are really interested in auditing, I can suggest to start small: in your current workplace, make a proposition to your supervisor to get an internal audit going for your department. If everything is going well, expand to other departments, maybe as a part of an audit team
Then, you may seek a certification body in your area that needs a junior/trainee auditor and work for them project-based on your spare time/vacation days
By that time:
- you will surely know if the auditor role suits you
- you will keep your day job
- you will gain experience, as per ISACA requirements
- you will make new friends in this field (and maybe new enemies) that will be invaluable someday
Best of luck! -
colemic
Member Posts: 1,569 ■■■■■■■□□□
As far as certs, I would start with Sec+, and then look at CISSP for study materials - frankly, even with a CISA, a CISSP will probably still be required. (And I thought that CISSP was much easier than the CISA.)Working on: staying alive and staying employed -
j33per
Member Posts: 28 ■□□□□□□□□□
You should find some auditing skills while performing system admin functions... For example: auditing permissions for file level access, auditing backup compliance and/or tape retention, auditing pach levels, legal discovery functions, etc. Be sure to fully capture these opportunities and look for other opportunities to build upon.
Best of luck... -
GoodBishop
Member Posts: 359 ■■■■□□□□□□
I'm assuming IT auditor, not financial auditor.Greetings All,
I'm a System Administrator who's very determined to becoming an Auditor and I'm looking for advice. I have already purchased the study guide by Cannon and I have been reading it diligently. Assuming that I pass the exam, I'd still need over 2 years of experience that System Administration doesn't exactly cover. What would be good certifications to get which would help me in landing an Entry-level Auditing position? I have read on another site that Security+, SCCP, or GSEC would be good certifications to look at, but wanted to see what CISA's had to offer on this topic.
Thanks in advance for the feedback!
I woudl suggest going for Security+ then CISSP. It never hurts to take some accounting courses about auditing - to get a understanding of the "why". -
andhow
Member Posts: 151
GoodBishop wrote: »I woudl suggest going for Security+ then CISSP. It never hurts to take some accounting courses about auditing - to get a understanding of the "why".
I couldn't agree more! As an auditor or a security professional, part of your job is to review the controls which technology is enabling. Sadly, I've seen good, traditional IT controls, and poor design/monitoring of key application (think financial) roles. The good auditors and security professionals are the ones that understand the fundamentals of business processes and know how IT should securely enable them.
Understand role-based security and what it means in both IT and the business. For instance, Segregation of Duties (SoD) are expectations in multiple operational areas where there must be a separation (or enhanced monitoring) of key roles. If/when you explore your CISSP, you'll understand what this means on the IT side of the house. COBIT 5, for instance, will help you understand what this means (conceptually) in the business.
Good luck!
