Seeking Advice: Pre-CISA Certifications

ats1425ats1425 Registered Users Posts: 2 ■□□□□□□□□□
Greetings All,

I'm a System Administrator who's very determined to becoming an Auditor and I'm looking for advice. I have already purchased the study guide by Cannon and I have been reading it diligently. Assuming that I pass the exam, I'd still need over 2 years of experience that System Administration doesn't exactly cover. What would be good certifications to get which would help me in landing an Entry-level Auditing position? I have read on another site that Security+, SCCP, or GSEC would be good certifications to look at, but wanted to see what CISA's had to offer on this topic.

Thanks in advance for the feedback!

Comments

  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    Welcome
    In your very first post, you've set the bar for yourself quite high :)

    In my opinion, a certification is just a piece of paper... to quote someone from the forums, even a trained monkey would eventually gain any certification
    The most important part is experience and knowledge, period. A certificate is just o proof of them both

    If you are really interested in auditing, I can suggest to start small: in your current workplace, make a proposition to your supervisor to get an internal audit going for your department. If everything is going well, expand to other departments, maybe as a part of an audit team

    Then, you may seek a certification body in your area that needs a junior/trainee auditor and work for them project-based on your spare time/vacation days

    By that time:
    - you will surely know if the auditor role suits you
    - you will keep your day job
    - you will gain experience, as per ISACA requirements
    - you will make new friends in this field (and maybe new enemies) that will be invaluable someday

    Best of luck!
  • ats1425ats1425 Registered Users Posts: 2 ■□□□□□□□□□
    Thank you for the valuable feedback, vasyvasy!
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    As far as certs, I would start with Sec+, and then look at CISSP for study materials - frankly, even with a CISA, a CISSP will probably still be required. (And I thought that CISSP was much easier than the CISA.)
    Working on: staying alive and staying employed
  • j33perj33per Member Posts: 28 ■□□□□□□□□□
    You should find some auditing skills while performing system admin functions... For example: auditing permissions for file level access, auditing backup compliance and/or tape retention, auditing pach levels, legal discovery functions, etc. Be sure to fully capture these opportunities and look for other opportunities to build upon.

    Best of luck...
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    ats1425 wrote: »
    Greetings All,

    I'm a System Administrator who's very determined to becoming an Auditor and I'm looking for advice. I have already purchased the study guide by Cannon and I have been reading it diligently. Assuming that I pass the exam, I'd still need over 2 years of experience that System Administration doesn't exactly cover. What would be good certifications to get which would help me in landing an Entry-level Auditing position? I have read on another site that Security+, SCCP, or GSEC would be good certifications to look at, but wanted to see what CISA's had to offer on this topic.

    Thanks in advance for the feedback!
    I'm assuming IT auditor, not financial auditor. :)

    I woudl suggest going for Security+ then CISSP. It never hurts to take some accounting courses about auditing - to get a understanding of the "why".
  • andhowandhow Member Posts: 151
    GoodBishop wrote: »
    I woudl suggest going for Security+ then CISSP. It never hurts to take some accounting courses about auditing - to get a understanding of the "why".

    I couldn't agree more! As an auditor or a security professional, part of your job is to review the controls which technology is enabling. Sadly, I've seen good, traditional IT controls, and poor design/monitoring of key application (think financial) roles. The good auditors and security professionals are the ones that understand the fundamentals of business processes and know how IT should securely enable them.

    Understand role-based security and what it means in both IT and the business. For instance, Segregation of Duties (SoD) are expectations in multiple operational areas where there must be a separation (or enhanced monitoring) of key roles. If/when you explore your CISSP, you'll understand what this means on the IT side of the house. COBIT 5, for instance, will help you understand what this means (conceptually) in the business.

    Good luck!
Sign In or Register to comment.