Re: Formal audit background for the penetration tester?

On Fri, May 29, 2009 at 10:18 AM, <lister@xxxxxxxxx> wrote:
As I am not familiar with the CISA certification or the audit field of work, I'm not sure
if this would be a step backward or beneficial to a penetration tester or
someone with purely technical skills in InfoSec.

It, as always, depends on your goals. I'm a penetration tester that
also performs more classical auditing from time to time and have my
CISA. It covers a lot of background on the theory of internal audit,
structure, etc, that may not be intuitive, but certainly isn't hard to
learn. It was an easy on the technical/security side.

If you are currently a penetration tester, you'll have some clients
that will like the fact you're a CISA. If you want to go work for a
public accounting firm, they will like it too. If you go work in a
security department in industry, some there might care... but most
people won't care.


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

Relevant Pages

  • Re: Internal Penetration Testing
    ... an internal penetration tester my be ... If nobody is watching then an internal pen test is doubly pointless. ... Information Assurance Certification Review Board ...
  • Re: Verify Your Security Provider -- The truth behind manual testing.
    ... application penetration tester, amongst other things, and the crew I ... because of the problems you mention with highly automated testing. ... Do I really need a Facebook page to be a security expert? ... Information Assurance Certification Review Board ...
  • Commercial Exploit Tools
    ... I work for a DoD organization as a penetration tester. ... grab ourselves a commercial exploitation tool. ... just an opinion and the name of the tool. ... Information Assurance Certification Review Board ...