Re: Formal audit background for the penetration tester?

On Fri, May 29, 2009 at 10:18 AM, <lister@xxxxxxxxx> wrote:
As I am not familiar with the CISA certification or the audit field of work, I'm not sure
if this would be a step backward or beneficial to a penetration tester or
someone with purely technical skills in InfoSec.

It, as always, depends on your goals. I'm a penetration tester that
also performs more classical auditing from time to time and have my
CISA. It covers a lot of background on the theory of internal audit,
structure, etc, that may not be intuitive, but certainly isn't hard to
learn. It was an easy on the technical/security side.

If you are currently a penetration tester, you'll have some clients
that will like the fact you're a CISA. If you want to go work for a
public accounting firm, they will like it too. If you go work in a
security department in industry, some there might care... but most
people won't care.


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.