Re: Formal audit background for the penetration tester?



On Fri, May 29, 2009 at 10:18 AM, <lister@xxxxxxxxx> wrote:
As I am not familiar with the CISA certification or the audit field of work, I'm not sure
if this would be a step backward or beneficial to a penetration tester or
someone with purely technical skills in InfoSec.

It, as always, depends on your goals. I'm a penetration tester that
also performs more classical auditing from time to time and have my
CISA. It covers a lot of background on the theory of internal audit,
structure, etc, that may not be intuitive, but certainly isn't hard to
learn. It was an easy on the technical/security side.

If you are currently a penetration tester, you'll have some clients
that will like the fact you're a CISA. If you want to go work for a
public accounting firm, they will like it too. If you go work in a
security department in industry, some there might care... but most
people won't care.

N

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Internal Penetration Testing
    ... an internal penetration tester my be ... If nobody is watching then an internal pen test is doubly pointless. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Verify Your Security Provider -- The truth behind manual testing.
    ... application penetration tester, amongst other things, and the crew I ... because of the problems you mention with highly automated testing. ... Do I really need a Facebook page to be a security expert? ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Commercial Exploit Tools
    ... I work for a DoD organization as a penetration tester. ... grab ourselves a commercial exploitation tool. ... just an opinion and the name of the tool. ... Information Assurance Certification Review Board ...
    (Pen-Test)