Penetration Testing mailing list archives
Re: Formal audit background for the penetration tester?
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Sun, 31 May 2009 02:33:39 -0430
On Sábado 30 Mayo 2009 08:47:47 Stephen Mullins escribió:
I think that this is a huge growth area in IT due to regulatory compliance issues for private sector organizations such as hospitals. I think that much of the work is and will continue to be travel oriented, but that it pays better than your typical 9 to 5 in an office somewhere. The trend is just as you describe, the government is creating legislation that will force organizations to do annual audits. I think this creates an environment in which the "technical skills" you describe are less valuable than the Information Assurance/Certification and Accreditation skills demanded for compliance. I imagine the transition would be fairly easy, provided you have some "people skills" and good written communication abilities to go along with your technical skills.
I agree, legislation will request for a formal audit, not for a simple pentesting. Some other legislations in another countries, force banks to make anually pentesting, not a formal audit. The Reason: the budget for "IT Security" in this countries is too short. --------------------- I have a question: What master, phd, specializations and certifications on information security are recommended for the next years?
Steve On Fri, May 29, 2009 at 11:18 AM, <lister () lihim org> wrote:Has anyone transitioned from a purely technical background in InfoSec to the Audit field? What trends are emerging with increased regulatory scrutiny on the rise. Govt/PCI requirements. As I am not familiar with the CISA certification or the audit field of work, I'm not sure if this would be a step backward or beneficial to a penetration tester or someone with purely technical skills in InfoSec. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Ing. Aaron G. Mizrachi P. http://www.unmanarc.com Mobil 1: + 58 416-6143543 Mobil 2: + 58 424-2412503 BBPIN: 0x 247066C1
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Formal audit background for the penetration tester? lister (May 29)
- Re: Formal audit background for the penetration tester? natron (May 29)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 29)
- Re: Formal audit background for the penetration tester? Stephen Mullins (May 30)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 31)