Re: Formal audit background for the penetration tester?

[Aarón Mizrachi <unmanarc () gmail com>]

On Sábado 30 Mayo 2009 08:47:47 Stephen Mullins escribió:
> I think that this is a huge growth area in IT due to regulatory
> compliance issues for private sector organizations such as hospitals.
> I think that much of the work is and will continue to be travel
> oriented, but that it pays better than your typical 9 to 5 in an
> office somewhere.
>
> The trend is just as you describe, the government is creating
> legislation that will force organizations to do annual audits.  I
> think this creates an environment in which the "technical skills" you
> describe are less valuable than the Information
> Assurance/Certification and Accreditation skills demanded for
> compliance.
>
> I imagine the transition would be fairly easy, provided you have some
> "people skills" and good written communication abilities to go along
> with your technical skills.

I agree, legislation will request for a formal audit, not for a simple 
pentesting.

Some other legislations in another countries, force banks to make anually 
pentesting, not a formal audit.

The Reason: the budget for "IT Security" in this countries is too short. 

---------------------

I have a question:

What master, phd, specializations and certifications on information security 
are recommended for the next years?

> Steve
>
> On Fri, May 29, 2009 at 11:18 AM,  <lister () lihim org> wrote:
> > Has anyone transitioned from a purely technical background in InfoSec to
> > the Audit field?
> >
> > What trends are emerging with increased regulatory scrutiny on the rise.
> >  Govt/PCI requirements.
> >
> > As I am not familiar with the CISA certification or the audit field of
> > work, I'm not sure if this would be a step backward or beneficial to a
> > penetration tester or someone with purely technical skills in InfoSec.
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

-- 
Ing. Aaron G. Mizrachi P.    

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1

Attachment: signature.asc
Description: This is a digitally signed message part.