Penetration Testing mailing list archives
Re: Formal audit background for the penetration tester?
From: natron <natron () invisibledenizen org>
Date: Fri, 29 May 2009 14:57:45 -0500
On Fri, May 29, 2009 at 10:18 AM, <lister () lihim org> wrote:
As I am not familiar with the CISA certification or the audit field of work, I'm not sure if this would be a step backward or beneficial to a penetration tester or someone with purely technical skills in InfoSec.
It, as always, depends on your goals. I'm a penetration tester that also performs more classical auditing from time to time and have my CISA. It covers a lot of background on the theory of internal audit, structure, etc, that may not be intuitive, but certainly isn't hard to learn. It was an easy on the technical/security side. If you are currently a penetration tester, you'll have some clients that will like the fact you're a CISA. If you want to go work for a public accounting firm, they will like it too. If you go work in a security department in industry, some there might care... but most people won't care. N ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Formal audit background for the penetration tester? lister (May 29)
- Re: Formal audit background for the penetration tester? natron (May 29)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 29)
- Re: Formal audit background for the penetration tester? Stephen Mullins (May 30)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 31)