Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Formal audit background for the penetration tester?

From: natron <natron () invisibledenizen org>
Date: Fri, 29 May 2009 14:57:45 -0500
On Fri, May 29, 2009 at 10:18 AM,  <lister () lihim org> wrote:

As I am not familiar with the CISA certification or the audit field of work, I'm not sure
if this would be a step backward or beneficial to a penetration tester or
someone with purely technical skills in InfoSec.


It, as always, depends on your goals.  I'm a penetration tester that
also performs more classical auditing from time to time and have my
CISA.  It covers a lot of background on the theory of internal audit,
structure, etc, that may not be intuitive, but certainly isn't hard to
learn.  It was an easy on the technical/security side.

If you are currently a penetration tester, you'll have some clients
that will like the fact you're a CISA.  If you want to go work for a
public accounting firm, they will like it too.  If you go work in a
security department in industry, some there might care... but most
people won't care.

N

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: