Penetration Testing mailing list archives
Re: Formal audit background for the penetration tester?
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Sat, 30 May 2009 09:17:47 -0400
I think that this is a huge growth area in IT due to regulatory compliance issues for private sector organizations such as hospitals. I think that much of the work is and will continue to be travel oriented, but that it pays better than your typical 9 to 5 in an office somewhere. The trend is just as you describe, the government is creating legislation that will force organizations to do annual audits. I think this creates an environment in which the "technical skills" you describe are less valuable than the Information Assurance/Certification and Accreditation skills demanded for compliance. I imagine the transition would be fairly easy, provided you have some "people skills" and good written communication abilities to go along with your technical skills. Steve On Fri, May 29, 2009 at 11:18 AM, <lister () lihim org> wrote:
Has anyone transitioned from a purely technical background in InfoSec to the Audit field? What trends are emerging with increased regulatory scrutiny on the rise. Govt/PCI requirements. As I am not familiar with the CISA certification or the audit field of work, I'm not sure if this would be a step backward or beneficial to a penetration tester or someone with purely technical skills in InfoSec. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Formal audit background for the penetration tester? lister (May 29)
- Re: Formal audit background for the penetration tester? natron (May 29)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 29)
- Re: Formal audit background for the penetration tester? Stephen Mullins (May 30)
- Re: Formal audit background for the penetration tester? Aarón Mizrachi (May 31)