Current Articles
"Breaking Audit"
Dear Richard:
I would really appreciate your advice about how to 'break into' IT auditing. I have years of network administration experience and a number of professional credentials such as various Microsoft certifications MCSE 2000, Cisco certifications (CCDA and CCNA), CompTIA certifications and security certifications such as CISSP, Security+ and CEH. Any help with respect to a training path, etc. would be much appreciated. Eventually, I'd like to take the CISA exam but know I'd don't have enough of a background at this point to meet the prerequisites for the exam.
Thank you for your help.
Theresa
Dear Theresa:
The biggest issue that comes into play when trying to break into IT Audit from another profession is compensation expectations. With all of the certifications you have, I would guess that your current compensation is approaching the six figures. The usual trainee positions for IT auditors pay in the range of $40-50K.
Probably the easiest way for you to make the move would be to join a consulting firm that does both information security and IT audit consulting. Such firms could pay you what you are accustomed to earning and gradually help you develop the audit skills you lack. Another strategy to employ is to indulge yourself in some "informational interviews" where you create a list of companies in which you have an interest in working.
Contact the IT audit directors of those firms and ask them for an opportunity to come in to talk to them about how they might suggest you try to break into the IT audit profession. You just might end up with a job offer from them. As for the CISA exam, I would recommend signing up for it right away. Showing that you have taken the step to become CISA certified goes a long way towards convincing a future employer that you would be a highly motivated employee.
I would really appreciate your advice about how to 'break into' IT auditing. I have years of network administration experience and a number of professional credentials such as various Microsoft certifications MCSE 2000, Cisco certifications (CCDA and CCNA), CompTIA certifications and security certifications such as CISSP, Security+ and CEH. Any help with respect to a training path, etc. would be much appreciated. Eventually, I'd like to take the CISA exam but know I'd don't have enough of a background at this point to meet the prerequisites for the exam.
Thank you for your help.
Theresa
Dear Theresa:
The biggest issue that comes into play when trying to break into IT Audit from another profession is compensation expectations. With all of the certifications you have, I would guess that your current compensation is approaching the six figures. The usual trainee positions for IT auditors pay in the range of $40-50K.
Probably the easiest way for you to make the move would be to join a consulting firm that does both information security and IT audit consulting. Such firms could pay you what you are accustomed to earning and gradually help you develop the audit skills you lack. Another strategy to employ is to indulge yourself in some "informational interviews" where you create a list of companies in which you have an interest in working.
Contact the IT audit directors of those firms and ask them for an opportunity to come in to talk to them about how they might suggest you try to break into the IT audit profession. You just might end up with a job offer from them. As for the CISA exam, I would recommend signing up for it right away. Showing that you have taken the step to become CISA certified goes a long way towards convincing a future employer that you would be a highly motivated employee.