Some of these posts are oldies, and yet they are still pulling in plenty of traffic. Check out the list, and see if you missed any of them, especially new readers.
Category Archives: Employment
But in data science, you can generate the experience you need yourself.
You might have seen one of my earlier posts, How to get an IT Audit job with little or no experience. Let me say from the beginning that getting an IT audit job with no experience is easier than a data science job with no experience. But according to an article from KDnuggets, it can be done. And like everything else, it takes hard work.
The article defines data science as “an interdisciplinary field that focuses on solving problems and gathering information.”
A debate on this blog over analytics and the future of internal audit is heating up.
A few readers, including our colleague across the sea, AuditMonkey, have dove in, and skyller and I have responded in kind.
Well, not exactly. AuditMonkey has been more kind, to his credit. But I digress.
If YOUR audit department doesn’t embrace data, analytics, and automation eventually, your audit department will NOT exist.
No data, no analytics. No analytics, no automation. Eventually, no audit department.
Editor Note: This post really applies to all departments in a company, but mainly I’m addressing auditors, but you might want to read between the business lines….
By embrace, I don’t mean have one or two auditors working on this. I mean the entire department.
Before you cite all the regulatory requirements mandating the existence of an audit department in companies, having an audit department in name only won’t cut it.
Having an inept audit department will not be acceptable to regulators, and it shouldn’t be acceptable to company management either. Or Audit Committees!
Companies need skilled and efficient auditors that can do the heavy lifting, and this need will only increase.
Passing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.
Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.
I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.
You just won’t feel the love right away…
In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.
One of the signs is that hiring and promotion decisions are made without reference to a person’s analytic skills.
In my last post, I described Why Internal Auditors Should Care about Robotic Process Automation.
That might seem like a strange question, but a few managers and a VP have asked me just that recently. Here’s how I’ve answered it.
When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.
I get asked all the time, “How do I get a job in IT audit with little or no experience?”
When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.
You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.
Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.
Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
- Provide basic information regarding IT audit and security and links to other sources.
- Help you avoid some of the hidden pitfalls that control owners and auditors face.
- Give you ideas and approaches for some common and uncommon audits.
- Give you a few chuckles.
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
Below is a list of the top paying certs for 2014 (including average salary amount).
The list is based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton, completed in October 2013.
After the list, I offer a few comments on some of the certs and the salaries.
Open letter to you-know-who: Shine your shoes.
I know lots of things don’t matter much in life, and this might be one of them, but it doesn’t take much effort to put some polish on your shoes. It makes your shoes happy, it helps them last longer, and you look better too, which can translate into more confidence on your part. And being taken more seriously by others, especially people older than you.
According to the FBI, crime pays pretty well sometimes, at least for a while. And cybercrimers are hiring. Like the rest of the workforce, crooks are specializing. In this speech, Steven R. Chabinsky, FBI Cyber Division Deputy Assistant Director, discusses the top 10 crooked specialties:
While reading a job description for an IT security analyst recently, I noticed that the details were somewhat vague. The position required so many years of the usual security requirements and experience with routers, firewalls, IPS, but it didn’t mention which ones.
Then I saw this statement, which explained the vagueness:
CSO magazine had a great article some time ago that I came across again entitled, How Not to Hire an Information Security Officer Who’s on Parole. After it describes some true-life hiring horrors, it provides some good points to remember about hiring:
I was reviewing my blog stats and noticed that posts regarding employment and interviewing were my all-time most popular posts. At first, this surprised me, but as I thought about the economy and how many people (including myself) were laid off, it made sense. Here’s my most popular posts to-date:
I don’t make this stuff up…
In a recent phone interview where I was trying to hire a IT SOX auditor for a short-term project, I had asked most of my interviewing questions. So I asked the candidate, “Do you have any questions for me?”
“You said that this project consists solely of testing IT SOX controls. SOX is now 5 to 6 years old. What is driving this project?”
I swallowed my surprise, and answered, “SOX compliance – annual testing requirements.”
“Oh,” said the consultant, “That makes sense.”
[You know what that means, don’t you? More interviews. Help!]
I hear all the time how fierce the competition is out there in job land, but I’m still not seeing it. After more IT auditor interviews, I’m the one that is getting discouraged (and I’m the interviewER, not the interviewEE).
A few weeks ago, I did several phone interviews and concluded that no abundance of skilled IT auditors are looking for jobs these days.
First, isn’t the purpose of the interview to determine what a person’s experience is, and whether that experience is a good match for the position? At least 3 of the interviewees provided negative information about themselves unexpectedly: