Tag Archives: cisa

Kyle and a Conversation about Analytics

kyle bitsA while back, a reader named Kyle and I had a conversation about analytics.

It started with his reading my Excel:Basic Data Analytics post where I list a number of procedures that anyone can do in Excel.

Kyle said he was expecting some “super sophisticated process & methodology that works like magic.”

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Technology

CISA Does NOT an IT Auditor Make

cisa study guide, tipsPassing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.

Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.

I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.

You just won’t feel the love right away…

Continue reading

10 Comments

Filed under Audit, Certification, Employment, How to..., Technology, Written by Skyyler

Use LinkedIn to get an IT Audit job

If you’re looking for an IT Audit job, here’s how to use LinkedIn to get noticed.

new-auditorIn a nutshell, you need to enhance your LinkedIn profile so that everyone knows you’re working hard at learning IT auditor skills.

If you’re already working as an IT auditor, use these suggestions to get noticed more and move ahead (or into another company with more opportunities).

Continue reading

4 Comments

Filed under Audit, Certification, Employment, How to..., Technology

How to get an IT Audit job with little or no experience

I get asked all the time, “How do I get a job in IT audit with little or no experience?”

When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.

You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.

Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.

Continue reading

26 Comments

Filed under Audit, Certification, Employment, How to..., Technology

FREE CISA Exam Practice Questions

cisa study guide, tipsIf you’re looking for FREE practice questions for the CISA exam, I found a good resource.

The site provides over 900 questions for you to test yourself.

Continue reading

35 Comments

Filed under Audit

2014 Top Paying Certs (United States)

Below is a list of the top paying certs for 2014 (including average salary amount).

The list is based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton, completed in October 2013.

After the list, I offer a few comments on some of the certs and the salaries.

Continue reading

14 Comments

Filed under Audit, Certification, Employment, Technology, Top 10

Free CISA Prep: Self-Assessment Exam

cisa study guide, tipsIf you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).

The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”

Continue reading

2 Comments

Filed under Audit, Certification, Free, Security

Why CISSP?

This post answers these questions: Why get the CISSP certification? What has it done for me? What else do I need to know?

Charles, one of my readers, asked me, “Do you have postings related to CISSP?” Not many, but here’s one….

Continue reading

55 Comments

Filed under Audit, Certification, Security, Technology

Master List of CISA Articles

cisa study guide, tipsTo make these posts easier to find (and link to), here’s a list of all the CISA-related posts on this blog, in alphabetical order.
I’ll add other CISA posts as they are written.

Continue reading

9 Comments

Filed under Audit, Security, Technology

FREE CISA Glossary

cisa study guide, tipsISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.

Continue reading

3 Comments

Filed under Audit, Free, Security, Technology

CISA vs. CIA Certification

cisa study guide, tipsIf you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?

Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.

Continue reading

172 Comments

Filed under Audit, Certification, Security, Technology

Biggest Problem in Computer Security

What’s the biggest problem in computer security, according to valsmith at carnal0wnage.attackresearch.com? Well, it’s…

Staffing.

As the author admits, the post leans toward self-promotion of the company, but it makes many good points and deserves a read and a good pondering.

Continue reading

Leave a comment

Filed under Audit, Security

FREE CISA Study Guide

cisa study guide, tipsWhen I was studying for the CISA, I created a 40-page study guide for myself that you can download for free.

If you decide to use it, here’s a couple points to keep in mind:

Continue reading

70 Comments

Filed under Audit, Certification, Free, Technology

Firewalls vs. Fire Hydrants

I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.

If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.

Continue reading

5 Comments

Filed under Security, Technology

Top 7 Reasons for Security Certification

Here’s my top 7 reasons for getting a security certification:

  1. It opens the hiring door. Or more simply stated, employers are looking for them. More and more, if you’re not certified, your resume won’t get past Human Resources. When they scan your application and resume, you’ll end up in the digital delete bucket if the screening software doesn’t see those special letters (CISSP, GIAC, CISA, CCSP, CISM, etc.). Continue reading

31 Comments

Filed under Audit, Certification, Security, Technology, Top 10

Security Certs for Commoners? Nope

SC Magazine’s CISSP! Who Cares? article says that security certifications are not as valuable as they used to be because they are rather commonplace. Too many people going for the same job have the same qualifications. However, that is not my experience, and I disagree with some of the article’s statements.

I earned my CISSP more than 5 years ago. Let’s take a look at a couple companies I’ve worked for and count the CISSPs…

Continue reading

3 Comments

Filed under Security

More on the CisA Exam

cisa study guide, tipsThis topic will be assorted rambles and comments regarding what I now call the “CisA” exam. Check out this post that started it all:  Where is the IS in CISA?

Continue reading

10 Comments

Filed under Audit, Certification, Technology

Where is the IS in CISA?

cisa study guide, tipsWhy do so many IT auditors who pass the CISA know so little about IS and security–and in my opinion aren’t worth hiring* for that and several other reasons?

Well, I think I figured it out. So what clarified my understanding? I took the CISA exam.

Continue reading

10 Comments

Filed under Audit, Certification, Technology

How to Pass Certification Exams

Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:

Continue reading

12 Comments

Filed under Audit, Certification, How to..., Security, Technology

Quote of the Weak (Attacker’s Perspective)

I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?

Continue reading

4 Comments

Filed under Audit, Quote of the Weak

Fun CPEs for CISSPs

Don Donzal, who created www.ethicalhacker.net and ChicagoCon (link now appears defunct), lists 10 ways for CISSPs to earn CPEs (Continuing Professional Education credits) and having fun doing it. Check out his entire article here. He wrote it in 2005, but it hasn’t aged much.

NOTE: I crossed through some of the links to now-defunct sites….remember, this was written in 2009….

Continue reading

1 Comment

Filed under Free, Security