Passing either exam says that you know the basics, but you still have a lot to learn.
Tag Archives: interview
- Does NOT knows what it takes to get analytics off the ground
- Believes that analytics multiply like rabbits, naturally
- Is NOT willing to make the adjustments required to deliver and sustain real value.
While reading a job description for an IT security analyst recently, I noticed that the details were somewhat vague. The position required so many years of the usual security requirements and experience with routers, firewalls, IPS, but it didn’t mention which ones.
Then I saw this statement, which explained the vagueness:
The Institute of Internal Auditors (IIA) has back-to-basics articles for new auditors (and like Dummies books, the topics can be a reference for the rest of us). Even security pros might want to read a few of these to better understand their auditors, or how those auditors should be doing their jobs.
The topics are as follows (no special order):
I don’t make this stuff up…
In a recent phone interview where I was trying to hire a IT SOX auditor for a short-term project, I had asked most of my interviewing questions. So I asked the candidate, “Do you have any questions for me?”
“You said that this project consists solely of testing IT SOX controls. SOX is now 5 to 6 years old. What is driving this project?”
I swallowed my surprise, and answered, “SOX compliance – annual testing requirements.”
“Oh,” said the consultant, “That makes sense.”
[You know what that means, don’t you? More interviews. Help!]