Passing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.
Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.
I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.
You just won’t feel the love right away…
Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.
When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.
I get asked all the time, “How do I get a job in IT audit with little or no experience?”
When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.
You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.
Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.
Since some of you are newer to the blog, I thought I’d bring a couple of my favorite posts to your attention.
According to CIO magazine, here’s the hot IT jobs (followed by comments by me in italics):
NOTE: IT Auditors, don’t pass over this article!
1. Security specialist/ethical hacker
One specialty, computer forensics, is hot. Forensic labs are almost always behind in their work. Is it due to a lack of good technicians or that forensic folks aren’t cheap? Either answer is good news.