Abandon ACL and Others, Part 2

This post is in response to Xavier and Grant, who were kind enough to push back a bit on a previous post, Abandon ACL and Others? See their comments on that post.

I will respond to some of their points and reveal some more of my thinking as to why I believe that auditors need to become a LOT more technical.

Some may think I am just digging my hole a little deeper, but I’ve always loved the journey.

Continue reading →

Advertisement

CISSP isn’t as technical anymore

---

Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.

They said it was more of a security manager certification.

Continue reading →

10 Technical Resume Tips

Back in 2007, Steve Yegge listed 10 technical resume tips for people applying for technical jobs. While his focus is programmers, his tips apply to IT staff and auditors, and anyone technical.

Even though the article is 7 year old as of this writing, it still has staying power. I’ve seen each of these tips ignored in countless resumes.

It’s a long article, but very helpful and funny.

Continue reading →

Firewalls vs. Fire Hydrants

I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.

If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.

Continue reading →