Here’s the 5 things I’m hoping will change in 2018 regarding ACL.
They are all related to each other and feed off each other…
When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.
Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
If you’re an auditor, you need data analytic skills or you will die.
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
ISC2, the organization that awards the CISSP certification, provides 1 FREE webcast about the 10 CISSP security domains, as well as several FREE webcasts about the CISSP concentrations.
I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.
Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.
ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.
The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).
I read a blog post that quoted a security professional saying, ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”
That definitely got me going, so I left a comment that explained why I disagreed with that statement.
ACL.com just launched virtual classroom training in North America. Check it out at www.acl.com/virtual_classroom (if that doesn’t work, try here, as they keep changing the URLs).
Sorry, but the virtual classroom was discontinued, according to ACL. See Nav’s comment about this.
Free training does still exist, so see my posts regarding Free ACL Bootcamp Training and ACL Tutorials on YouTube. Also check out the most popular post on this blog, Teach Yourself ACL.
According to CIO magazine, here’s the hot IT jobs (followed by comments by me in italics):
NOTE: IT Auditors, don’t pass over this article!
1. Security specialist/ethical hacker
One specialty, computer forensics, is hot. Forensic labs are almost always behind in their work. Is it due to a lack of good technicians or that forensic folks aren’t cheap? Either answer is good news.