How To Get In To Security Auditing

Hello all, I am curious on the best path to take to get into security and IT auditing. I am currently a Data Security Analyst and I’m coming up on 2 years of experience. I work on an IT team at a medium-sized company (75 employees) but I am the least technical on the team. I am responsible for writing and maintaining policies, performing GRC audits (ITGCs) for our subsidiaries and Corporate parent, as well as some IDS & vulnerability scanning and management. I also complete web application security audits and assessments from customers which are generally 300-900 questions. I know how to read SOC 2 reports but I obviously don’t perform the audits. I want to get in to the auditing side full time as I like the work and it’s a great balance between technical and the business side. My interest would be in SOC2, PCI-DSS, GDPR, or general IT Security compliance. What is the best way to get in to that industry (I.e. certs such as CISA, CASP or SSCP) ? Are technical skills such as knowledge of vulnerabilities and pen-testing useful or is the business side and management skill set preferred? Any feedback on this would be much appreciated!

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s