I am currently an IS Auditor. I did not start my career as an auditor but have come by my experience through various experiences with IT. However, I am interested in pursuing Information Security but am not sure what type of additional education I would need. I have a BS in International Management, just to give you an idea of my educational background.
With your background and current work focus, I'd recommend checking out the ISACA (www.isaca.org) Certified Information Systems Auditor (CISA) credential as a good place for you to get started. It includes some security content and will help you get going in your new direction.
After that, I recommend the following sequence of credentials, all of which you can tackle self-study (or take classes, if you can get employer funding):
- CompTIA Security+ certification
- ISACA Certified Information Security Manager (CISM) or ISC-squared Certified Information Systems Security Professional (CISSP) or SANS (www.giac.org) intermediate level stuff (If this interests you, you'll be better off taking the SANS GSEC instead of Security+ for your first cert.)
After that, there are more advanced credentials that you can pursue. Feel free to write again if you need more information.
Good luck with your upcoming certification efforts.
For more information on this topic, visit these other SearchSecurity.com resources:
Career and Certification Tip: The vendor-neutral security certification landscape
Best Web Links: Infosec Training, Careers and Events
Featured Topic: Climbing the infosec career ladder
Dig Deeper on Information security certifications, training and jobs
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.