Hi,
I am a Service Desk manager and my organization requires that I obtain one of five types of certifications: CISA, CISSP, GSE, SCNA or GCIH.  My background is in technology management, people and processes.  After looking over the choices CISA seems the fit best.
I will need to attend a “boot camp,” and engage in some serious self-study.  But, I wanted to explore other in-class learning that might help.  My ideal model is the UCSD Extension course CISSP.
Any advice is appreciated.
Robert

If you really want to learn something, do CISSP. For the CISA you can study by yourself, and then pass the exam. I warn you that it could be very boring.

For the CISSP I recommend you to read once the Shon Harris's book, and then go to the boot camp. That way you'll benefit most from the boot camp.
Otherwise you'll get lost in the information you'll receive and you'll brain will start thinking at something else, seriously.

GSEC is another good starting point. You'll get some technical skills, not only theory.

You'd have to ask them why they are pentesters. In my opinion many of them should not be. I've found many do not understand risk, and cannot step outside their rather limited compliance mindset for the sake of a checkbox mentality. Understanding why the server team has not been patching servers in a very long time is probably more important than getting a single obscure patch that has a public exploit, but that tends to be the kind of thing my CISA auditors have gone into alarm condition on.

For me personally (and you really need to understand your business culture here to understand what motivates your leadership), I use compliance as a tool for security budget and then do what I can to shoehorn that budget into meeting compliance objectives and addressing real risk based (or in many cases threat surface reduction based) security concerns which usually include pentests both in-house and outsourced.

CISA's also seem to get bogged down in processes like "Oh dear, you have not implemented best practice process number 237?" without understanding that best practices regardless of who defined them are only valid best practices for the organization that developed them or at best the set of organizations that contributed to the standard. I do tend to look at the meta issues myself when problem solving, but some of these process frameworks are quite laborious for no real value add. I don't want to go on an ITIL or CobIT rant because there's actually some really terrific stuff in both ITIL and CobIT (and many other frameworks), but I've had a few auditors that refused to believe an organization was doing the right things unless they were blindly adopting the entirety of some of these frameworks. That's just ludicrous. <insert Logical Fallacy>

Robert024, You ask how I avoided becoming one? I immerse myself in hackery, focus on the core business value that can be derived from my tests and try to remember that compliance pays the bills.

It's only four if you have one of many other certifications or qualifying degree. The CISA also has an experience requirement.