• kennut replied to the topic CISA in the forum Security 10 years, 4 months ago

    think of it, if you’re taking CISA – you need to have a mindset of an IT auditor

    if taking CISM – then you have to have Information Security manager mindset

    but for CISSP is more on operational IT security mindset.

    given that you company is paying for it, just go for it. however, the exam is not easy, a lot of people can pass the exam because…[Read more]

  • I think it’s being debated here in the topics for so long.

    the final word on this -> when it comes to certification, yes, if you have it, congrats and it’s easier for you to get an “interview” not necessary a guaranteed job!

    I have CISA, CISM and CEH, so what? the point as some have mentioned, company are looking for people who can do work and…[Read more]

  • indeed, you’re technically well versed, I did recommend doing something out of being too “technical”. because if you stay technical, you’ll be just there, a techie.

    to move up in the chain, you need to do something different, related to business / corporate world.

    CISA – if you’re want to try IT Audit
    CISM – Info Sec – Managerial
    CISSP – Info…[Read more]

  • simple, certs get you passed HR filtering, whether you like it or not, that’s the reality in this business / corporate world.

    they see that having certs is your own initiatives and serious about the role you’re currently doing.

    other than that, experiences and how you sell yourself counts, otherwise, if you have a lot of certs, but can’t talk /…[Read more]

  • to be frank, it depends on what field you’re doing, let’s say if you passed CISA, and got certified, at the end game, the result of the audit / report will then know if you are really an IT Auditor or not (IT audit can have financial auditors / or techies auditor). I have an ex supervisor who is CISSP, CISM, CISA, etc, long until name card cannot…[Read more]

  • nothing about EC Council, I was given the opportunity to take it and paid by the company for free! took CEH v5 workshop, well, the instructor is OK, but he did skipped hands on for Linux part etc. rest are very theory based, and of course, the fun part was unpatched Windows 2000 and how you use metaspoilt to get in. that was 2007.

    I’m not sure…[Read more]

  • dynamik, hayabusa – thanks, I plan to do CISSP next, failed that end 2007, so plan to do again. Besides, that’s part of my KPI for next year and since it’s paid for exam and course fees, will take a stab at it!

    dont’ save on the supplement for CISM, sometimes, you’ll be surpise that few questionaires are thrown out as bonus and looks exactly the…[Read more]

  • thanks ziggy/awesec,

    I used the review manual 2010, 450 Q&A CISM 2009, 100 Q&A 2009 and 2010 supplement. took me 3 months to prepare.

    the review manual 2010 is very lengthy and to be frank too theory based. in otherwords, very long winded. I then used the Q&A 2009 and the supplements. although the sample questions wont be the exact same type…[Read more]

  • like you, I took CISM last month June 12. Why I took it? well, it’s related to my new job now that I’ve moved on to IT Security, so CISM is just nice. I haven’t got CISSP yet…maybe next year.

    I did CISA because my previous job requires me to be certified as I’m an IT auditor, and took CEH because part of the job is to learn new IT hacking…[Read more]

  • not too sure, it cost like USD499 for the grand-fathering program, if you not successful in applying – USD100 for the admin charges. you get back USD399. so unless you’re into doing most of the domains that are required, then do consider, otherwise, if it’s not related, I’m not sure if it’s worth that $$$ unless your company don’t mind paying it…[Read more]

  • I’m actually more concern on the software that are installed on their machines. I have a case when I did the audit for a client, they have an employee notebook scheme (deducted from their salary over a period of time). Funny thing is the management allowed them to use either licensed Win XP and not. so you use original Win XP, you pay more.…[Read more]

  • perhaps it’s good to set up ground rules for the “outsiders” such as:

    1) all thumbdrive must be surrender for virus/malware scanning
    2) notebooks must be installed with anti virus with latest definition etc
    3) the office or meeting room used by the auditors must be on a separate VLAN or the network port must be disabled until needed
    4) access to…[Read more]

  • sounds familiar! I had that incident too (I am an Internal IT auditor), auditing a company of mine where I used to passed my USB drive around for the auditee to copy files into the thumbdrive. I only noticed that there is a hidden virus when I enable “view all hidden files”, and by then it was too late as the client showed me “print-screen” of the…[Read more]

  • a bit late on this but better late than never! Congrats on the road you took to become a CEH. it’s worth the effort whether you’re doing this in long run in your career or otherwise, it’s better to know more things!

    well done!  🙂

  • I think a lot have been said about CEH here like Unsupported and Hayabusa mentioned. unless you planned to be a techy for your rest of the career (which I don’t think it’s a good idea….). Why am I saying that is, in order for you to go up to the career ladder, you need to be all rounded like Hayabusa said.

    It’s good to know more things that…[Read more]

  • sad to say GPEN or programmes from SANS are not that widely available in Asia region unless sometimes, they do offer courses in Singapore etc, so CEH is more known in Asia country.

    so I would say CEH here for Asia.  ;D

  • well, to be frank, China today is not like the China 20 years ago you’ve read in the newspaper, business and economic in China is booming like mushroom and a lot of companies are moving their business there, and by all means, majority of the products you buy in Walmart or other departmental stores are made in China. and yes, ex-commies, but they…[Read more]

  • Like everyone who have commented, CEH is a beginning level security cert which is heavily focused on tools used by hackers and one should understand how these tools are used and what are the defensive measures against it. It certainly add value to my credentials as I might not be a penetration tester, it’s better to know more things to help you in…[Read more]

  • as far as I know, for the business i’ have audited includes hotels and retailing. This includes also in the region you’re in, for example this is compulsory in the States, whereas in Asia, the awareness is somewhat, still lacking.

    These are the two which PCI is a must due to the regulation from VISA/MC/Amex etc. Not all business will need to go…[Read more]

  • Well, I won’t say CEH is certainly help me in my work (btw, I’m doing IT Audit work, so that’s why I need to have CISA certification to back me up when dealing with clients and management).

    For CEH, I did it for the part where it’s interesting to learn tools used by hackers and such way for defensive purposes etc. I’m fortunate that my company…[Read more]

  • Load More

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?