Please upgrade your web browser

These pages are built with modern web browsers in mind, and are not optimized for Internet Explorer 8 or below. Please try using another web browser, such as Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Google Chrome, Mozilla Firefox, or Apple Safari.

Entrance into the IT Security Risk & Auditing Profession

Veteran

Windle L. Riles Jr. (CISM, PMP, ITILv3) Oceanside, CA

Experienced IT and Cyber Network Systems Manager transitioning in a few months. Interested in pursuing a career as an IT Security Auditor. Looking to gain an additional information about the profession. As well as any additional skills or certifications I may need.

Semper Fi!

4 June 2017 5 replies General

Answers

Advisor

Alyson Iuchs Edwards, CA

Many healthcare organizations are relying on technology to record things like patient medical records and their billing records, as well as business oriented records like accounting and payroll. This reliance on tech leaves these organizations vulnerable because hackers can find a way into the organization’s database and access these important files.

This is such a problem that 50% of data breaches are caused by criminals and one of these breaches could cost over $2.2 million to fix! So, it’s safe to say that there will always be a demand for an IT Security Auditor. More info on data breaches can be found here: https://cahsonline.uc.edu/resources/him/infographics/building-up-hospitals-immunity-to-cyber-security-breaches/

To become an IT Security Auditor, you’ll need to have at least a bachelor’s degree in Computer Science, Cyber Security, or a technical field related to the career. Fortunately, this is fairly easy to obtain – especially since many universities, like Norwich University, offer accredited online course: https://online.norwich.edu/degree-programs/masters/information-security-assurance/overview

Skills you should have before applying to this position will vary, but ideally you should have a working knowledge of:

· Regulatory and industry data security standards (e.g. FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA)
· ISO 27001/27002, ITIL and COBIT frameworks
· Windows, UNIX and Linux operating systems
· MSSQL and ORACLE databases
· C, C++, C#, Java and/or PHP programming languages
· ACL, IDEA and/or similar software programs for data analysis
· Fidelis, ArcSight, Niksun, Websense, ProofPoint, BlueCoat and/or similar auditing and network defense tools
· Firewall and intrusion detection/prevention protocols

In terms of experience, this is a mid-level role, therefore most employees are expected to have 3 to 6 years of experience working in the IT field. Once you do become an IT Security Auditor, you can expect to earn between $64,000 to $74,000 to start. Source: https://www.glassdoor.com/Salaries/it-security-auditor-salary-SRCH_KO0,19.htm

If maybe down the road you’d like to try for a Senior Security Auditor, you’ll need to have at least 5 years of experience. So while it may take some time to get there, you can expect to make anywhere from $95,000 to as much as $159,000. Of course, it is worth noting that the salary will depend on the company.

22 March 2018 Helpful answer

Advisor

John Green Cary, NC

You may enjoy better recognition through this program :

http://www.umuc.edu/academic-programs/cyber-security/index.cfm

Check salary guides here :

https://www.roberthalf.com/workplace-research/salary-guides

5 June 2017 Helpful answer

Veteran

Charles Rounds Miami Beach, FL

You can check out this list put together by the NIST:

https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content

Veteran

Windle L. Riles Jr. (CISM, PMP, ITILv3) Oceanside, CA

Thanks Claudio! Appreciate it.

Advisor

Claudio A Norwalk, CT

Hi. I would suggest you look into CISA certification and programs that have internship/relationship with companies that will let you gain some experience in IT security. SAN also has a few certification programs which are good.

Before venturing off realize that IT security is a huge domain and that you can be a generalist or a specialist. Do some homework and figure out what you like and what has the best prospects.

Feel free to reach out to me if you have any questions.

Best
Claudio

Your Answer

Please log in to answer this question.

Sign Up

You can join as either a Veteran or an Advisor.

An Advisor already has a career, with or without military experience, and is willing to engage with and help veterans.
Sign Up as an Advisor.

A Veteran has military experience and is seeking a new career, or assistance with life after service.
Sign Up as a Veteran.