2

I'm a *nix sysAdmin for last 5 years. For last one year I've been engaged with PCI-DSS and SAS70 audits at our company and got introduced with Information Security. I have found my interest in InfoSec and reviewing the possibilities on career switch from sysAdmin to InfoSec.

What I've found is that three layers of skills are needed to penetrate fully in InfoSec industry. These are what I think are best for a teche person otherwise I've met some InfoSec auditors with high auditing skills but low computer security sense.

First layer is core technical skill like RHCSS, CEH, Penetration Tester, Forensic Investigator etc Second is technical policy and management stuff like CISSP from ISC2. Third is Auditing and compliance like CISA, CISM etc from ISSACA.

I need opinions from InfoSec community persons on my above thoughts. Thanks

Mustafa Qasim
  • 21
  • 2
  • 1
    What's your question exactly? You'r likely to start a flamewar about the use of certifications :-) – chris Oct 06 '11 at 22:15
  • 1
    Welcome to the IT Security StackExchange. I strongly encourage you to read our [FAQ] and also any existing questions tagged [tag:career]. You may find your question has already been covered in existing threads. Please note that the [FAQ] says this site is for "practical, answerable questions" as opposed to "open-ended questions. Generally, a question should be answerable from an objective standpoint with little to no subjectivity or "opinion" involved. Also, see the "Good Subjective, Bad Subjective" blog post: http://blog.stackoverflow.com/2010/09/good-subjective-bad-subjective/ – Iszi Oct 07 '11 at 02:15

0 Answers0