Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

basics logo Security Basics mailing list archives

Re: IT Manager to CISO
From: olufemimogaji () gmail com
Date: Thu, 28 Apr 2011 04:51:23 +0000
Hi All,

Thanks for all for all your input. Your thoughts seem to follow a familiar pattern:. CISSP, SANS and CISM. Soon as I 
read all these emails I called a training firm I knew and booked for their CISSP training. 

Thanks again!

Femi M.

------Original Message------
From: James Alcasid
To: olufemimogaji () gmail com
Cc: security-basics () securityfocus com
Subject: Re: IT Manager to CISO
Sent: 28 Apr 2011 00:51

Femi,
Certification wise if you do not already have your CISSP you should study for it or at least have a Security+. The CISA 
and CISM are also credentials that may be appropriate for a CISO. You may also look into the SANS courses in infosec 
management. What would really be of great value is formal education on the principles of risk management and continuity 
of operation. Project management skills and understanding the project life cycles are important. Are you familiar with 
COBIT? Does your organization have internal auditors? Know those people, they are your friends. Who does the external 
audit? Get to know those people as well.


On Apr 27, 2011, at 4:37 AM, olufemimogaji () gmail com wrote:



Hi all,

I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we 
follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told 
I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with 
ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get 
to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to 
question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and 
this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of 
guiding light will be highly appreciated.

Regards,

Femi M.




Sent from my BlackBerry® Smartphone



Sent from my BlackBerry® Smartphone






Sent from my BlackBerry® Smartphone

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]