I'm one of the guys who are very interested in security field.

I've been thinking the path of security auditor as my final destination.
But I don't know what should be the first step for it.
As a matter of fact, I passed CISA(Certified Informaiton System Auditor
hosted by ISACA) exam last year but still it needs 5 years more career in
practical business to get the real certification. Or what else carrer is
helpful for me to become security auditor sooner or later?

I don't have any special portfolio yet. How can I show my advantage over
security field?
Any guidance or advice will be pretty appreciated.

Kevin:

Having recently been banged around a bit on account of some security issues,
my advise is that you go out and get yourself a copy of Hacking Exposed (the
latest edition) and start playing with all sorts of utilities.

You can get this certification and that, which is always good, however, I
hope you can use the following experience as food for thought.

I went out and got my MCSE. By the skin of my chinny chin chin I was able
to squeak by when they were about to retire the NT4 certs. So there I am,
all warm and fuzzy about having this cert and blah blah.

Fast forward and I had an interview with a security firm, of all things and
the first words out of my mouth were that I just got my MCSE and yadda
yadda. I could have told the guy that I had just purchased a ticket to a
Redsox game and have gotten a stronger reaction.

I think that its a lot about what you know and when it comes to something
like security, I think that being able to do things is more important than a
cert.

But thats just my 2 cents worth.

Best wishes in your pursuits.

Curious George
"Kevin Koo" <kevin_koo@mail.utexas.edu> wrote in message
news:ctmq2r$lin$1@geraldo.cc.utexas.edu...