Degree vs. certification: Entry-level IT auditor


Earning a degree and earning professional certifications are the two main ways to demonstrate acquired competency through education. The IT auditor career path has room for both, but what if you were to choose only one of those methods for the sake of saving time in making it to the entry-level position?

This article will detail the degree requirements and certification requirements for the IT auditor career path and will give a well-founded recommendation for which you should choose. Think of it as an advanced look at your options if you were faced with this career credential conundrum. 

What do IT auditors do?

IT auditors are cybersecurity professionals responsible for risk and internal controls within an organization’s network and information security environment. The role of IT auditor does not solve security issues within an organization; rather, they focus on finding and documenting these issues. Examples of what IT auditors are commonly responsible for include identifying security flaws in an organization’s information security, creating action plans to fix said flaws and writing reports to communicate these findings to executives and other decision makers. 

This role is directly mapped to the National Initiative for Cybersecurity Education’s (NICE) CyberSeek model, which identifies this role as entry-level. 

IT auditor degree requirements

With limited exceptions, organizations seeking IT auditors will require a degree of some kind, and the best way to see this is to examine the statistics. According to CyberSeek, 76% of organizations require a bachelor’s degree and 22% require a graduate degree. This means that cybersecurity professionals will be hard-pressed to find an organization that does not require a degree of some kind.

Organizations generally prefer Bachelor of Science degrees, based on the greater technical focus of B.S. degrees compared to B.A. degrees.

In terms of what (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: