Home » Security Bloggers Network » Degree vs. certification: Entry-level IT auditor

Degree vs. certification: Entry-level IT auditor

by Greg Belding on September 10, 2019

Introduction

Earning a degree and earning professional certifications are the two main ways to demonstrate acquired competency through education. The IT auditor career path has room for both, but what if you were to choose only one of those methods for the sake of saving time in making it to the entry-level position?

This article will detail the degree requirements and certification requirements for the IT auditor career path and will give a well-founded recommendation for which you should choose. Think of it as an advanced look at your options if you were faced with this career credential conundrum.

What do IT auditors do?

IT auditors are cybersecurity professionals responsible for risk and internal controls within an organization’s network and information security environment. The role of IT auditor does not solve security issues within an organization; rather, they focus on finding and documenting these issues. Examples of what IT auditors are commonly responsible for include identifying security flaws in an organization’s information security, creating action plans to fix said flaws and writing reports to communicate these findings to executives and other decision makers.

This role is directly mapped to the National Initiative for Cybersecurity Education’s (NICE) CyberSeek model, which identifies this role as entry-level.

IT auditor degree requirements

With limited exceptions, organizations seeking IT auditors will require a degree of some kind, and the best way to see this is to examine the statistics. According to CyberSeek, 76% of organizations require a bachelor’s degree and 22% require a graduate degree. This means that cybersecurity professionals will be hard-pressed to find an organization that does not require a degree of some kind.