researching job of "security auditor"

Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: walte...@iname.com (walterbyrd)
Newsgroups: comp.security.misc
Subject: researching job of "security auditor"
Date: 13 Dec 2003 21:50:16 -0800
Organization: http://groups.google.com
Lines: 15
Message-ID: <2fe7b80f.0312132150.2a24cf06@posting.google.com>
NNTP-Posting-Host: 67.31.153.105
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1071381017 31078 127.0.0.1 
(14 Dec 2003 05:50:17 GMT)
X-Complaints-To: groups...@google.com
NNTP-Posting-Date: Sun, 14 Dec 2003 05:50:17 +0000 (UTC)
Xref: archiver1.google.com comp.security.misc:1052

What qualifications are generally required?

Who hires security auditors?

Do most work as consultants, or regular employees?

How long does a security audit generally take? Is it usually done by
one person, or a team?

Is there much demand for security auditors?

Any other information you could provide would be helpful. 

Thank you in advance.

ath: archiver1.google.com!news2.google.com!newsfeed2.dallas1.level3.net!
news.level3.com!news-out.visi.com!petbe.visi.com!nntp1.roc.gblx.net!
nntp.gblx.net!nntp.gblx.net!ngpeer.news.aol.com!audrey-m1.news.aol.com!
not-for-mail
Lines: 9
X-Admin: ne...@aol.com
From: jwme...@aol.com (JWMeritt)
Newsgroups: comp.security.misc
Date: 15 Dec 2003 19:13:26 GMT
References: <2fe7b80f.0312132150.2a24cf06@posting.google.com>
Organization: AOL http://www.aol.com
Subject: Re: researching job of "security auditor"
Message-ID: <20031215141326.04265.00000992@mb-m29.aol.com>
Xref: archiver1.google.com comp.security.misc:1066

You realize that there are Certified Information Systems Auditors, right?
..........................................................................
..........................................
http://profiles.yahoo.com/jwmeritt and http://hometown.aol.com/jwmeritt/
                         James W.  Meritt, CISSP, CISA

Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: walte...@iname.com (walterbyrd)
Newsgroups: comp.security.misc
Subject: Re: researching job of "security auditor"
Date: 17 Dec 2003 16:33:29 -0800
Organization: http://groups.google.com
Lines: 24
Message-ID: <2fe7b80f.0312171633.671f78ed@posting.google.com>
References: <2fe7b80f.0312132150.2a24cf06@posting.google.com> 
<20031215141326.04265.00000992@mb-m29.aol.com>
NNTP-Posting-Host: 67.31.134.201
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1071707609 4263 127.0.0.1 (18 Dec 2003 00:33:29 GMT)
X-Complaints-To: groups...@google.com
NNTP-Posting-Date: Thu, 18 Dec 2003 00:33:29 +0000 (UTC)
Xref: archiver1.google.com comp.security.misc:1111

First, thanks for all the replies.

jwme...@aol.com (JWMeritt) wrote in message news:
<20031215141326...@mb-m29.aol.com>...
> You realize that there are Certified Information Systems Auditors, right?
> ..........................................................................

Yes. But you have to be IS auditor for several years before you can
even sit for the exam. Also, a CISA is not strictly a *security*
auditor - as I understand it. As I understand it most *systems* 
audits are mainly concerned with financials.

I noticed that you both a CISSP and CISA. I realized those are about
the two most highly demanded certs in the industry. But, I don't think
either is specialized to IS security audits. I am thinking about
trying to get a GSNA - a sans/giac cert specialized towards security
audits.

My recent experience has been as a systems administrator with top
secret clearence. I did a lot of security related work, but I have
never been a security specialist. Of course, I am thinking about going
into security, me and every other unemployed systems admin.

btw: sorry in advance if I'm wrong about anything I posted.