From the financial sector to IT security
Lateral entry as an IT security auditor - a field report
The majority of CIS auditors come from the IT sector. Our colleague Elma Pichler shows that it is possible to become an information security auditor without technical background.
„I recommend further training to become an auditor to anyone who is enthusiastic about the subject - you can acquire technical background information, but you have to be inherently interested,“ says Elma Pichler.
From finance and risk management...
After completing her Bachelor's degree in Management Consulting with a specialization in Finance and Real Estate Management, Elma completed her Master's degree in Risk Management & Corporate Security at FH Campus Wien in 2017. Her professional career in the insurance and banking sector began during her studies. During her career, she gained valuable experience in various industries such as consulting and the public sector and took over as deputy CISO in the banking sector. Her responsibilities included the internal control system, business continuity management, risk management, quality management and information security management. These diverse experiences sparked her interest in the interconnectedness of management systems and strengthened her desire to deepen and pass on her knowledge.
... to IT Security
In November 2023, her path finally led her to CIS - Certification & Information Security Systems, where she was hired as an auditor and quality manager. To be qualified in the field of information security management and as an auditor, she completed the "Information Security Manager according to ISO 27001" and "Information Security Auditor according to ISO 27001" courses. "The CIS courses were very suitable for me, partly because they allowed me to expand my network. I noticed that the area of information security is becoming increasingly essential. I was able to recognize a lot of content from my professional career and my studies," says Elma Pichler.
Without traditional IT training, her work as an ISO 27001 auditor required the CISSP certification (Certified Information Systems Security Professional) from ISC². This globally recognized certificate confirms sound technical and administrative expertise in the field of information security and represents her next professional milestone. This examination is necessary to actually be able to carry out ISO 27001 audits.
This story impressively shows that even career changers without a technical background can be successful in the field of IT security if they have the motivation. CIS offers interested parties training courses and certifications as a solid foundation and qualification to gain a foothold in this exciting and important field.
