Accelerating Security Certification

Can information security professionals really get certified in half the ordinary time?

Get certified, get more money. While that paradigm no longer holds true for IT in general, according to recent studies, it still flies for information security. What should information security professionals, and employers footing the bill, look for in a certification? Here's something else to consider, regardless of the certification: how should you go about getting certified?

To talk about such information security training ins and outs, Security Strategies spoke with Ed Denzler, CEO of The Training Camp, which just launched its InfoSec Academy division (http://www.infosecacademy.com) to focus exclusively on accelerated security learning. The company’s customers include Genentec, Motorola, and the Department of Veterans' Affairs. It’s also the only approved global “accelerated” training provider for (ISC)2’s Certified Information Systems Security Professional (CISSP).

What’s “accelerated” training, security or otherwise?

Most students and companies are at odds with traditional training because of the single learning style and lack of management. So … we address that by [testing for and] delivering vendor certifications at the end of the course. So the Roman Holiday aspect goes away. We do [one] month courses in 14 days.

Can people process all of the relevant information that quickly?

Yes; [partially because] we make sure to also target their intake styles. In general, there are three: visual, auditory and kinesthetic, i.e. tactile. We make sure to present the material in a way that meets people’s preferred intake styles.

What’s hot for security certifications right now?

The gold standard is obviously the CISSP from (ISC)2, and we partnered with them … That’s unstoppable. There seems to be a continued, large amount of interest in that. Obviously there has been the person who's responsible for security in the organization—say the CSO title—taking it, but what we’re seeing now is the tributary flow, the people not directly in charge of security, but close.

One example is someone who has been doing network security for a number of years, has an MSCE; they’re more coming in now for CISSP. So that’s the cornerstone of our delivery, CISSP, and we're building off of that with CompTIA Security+ [Computing Technology Industry Association], Cisco CCSP, Microsoft's MCSE: Security, TrueSecure's ISCA, and others. We tailor training for managers, all the way down to your hardcore IT implementation person.

How long does your CISSP course take?

That's seven days in length. The seventh day, they take the actual (ISC)2 test. Really for a lot of security people obviously they've been studying, they've been working, and there's a barrier to receiving that certification. They need to take time to learn it. With us, their feet are in the fire.

So it’s non-stop training?

It's a little bit like boot camp … check your life at the door, chill out for 14 days, and effectively get technical hazing—for lack of a better term.

Do you offer forensics?

Yes. We do a lot of work with local law enforcement. They're probably our biggest forensic consumers.

So do you sell to companies or to individuals?

We have corporate customers, and on-site deals we do as well. Genentec, for example, is on site, and that happens frequently when all the people are local, and companies want to mitigate some of the travel costs, they just bring us in.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.