Certified Information Security Manager

Back in 2010 I attended a three day course with Net Security training in Wembley, in preparation for a Certified Information Security Manager (CISM) exam a couple of weeks later. All of the work was theoretical, and it was assumed that you already had experience in most of not all of the domains covered.

The exam itself was paper based, with four hours given to complete 250 multiple choice questions. You then have to wait a few weeks before you get your results, at which point you can then apply for the certification from ISACA. You need to be able to demonstrate at least five years worth of experience in two or more of rhe domains as part of the certification process.

The certification lasts for three years, and in that time you need to complete a minimum of 120 hours of Continuing Professional Education (CPE), with at least 20 hours in each of the three years. I have recertified in this way once, and have already reached my target for this recertification period.

Certified Ethical Hacker

In spring 2013 I attended a Certified Ethical Hacker (CEH) training course with Firebrand in Wyboston, England. It was a week long bootcamp, with classes starting on the Sunday evening, 12 hour days in the classroom and a 3 hour exam on the Friday morning.

The classes were made up of a mixture of theory and practical work. All attendees had a number of virtual environments to work in, and we were able to use a number of the tools we’d talked about in a safe environment. After class we had two to three hours reading every night, to read the courseware, so we spent roughly 15 hours a day on the topic.

As you can imagine, this kind of intense training crams a lot in and leaves you pretty drained at the end, but it was worth it. The course “only” gives the background, and it is then down to the individual to keep their education up by reading more on the topic, by trying the tools out and by carrying out this kind of work.

While I don’t currently do any kind of hacking as part of my job, the course gave a very good understanding of the techniques and methods used, and the risks and potential impact that each kind of attack could bring to an organisation. From that perspective, it meant I was well prepared for writing policies and standards to help counteract the threats from this angle.

Recertification takes place every three years, and in that time you have to be able to demonstrate completion of at least 120 hours of Continuing Professional Education (CPE) in related topics. I have recently completed my first recertification and am therefore entitled to use the CEH designation, approved by the EC-Council, until 2019.

Certified Information Systems Security Professional

In November 2015 I attended a week long bootcamp at Firebrand Training in Wyboston, England. From the Sunday to the Saturday thirty or more students sat in the classroom and tried to take in all of the course materials, ready for an exam on the Sunday.

The exam itself is computer based, 250 multiple choice questions, and you’re given six hours to complete it. You are permitted to take breaks, and the training centre laid on food and drink so you could freshen up a bit before getting back to the exam.

I have to say that if I hadn’t had years of experience to call on, and if I hadn’t done the Certified Ethical Hacker (CEH) qualification a few years before I would probably have struggled with some sections. As it was, I passed and then had to apply for my certification proper. ¬†That involved completing a questionnaire and finding an existing Certified Information Systems Security Professional (CISSP) to vouch for me, then waiting for several weeks before being given the good news.

As with the CISM and CEH designations, recertification requires at least 120 hours of Continuing Professional Education (CPE) in related topics over three years. As I have only recently gained the accreditation, I don’t have to recertification until 2019.

In my opinion, the CISSP from (ISC)2 was the hardest certification for me to pass, though the course for CEH was much more intense.