Certifications

CERTIFICATIONS

The journey towards formal certification makes it worthwhile. With each certification, I discover new blind spots and learn a great deal in the process.

Certified Information Systems Security Professional (CISSP)
The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CSOs, CISOs or Senior Security Engineers. It provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement.

Certified Information Systems Auditor (CISA)
Since 1978, the Certified Information Systems Auditor (CISA) program has measured excellence in the area of IS auditing, control and security. CISA has grown to be globally recognized and adopted worldwide as a symbol of achievement. The CISA certification has been earned by more than 50,000 professionals since inception.

Certified Information Security Manager (CISM)
The CISM certification and is specifically geared toward experienced information security professionals. CISM is business-oriented and focused on information risk management while addressing management, design and technical security issues at the conceptual level. It is for the individual who must maintain a view of the "big picture" by managing, designing, overseeing and assessing an enterprise's information security.

Certified Information Privacy Professional (CIPP)
The CIPP stresses the definitions, concepts and applications of U.S. and international privacy laws and information management practices as well as the privacy implications of emerging technologies. This includes HIPAA, COPPA, GLBA, APEC principles, OECD guidelines, EU Directive, employee records management, workplace monitoring, contingency planning, incident handling, PII, Web forms, cookie files, Spyware, spam and other key items.

NSA INFOSEC Assessment Methodology (IAM)
The IAM consists of a standard set of activities required to perform an on-site information security assessment. While not technically a certification, the IAM "sets the bar" for completing a comprehensive INFOSEC Assessment as defined by the IATRP. To qualify for an IAM certificate, students must: attend the two-day class; demonstrate an understanding of the IAM through group exercises and class discussions; obtain a passing grade on the IAM test and meet the experience requirements (five years of information security and two years of analyzing security risks and vulnerabilities).

Sun Certified Security Administrator (SCSA)
The Sun Certified Security Administrator exam requires an in-depth knowledge on security topics including: general security concepts, detection and device management, security attacks, file and system resources protection, host and network prevention, and network connection access, authentication, and encryption.