The CISA exam has come and gone as I am patiently awaiting the results.
In the mean time, I have been taking a few weeks to regroup and take a hard look at the possible paths that I could continue down to maintain skill levels. My first path I have decided to assess is how my current and future certifications align with my career goals and my interests.
To put this into perspective, I have a very strong belief that in order to be a strong Information Security Professional, you must maintain a balance of technical, audit and management skills in order to fully understand the full breathe of Information Security. Secondly, I personally have a strong fascination as well as respect for the intelligence and technical skills that is required to assess and harden infrastructure and it’s vulnerabilities. As a result, I began to take a particular hard look at my Certified Pen Testing Specialist (CPTS) certification from Mile2.
A Brief History
I took the Mile2’s CPTS one week course back in December 2006 and found it to be a highly comprehensive course that detailed the basic methodology of Pen Testing as well as several most commonly used tools and techniques in the field. Later, I passed the exam in March 2007 on the second attempt and have held the certification for close to a year.
After obtaining this certification, I began to notice that there has not been much change on the Mile2’s Website, nor have I encountered many other CPTS in the industry. I did some Googling for Mile2 and its certifications and it seemed the only sources I could find were either on Ethical Hacking forums or links that were off the Mile2 site. This raised several questions and concerns that I believe needed to be answered.
So I e-mailed Mile2 with the following questions:
Can you provide me with the number of CPTS’s and CPTE’s (Certified Pen Testing Experts) whom are globally certified?
Has there been an increase or decrease in the market?
What is the future Road Map of Mile2?
Is Mile2 still trying to remain “elite” against its competitor?
Why is it that the majority of the publicity that I can scour about the CPTS/CPTE certification is directly from Mile2?
Expecting to receive a call from “Joe the Sales Guy”, I was completely surprised when I received a phone call from Raymond Friedman, the CEO of Mile2 and M2IA.
Through an hour long conversation, Mr. Friedman revealed several interesting new events that Mile2 is embarking. First and foremost, Mr. Friedman’s organization Millennium Squared Information Assurance (M2IA) has recently acquired Mile2 UK, LLC and has become the central site for providing training for Mile2. As a result of the new acquisition, there has been a newly appointed management team in the United Kingdom, an established presence in Tampa, Florida, as well as the opening of a third office in Europe.
Since the acquisition, M2IA have been revising their existing course ware and developing new courses that are being finalized in the beginning of 2008.
Some of the changes include:
CPTS - Certified Penetration Testing Specialist v. 7.2 Revision (Focus on BackTrack Distro)
CPTS - Financial Sector
CPTE - Certified Penetration Testing Expert (including a hands-on live network penetration)
CWAS - Certified Wireless Assessment Specialist
CWPTS - Certified Web Penetration Testing Specialist
CSCS- Certified Secure Coding Specialist
CSCS- Certified Secure Coding Specialist – Java
CWPTS-Certified Web Penetration Testing Specialist
CISSO-Certified Information Systems Security Officer
CLSS - Certified Linux Security Specialist
CDFEC - Certified Digital Forensics Examiner
CRCA - Certified Reverse Coding Analysis
With such an emphasis on new certifications, I questioned Mr. Friedman about the pass/failure rates of the CPTS and CPTE certifications. He stated that on an average, there are 50 candidates who take the CPTS each month with a 25% Pass Rate. As for the CPTE, he stated that pass rate is only at 7%. This is obviously quite a tremendous difference pass rate then Mile2’s competition.
M2IA is also retooling a new company website, which should debut this month, and is adding several features including an online shopping security store. This store will offer Penetration Testing Gear and tools, training kits, various forensics software as well as security equipped computers for customers. Additionally for Mile2 students and members there will be access to invaluable security info; software downloads, as well as exclusive white papers written by the Mile2 experts. A Career Academy and Staffing Resources will be added for students and Mile2 members to post resumes and search security job positions globally.
Apart from the company website, M2IA is contributing to the Securipedia.com website, which will be an independent search engine built to sponsor the Information Security Culture and provide an information location for the member of the security field. Mr. Friedman states that Securipedia.com is, “”Bigger than all of us… and will grow without us”; meaning that although Mile2 and M2IA have helped incubate this search engine it will earn its own place on the Internet.
.He continued to list other added benefits that Mile2 is deploying to include:
· Pro Services - (2007) Penetration Testing and Forensics consulting which within the last year, Mile2 has landed large contracts in both Holland and Canada as well as other several other contract worldwide.
· CBT and Virtual On line training- (2007) mile2 is offering live on line training as well as CBTs (Computer Based Training) to our new courses. CPTS, Wireless, Forensics, Social Engineering
· Advertising campaign with Hakin9 Magazine.
With all of this activity surrounding Mile2 and M2IA and the customer oriented dedication that Mr. Friedman portrayed to me, I have since regained my confidence in the time and effort I have spent with my certification. Our conversation even sparked an interest in the possibility of pursuing the CPTE certification.
SZ