+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member AlexNguyen's Avatar
    Join Date
    Jun 2011
    Location
    Montreal, Canada
    Posts
    300

    Certifications
    CISSP, CISA, CSSA, C|EH, C|HFI, GCFE, GPEN, GAWN, VCP5, MCTS, MCITP, ITIL v3 Foundation
    #1

    Default CSSA (Certified SCADA Security Architect) passed today

    I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.
    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,617
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    Congratulations on passing the CSSA exam!

    SCADA is a really cool specialization to have. I wish that I had been able to get into it and ICS more when I had the chance. As it is, I can't tell a NERC from a FERC.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. Senior Member AlexNguyen's Avatar
    Join Date
    Jun 2011
    Location
    Montreal, Canada
    Posts
    300

    Certifications
    CISSP, CISA, CSSA, C|EH, C|HFI, GCFE, GPEN, GAWN, VCP5, MCTS, MCITP, ITIL v3 Foundation
    #3
    Outside people think SCADA is cool...but there's nothing exciting about it. It's old technology. There are many SCADA systems still running for almost 30 years. There's a lot of security holes in those systems. The SCADA communication protocols (e.g. Modbus, DNP3) are 'insecured'. It's based on serial communication and now encapsulated in TCP. There's no authentication. In the SCADA security class, a guy said that you can buy a Lego Storm kit and program it to talk to a PLC via Modbus.
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,617
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    SCADA is cool because of what it controls and how naive the security controls are. The ladder logic of the PLCs is primitive at best, but that's all ICS needs. In fact, most ICS only use SCADA as a convenience and don't need it to actually operate.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Feb 2011
    Posts
    1
    #5
    can i get the recent question and answer to the CSSA exam
    Reply With Quote Quote  

  7. Senior Member DAVIS NGUYEN's Avatar
    Join Date
    May 2013
    Location
    Atlanta, GA
    Posts
    1,438

    Certifications
    CASP, SEC+, NET+, A+, NST, CST, ACE...
    #6
    Congrats on the pass
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Oct 2006
    Posts
    2
    #7
    congrats! I'm also in the SCADA industry but on the vendor side of things specifically in the Oil and Gas sector, but work with clients in water, electricity and traffic. I'm from Montreal as well, but have since relocated to Houston
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Nov 2012
    Posts
    1
    #8
    Quote Originally Posted by AlexNguyen View Post
    I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.
    Hello Alex;
    How was the exam questions ? How did you work on exam ?
    Can you please answer ?
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #9
    Quote Originally Posted by ugur5253 View Post
    Hello Alex;
    How did you work on exam ?
    Alex...I second this one... What material did you use for studying/preparing for the exam? Thanks
    Reply With Quote Quote  

  11. Senior Member Devilry's Avatar
    Join Date
    Jun 2010
    Posts
    659
    #10
    Congrats on the pass - I would also like to see what materials was used.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2014
    Location
    South Florida
    Posts
    857

    Certifications
    CISSP, CISM, CISA, CRISC
    #11
    Quote Originally Posted by Devilry View Post
    Congrats on the pass - I would also like to see what materials was used.
    Yes please let us know what material you used to prepare. Thanks
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,617
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    Why would you want to study with 3+ year old material?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks