+ Reply to Thread
Results 1 to 18 of 18
  1. Senior Member
    Join Date
    Jan 2012
    Posts
    102

    Certifications
    CISSP-ISSMP, CRISC, PMP, GCIH, GCFE, GLEG, MCSE, CCNA, C|EH, CNA 5.1, ITIL-F, N+, A+
    #1

    Exclamation DoD 8570.01-M Revision some updates

    Just an FYI for the field.

    Highlights -

    CASP approved IAT II, III & IASE I,II

    GSE & GSIF are no longer part of approved baseline. But will be gradfathered.

    GCFA & CSSLP are under review for addition to the baseline.


    The CompTIA Advanced Security Professional (CASP) certification (ISO 17024 accredited) was approved to be added to the DoD baseline list for IAT level III, IAM II, and IASAE level I and II during the 24 January 2013 Defense Information Assurance Program (DIAP) Certification Committee meeting. CASP targets the IT security professional with a minimum of 10 years' experience in IT administration and at least 5 years of hands-on technical security experience. Once the certification is added to the DISA Information Assurance Support Environment baseline certification table, (at: DoD 8570 Information Assurance Workforce Improvement Program), it will be official. Meanwhile, personnel may commence studying for this certification. Go to CompTIA Advanced Security Practitioner certification, CASP certification for more information.

    Baseline certifications: GIAC Security Expert (GSE) and GIAC Information Security Fundaments (GISF) were reviewed and neither certification is American National Standards Institute (ANSI) accredited there-fore both will be removed from the DoD approved baseline list. DoD will develop and implement a grandfather clause that will be put into place for anyone who currently holds either certification.

    Certifications currently under review by the Institute for Defense Analysis for possible additions to 8570.01-M are the ISC2 "Certified Secure Software Lifecycle Professional" (CSSLP) and "GIAC Certified Forensic Analyst" (GCFA).

    DoD 8570.01-M Revision meeting: At the 24 Jan 2013, DoD 8570.01-M Revision meeting, the DIAP re-ported that they are still in the process of adjudicating comments for DoDD 8140.aa. The DoD policy will align as close as possible to the National Initiative for Cybersecurity Education (NICE) workforce frame-work of categories and specialty areas workforce roles.


    DoD Risk Management Framework (RMF) Training Advisory Group (TAG): The DoD TAG has recently held four meetings to discuss how DIACAP is moving to the Risk Management Framework (RMF), the new roles in the draft DoDI 8510, and how these roles should be integrated into the 8570.01-M. The team is working closely with the DIAP 8570.01-M Revision Working Group to ensure knowledge, skills, abilities, and competencies are consistent.
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member coty24's Avatar
    Join Date
    May 2010
    Location
    GA
    Posts
    256

    Certifications
    CHFI v8, C|EH v7,MCITP:SA, MCTS 70-680, Security+, Network+,A+, Project+,CIW WFAv5, CIW Javascript Specialist, VCA-DCV
    #2
    Good read man, I see CompTIA is making their move with the CASP....
    Passed LOT2 Working on FMV2(CHFI v8 ) Done!
    Reply With Quote Quote  

  4. Senior Member broli720's Avatar
    Join Date
    Oct 2012
    Location
    United States
    Posts
    198

    Certifications
    CISSP, CASP, CCNA Security, CCENT v2.0, Security+
    #3
    I knew it was only a matter of time but I still want my CISSP though. Should know by next weekend.
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,175
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    DISA will publicly announce the changes here: DoD 8570 Information Assurance Workforce Improvement Program
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Nov 2005
    Posts
    262

    Certifications
    CISSP, C|EH, Security+, A+, Network+, Linux+
    #5
    Worth getting a CASP now even if already have CISSP?
    Reply With Quote Quote  

  7. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,175
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #6
    It looks like CISSP covers all of the categories that CASP does except for IAT II, which is covered by Security+. So it still looks like having both the CISSP and Security+ still covers most of the bases. Throw in A+ or N+ and CEH and you've just about got the Full Monty 8570.01-wise.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  8. Senior Member spiderjericho's Avatar
    Join Date
    Nov 2010
    Location
    Tampa
    Posts
    722

    Certifications
    A+, BCNE, CASP, CEH, CISSP, CCNP R&S, CCDP, MCSE 2003, MCSA 2008, Net+, Sec+, B.S. IT, B.A. Communications
    #7
    The CASP was such an easy exam but if they want to make that IAT 3, great. But CISSP seems to be the one that covers all the bases, despite its dubiousness.

    I don't go flaunting I have it (I think it's overrated). But I'll never forget this civilian waving it around like a badge to this IAM as if it added credibility to some points he was making.
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,175
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    Quote Originally Posted by spiderjericho View Post
    The CASP was such an easy exam but if they want to make that IAT 3, great.
    For 8570.01, I would regard CASP and SSCP as equivalents, making them both IAT II, and also take Sec+ out of IAT II. I would then require A+ or N+ AND Sec+ for IAT I. That seems to be a better distribution of cert levels to me.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Senior Member Humbe's Avatar
    Join Date
    Dec 2012
    Location
    Miami, FL
    Posts
    197

    Certifications
    CISSP, CCNA, CVE, MCTS
    #9
    Quote Originally Posted by spiderjericho View Post
    But I'll never forget this civilian waving it around like a badge to this IAM as if it added credibility to some points he was making.
    I haven't been lucky enough to have an encounter with one of those individuals. Only had one once saying he had the certification when in reality he knew nothing about security. Quite funny the bust.
    Reply With Quote Quote  

  11. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,319

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, OSWP, SFCP, SnortCP, Sec+, Net+, A+, CNSS 4011/4013; expired: CCNA (R&S, Security, Wireless), WCNA
    #10
    I once interviewed an individual who had the CISSP logo branded onto his resume (the same one you're using as your avatar at the present, Humbe). I thought that was special. He didn't quite meet up to our expectations, but he had interest in the field and wasn't totally clueless.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    Reply With Quote Quote  

  12. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,045

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCENT, Sec+, Net+, ITIL v3 Foundations
    #11
    Experts say DoD cyber workers undertrained | Federal Times | federaltimes.com appears that they are finally realizing the mess they've created by allowing paper tigers to literally flood their workplace and run and secure their networks. I hope to see a total revampment in the future regarding 8570.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jan 2012
    Posts
    102

    Certifications
    CISSP-ISSMP, CRISC, PMP, GCIH, GCFE, GLEG, MCSE, CCNA, C|EH, CNA 5.1, ITIL-F, N+, A+
    #12
    Well all those paper tigers are vested in the GOV so the changes will probably take over a decade maybe two or longer. The only way around is to create new slots, I think they are using that method to meet the goals.

    It still does not address the fact that we do not produce enough baseline cyber trained individuals annually. A great deal, if not all the instruction and training is outsourced to SANS to accomplish the baseline (I can only speak for the Army). Example - https://www.sans.org/cyber-guardian/

    Do not look for too much out of 8570. The same people who are writing it are building/maintaining empires, political clout, funding streams and rely too much on the existing system to change it quickly.

    I have seen this game before. Everyone is after "CYBER" dollars and will do anything to get them. The more things change the more they stay the same...

    Just my two cents...
    Last edited by AnthonyF; 02-20-2013 at 05:04 PM.
    Reply With Quote Quote  

  14. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,319

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, OSWP, SFCP, SnortCP, Sec+, Net+, A+, CNSS 4011/4013; expired: CCNA (R&S, Security, Wireless), WCNA
    #13
    If I had a nickel for every time "cyber" is mentioned in the article...

    "We're rewriting essentially all of the cyber workforce policy, so we are going to have an overarching cyber workforce policy that will include all of the cyber skills including cyber defenders, cyber attackers, malware analysts, all that stuff," Hale said. "Then we will rewrite specific manuals underneath each."
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    Reply With Quote Quote  

  15. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,175
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #14
    Hey, Cyber is sexier than Non-kinetic Force Application.


    It's amusing to ponder that the term "cyber" was originally coined to describe man-machine control interfaces, such as keyboards and gimbles. A very kinetic origin for the term "cyber" indeed.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  16. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    2,771

    Certifications
    BS-CST EMT-B MPSC Security+
    #15
    This build up is really no different then the Air Marshal build up after 9/11. They were taking just about anyone, arming them, and putting them on a plane. Swarms of issues that at this point appear to finally be worked out...sadly took almost a decade to fix.
    WIP:
    Securitytube Python Scripting Expert

    Blog:
    http://havewire.blogspot.com/
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jan 2012
    Posts
    5

    Certifications
    Net+, Sec+, CISSP
    #16
    Quote Originally Posted by JDMurray View Post
    For 8570.01, I would regard CASP and SSCP as equivalents, making them both IAT II, and also take Sec+ out of IAT II. I would then require A+ or N+ AND Sec+ for IAT I. That seems to be a better distribution of cert levels to me.
    As I read it the higher IAT and IAM certs cover the lower levels.
    Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:
    • The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
    • The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.
    source: DoD 8570 Information Assurance Workforce Improvement Program
    Reply With Quote Quote  

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,175
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #17
    Sure, but the Level I certs should be easier to study for than the Level II and III certs. Someone at Level I would likely be quicker to certify going for Security+ rather than the SSCP or CASP, although the current Security+ exam is not an easy study for people new to InfoSec.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  19. Junior Member Registered Member
    Join Date
    May 2013
    Location
    Denver, CO
    Posts
    2
    #18
    As I understand this, most of the certification tests still warrant classroom and/or robust e-learning. However, I wonder how it will effect on-the-job training when preparing for certification.

    @ Anthony: What would be enough to produce enough baseline cyber-trained individuals annually?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks