+ Reply to Thread
Results 1 to 23 of 23
  1. Junior Member
    Join Date
    Dec 2014
    Location
    Daegu, South Korea
    Posts
    21

    Certifications
    CISSP, CISM, CISA, C|EH, ITIL, SEC+, NET+, MCITP
    #1

    Default 8570 and Security+

    At wits end trying to break the code on this... I'm an ISSM overseas in Korea and most of our service members are only here for one year. Getting them Security+ certified in order to have admin credentials is killing us over here. A recent (and previous) MTT provided course resulted in about a 10% pass rate. Has anyone else broken the code on getting young 1st term service members certified on Sec+? We've tried internal training, provided material and study videos, MTT classes and still consitently have a low pass rate, it appears this is across the Theater, not just in our organization. Has anyone had luck with the other IATII exams (GSEC, SSCP, etc)... Any thoughts?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,816

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #2
    I they can't pass Sec+ I highly doubt they can do GSEC or SSCP.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2015
    Posts
    709

    Certifications
    CCNA R&S, Security+, Network+, Linux Essentials
    #3
    I hate to say it, but make life painful if they don't have Security+.
    Reply With Quote Quote  

  5. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #4
    Negative, tangible, real consequences are how you get 1st term service members "motivated" for compliance issues you may be having. Force a certain amount of remedial training hours as a sort of "extra duty" that needs to be logged and signed by supervisors is how I've seen it most consistently applied.

    It never ceases to amaze me how resistant 1st termers can be to things that would ultimately help them. It's like they are allergic to forward progress, especially in regards to training and education.
    Reply With Quote Quote  

  6. Senior Member Archon's Avatar
    Join Date
    Jan 2015
    Location
    UK
    Posts
    175

    Certifications
    BSc, MSc, ITIL v3F, MCP, MCDST, MCITP, MCTS, MCSA, N+, S+, CEH, CISSP
    #5
    Threaten to send them to the camps north of the boarder if they don't pass
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Aug 2016
    Posts
    9
    #6
    I'm not a fan of 8570. I think the material is great but the certification test is very nit picky. All that money shelled out for boot camps and tests with only a 10% pass rate?

    Obviously withholding promotion would be a factor for first termers. Unfortunately, it's not fair because you can be a cook...be paid the exact same...and skate through your enlistment.

    My complaint with Security+ was seeing our unit pay for boot camps and the test. Perhaps a DoD test would be fine and instead of forking all the money to CompTIA. I was the first in our unit to take the test in 2009 because I was a civilian contractor on the SIPRnet (aka decent pay as motivation).
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Apr 2015
    Posts
    709

    Certifications
    CCNA R&S, Security+, Network+, Linux Essentials
    #7
    I like everything Kalabaster said. I do have a few additional thoughts.

    What are the benefits of them not getting Security+ qualified and thus not having an admin account? Are they not on call? Do they not have to come in after hours or stay late to do things that require the admin accounts? If this is the case I could see why they wouldn't want to pass. In this case I would make them come in with the on-call guy so they have to still feel the pain even though they don't have the admin account.

    Are they able to use Tuition Assistance without getting Security+? If so, I would try to get a policy implemented that they can't use it until after they're qualified(if it's legal and inline with policy/regulations to do that.)

    Is it possible to reward the people that do pass and have admin accounts? Can you let them go home early every once in a while? Have them not have to clean up, take out the trash or any other sort of manual labor? In addition to using a cattle prod to motivate, giving them a little carrot to look forward to could help.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Dec 2014
    Location
    Daegu, South Korea
    Posts
    21

    Certifications
    CISSP, CISM, CISA, C|EH, ITIL, SEC+, NET+, MCITP
    #8
    Lot's of great input... In my situation, the NCO's are in charge of them, but not really enforcing 8570 as a standard... because it's not an MOS qualifier, they are not putting the correct emphasis on it... As a civilian, I manage all the other civilians and they are above and beyond qualified (most have 4-5 certs)... The breakdown is the NCO's need to be doing all mentioned above, but unfortunately, I'm not in their chain of command/responsibility... I could have my civilians not use their credentials, but would result in mission failure and puts us all in a catch 22... I may have to in the end though... thanks for the recommendations!
    2016 Goals: CISA, Next Up: PMP
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Nov 2015
    Posts
    249

    Certifications
    Deplorable Trump Voter and pro-American Racist
    #9
    If you have CCNA Security, is that good enough for the 8570 standards, then you don't even need to bother with the Security+ at all?
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2015
    Posts
    709

    Certifications
    CCNA R&S, Security+, Network+, Linux Essentials
    #10
    Quote Originally Posted by fmitawaps View Post
    If you have CCNA Security, is that good enough for the 8570 standards, then you don't even need to bother with the Security+ at all?
    IAT Level 1 and 2 it's good enough. IAM Level 1, it's not.

    http://iase.disa.mil/iawip/Pages/iabaseline.aspx
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Nov 2015
    Posts
    249

    Certifications
    Deplorable Trump Voter and pro-American Racist
    #11
    That list makes it seem like at some point a Security+ is better than CCNA Security? Only a government agency could come to that conclusion!

    And that CE - continuing education thing, is that a different addon to Security+, or are all Security+'s the CE version?
    Reply With Quote Quote  

  13. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #12
    All new Sec+ earners are now enrolled into Sec+ CE instead. Meaning, basically, that they are automatically enrolled in their program that now leverages the use of CE credits and maintenance fees to keep the certification, instead of forcing retakes of the same or higher level CompTIA certifications to maintain certification.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2015
    Posts
    709

    Certifications
    CCNA R&S, Security+, Network+, Linux Essentials
    #13
    Basically, I believe around 2011, CompTIA started transitioning to the CE model. There was huge outcry against CompTIA who had previously stated the certs were good for life. CompTIA decided to compromise and say that if you got the cert before the deadline it was "Good For Life" and they wouldn't say those certs were now invalid, so those certholders can list the cert on their resume(not the CE part). Which brings us to the CE part. After that cutoff date you have to renew the cert every 3 years or do Continuing Education(CE). This is relevant because if you were a "Good For Life" certification holder that wouldn't fulfill the 8570 requirements.
    Reply With Quote Quote  

  15. Member Eston21's Avatar
    Join Date
    Jan 2014
    Location
    Orlando
    Posts
    69

    Certifications
    Healthcare IT Technician,Server+, Network+, Security+,MTA-Server Admin Fundamentals, Project+
    #14
    As a prior service member I wonder if you have spoken with your squadron's training manager? They may have some ideas that you may not have thought about. Honestly if these airman they can pass their CDCs then Security+ should be a piece of cake.
    Last edited by Eston21; 10-04-2016 at 07:24 PM.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    3

    Certifications
    Security+ ITIL Foundations
    #15
    You are blaming the wrong party for this problem. When 8570 dropped it was designed to ensure those with admin privileges worked from a security oriented mindset. Basically it was designed to avoid a Snowden type incident. It originally did that. One could study the Sec+ 101 exam for a few hours a night for a couple of weeks and reliably pass the exam. From there with reinforcement from your SSO you applied what you studied. It was a wonderful system.

    My how things have changed! What was once a do-it yourself process has morphed into a multimillion dollar industry. Guys like Myers, Messer, and Gibson have made bank on writing books, releasing videos, and practice tests. While organizations like CompTIA cash in on voucher and CEU fees.

    So, how do you keep the industry going? Make the test harder. Use ambiguous language, make the questions "scenario based", and toss in some clunky simulations. If people complain tell them they need more hands-on experience or my favorite "try harder." Everyone wins. CompTIA makes more in retake fees, testing centers make out peddling boot camps, and the gurus of the industry release revised versions of their books. All of this is reinforced by the crab mentality of cert holders which views passing these exams as a badge of honor when instead they should be advocating for improvements so those behind them have a better experience.

    No one really gets hurt from all of this since Uncle Sugar is paying the bill. He covers those study guides, boot camps, and exam fees. Can't pass? No worries cause he will pay for whatever you need to continue trying.

    A 90% in theater fail rate? Punish those lazy airmen! It has to be their fault.
    Reply With Quote Quote  

  17. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #16
    One could study the Sec+ 101 exam for a few hours a night for a couple of weeks and reliably pass the exam. From there with reinforcement from your SSO you applied what you studied. It was a wonderful system.
    To be fair, you can still do this. I and many of my colleagues have done so recently...
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    3

    Certifications
    Security+ ITIL Foundations
    #17
    Quote Originally Posted by Kalabaster View Post
    To be fair, you can still do this. I and many of my colleagues have done so recently...
    You are a CISSP holder. I would hope you could pass Sec+.
    Reply With Quote Quote  

  19. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #18
    Security+ was the first certification I ever got.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Sep 2016
    Location
    Augusta, Ga
    Posts
    111

    Certifications
    A+, Network+, Security+
    #19
    Is the CCNA Security an easier test?
    Reply With Quote Quote  

  21. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #20
    Quote Originally Posted by ultm8mind View Post
    Is the CCNA Security an easier test?
    No, it is much more difficult than Sec+
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Sep 2016
    Location
    Augusta, Ga
    Posts
    111

    Certifications
    A+, Network+, Security+
    #21
    Sec+ it is then, haha
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Jul 2016
    Location
    New Hampshire
    Posts
    377

    Certifications
    CCNET, CCNA R&S, ITIL, MCP, Security+
    #22
    I am in the middle of studying for my Security+ and I had been looking at taking the SSCP exam. It doesn't look like the DoD places much worth on the exam and none at all on the CCFP, which is on my list of certifications to take. I was in the defense industry for several years and would like to get back into it.
    Reply With Quote Quote  

  24. Member
    Join Date
    Aug 2015
    Posts
    86

    Certifications
    A+, Network+, Security+, Linux+/LPIC-1, C|EH, GMON
    #23
    Finish your Sec+, get your foot in a door, then pursue your CEH and CISSP in the order you like, knowing the CEH is a bit easier. Bingo, Bango, you are 8570 compliant for all the things (ish)
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks