Understanding the Federal Cyber Security Professional (FCSP) Certifications

Understanding the Federal Cyber Security Professional (FCSP) Certifications Introducing a new set of performance-based credentials from the Federal IT Security Institute First Public Draft Copyright 2010-2011 FITSI 1 FCSP Performance-Based Certifications v1.0

This page is left intentionally blank Copyright 2010-2011 FITSI 2 FCSP Performance-Based Certifications v1.0

TABLE OF CONTENTS 1. EXECUTIVE OVERVIEW... 5 A. INTRODUCTION... 5 B. WHO IS FITSI?... 5 C. WHY NOW?... 6 2. FCSP CERTIFICATION PROGRAM DETAILS... 7 A. OVERVIEW... 7 B. EXAM STAGES... 7 C. USE OF THE ADVANCED PERSISTENT THREAT AS AN EVALUATION TOOL... 8 D. CANDIDATE PRE-REQUISITES... 9 E. RECERTIFICATION REQUIREMENTS... 9 F. MAINTENANCE DETAILS... 9 G. AUDITS...10 H. GRANDFATHERING...10 I. EXAM COSTS...10 J. EXAM AVAILABILITY...10 3. FCSP-PENETRATION TESTER...11 A. DESCRIPTION...11 B. PERFORMANCE MODEL...11 C. EXAM LOGISTICS...11 D. STANDARDS...11 E. SKILLS MEASURED...12 4. FCSP-SECURITY CONTROL ASSESSOR...13 A. DESCRIPTION...13 B. PERFORMANCE MODEL...13 C. EXAM LOGISTICS...13 D. STANDARDS...14 E. SKILLS MEASURED...14 5. FCSP-INCIDENT HANDLER...15 A. DESCRIPTION...15 B. PERFORMANCE MODEL...15 C. EXAM LOGISTICS...15 D. STANDARDS...15 E. SKILLS MEASURED...15 6. FCSP-FORENSICS SPECIALIST...17 A. DESCRIPTION...17 B. PERFORMANCE MODEL...17 C. EXAM LOGISTICS...17 D. STANDARDS...17 E. SKILLS MEASURED...17 7. FCSP- NETWORK DEFENDER...18 A. DESCRIPTION...18 B. PERFORMANCE MODEL...18 C. EXAM LOGISTICS...18 D. STANDARDS...18 E. SKILLS MEASURED...19 8. PERFORMANCE-BASED LAB...20 Copyright 2010-2011 FITSI 3 FCSP Performance-Based Certifications v1.0

A. OVERVIEW...20 9. OVERVIEW OF THE FITSI MANAGEMENT TEAM...21 A. JIM WIGGINS, EXECUTIVE DIRECTOR...21 B. AMEE DEVINE, CHIEF OPERATING OFFICER...21 C. MARIBETH KUZMICKI, PROGRAM MANAGER...21 10. OVERVIEW OF THE FCSP SCHEME COMMITTEE...22 A. JIM WIGGINS, EXECUTIVE DIRECTOR, FCSP SCHEME COMMITTEE...22 B. JAY COPLON, FCSP SCHEME COMMITTEE...22 C. DAVID KEYES, FCSP SCHEME COMMITTEE...22 D. TINA KULIGOWSKI, FCSP SCHEME COMMITTEE...23 E. JIM WILSON, FCSP SCHEME COMMITTEE...23 F. LEO DREIGER, FCSP SCHEME COMMITTEE...23 G. PIERRE COLOMBEL, FCSP SCHEME COMMITTEE...24 H. JOHN DUNLEAVY, FCSP SCHEME COMMITTEE...24 I. ROBERT VESCIO, FCSP SCHEME COMMITTEE...24 10. INSTRUCTIONS FOR PUBLIC COMMENT...25 11. CONCLUSION...26 12. LEGAL...27 Copyright 2010-2011 FITSI 4 FCSP Performance-Based Certifications v1.0

1. Executive Overview A. Introduction Professional certifications are a part of most industries and have become an important tool in measuring the knowledge, skills and abilities of individuals in different job roles. For the Information Technology (IT) security industry this is no different. Over the past 20 years a number of certifications from a plethora of organizations have certified information security (INFOSEC) professionals in best practices and guidance across a multitude of different industries. A recent report from the Center for Strategic and International Studies (CSIS) last summer highlighted the need for more technically competent information security professionals. In the study the commission made the following comments: It is the consensus of the Commission that the current professional certification regime is not merely inadequate; it creates a dangerously false sense of security for the following reasons: Individuals and employers are spending scarce resources on credentials that do not demonstrably improve their ability to address security-related risks; and Credentials, as currently available, are focusing on demonstrating expertise in documenting compliance with policy and statutes rather than expertise in mitigating risks and preventing and responding to attacks. A Human Capital Crisis in Cyber security CSIS Commission on Cyber security for the 44th Presidency Understanding the need for highly trained technical cyber security professionals, this whitepaper has been developed to detail the work the Federal IT Security Institute (FITSI) is currently pursuing to help develop rigorous certifications in the federal space that will help secure the nation s federal information systems. B. Who is FITSI? The Federal IT Security Institute is a certification body whose purpose is to focus on helping the Federal government certify workforce members in appropriate cyber and IT security knowledge, skills and abilities. The organization was launched officially in November of 2009 and in March of 2010 FITSI introduced the Federal IT Security Professional (FITSP) certification program. The FITSP certification is a role based program that validates the IT security knowledge of Managers, Designers, Operators and Auditor of Federal IT systems. FITSI is currently pursuing American National Standards Institute (ANSI) accreditation under the International Organization for Standardizations (ISO) 17024 standard for the FITSP program. Copyright 2010-2011 FITSI 5 FCSP Performance-Based Certifications v1.0

C. Why now? Cyber security is fast becoming a high priority for both commercial and government agencies. A number of high profile security breaches have occurred in the past few years placing organizations on notice that they must increase the security posture of their information systems. In order to protect their system adequately, these organizations need professionals with technical competency in cyber security skills to be able to fight the invasion of hackers, malicious code and even foreign powers. Currently, few certification programs on the market are performance-based and validate the technical competency of candidates. Programs from Cisco and Red Hat (the CCIE and RHCE, respectively) are two examples where candidates must prove their knowledge in a performance-based model. Unfortunately, these certifications are predominately targeted at operational aspect of an organization IT infrastructure rather than focusing on cyber security skills. With these points in mind, FITSI is working on developing a second generation of certifications known as the Federal Cyber Security Professional (FCSP). These credentials, coupled with the FITSP certifications, provide a method to ideally evaluate and test the knowledge, skills and abilities of cyber security professionals who work on systems owned by, or operated on behalf of, the federal government. The intent of the FCSP is to provide a meaningful way to evaluate five classes of cyber security professionals: Penetration Testers - designed for those who ethically break into systems Control Assessors - designed for those who validate controls on a system Incident Handlers - designed for those who deal with security incidents Forensic Specialists - designed for those who deal with forensic investigations Network Defenders - designed for those whose job is to protect the network This white paper discusses these performance-based certifications currently in development by FITSI and discusses the logistics of the program. Copyright 2010-2011 FITSI 6 FCSP Performance-Based Certifications v1.0

2. FCSP Certification Program Details A. Overview The Federal Cyber Security Professional is a role based program and is made up of five performance-based certifications. These include: 1. FCSP-Penetration Tester 2. FCSP-Security Control Assessor 3. FCSP-Incident Handler 4. FCSP-Forensics Specialist 5. FCSP-Network Defender Each exam is two days in length. Each FCSP certification is separate and examines a candidate s ability to demonstrate knowledge, skills, and abilities in a mock operational environment. The FCSP certifications are complementary to the FITSP program that FITSI currently manages. While the FITSP is predominantly information based, the FCSP is performance-based. When earned together, both of these credentials help to demonstrate a security practitioner s holistic approach in addressing Federal IT security. Below is how the two certifications work together to help prove the practitioner s real cyber capabilities. B. Exam Stages The FCSP exams are conducted over a two day period (Saturday and Sunday) and are broken into three stages: 1. Multiple-choice exam - Two hour 100 question multiple choice test; this stage evaluates a candidate s knowledge and understanding of the given job role. 2. Hands on exam - Ten hour performance-based exam consisting of 10 to 15 major tasks; this stage validates a candidate s technical competency within the given job role. 3. Written/Essay exam - Four hour writing component; this stage requires the candidate to create a report detailing their observations. (A template is provided to Copyright 2010-2011 FITSI 7 FCSP Performance-Based Certifications v1.0

all candidates to ensure consistency). This report validates that the candidate can put together a report documenting security incidents and events; additionally, the candidate must be able to perform root cause analysis and present remediation steps necessary to fix the issues. This stage tests both the writing skills of the candidate as well as his or her ability to think analytically about the causes of INFOSEC problems and how the organization should manage the situation. The diagram below demonstrates the exam stages visually: C. Use of the Advanced Persistent Threat as an evaluation tool The Advanced Persistent Threat (APT) is a serious issue to information systems used in government and the commercial world. Mandiant 1 defines APT as a group of sophisticated, determined and coordinated attackers that have been systematically compromising U.S. government and commercial computer networks for years. The vast majority of APT activity observed by MANDIANT has been linked to China. The FCSP exams use a simulated APT as way to evaluate the skills of candidates in properly detecting, containing, and remediating this serious threat to government and commercial systems. Each role-based performance certification deals with the APT at some point during the exam and depending upon the role of the certification the candidate must take steps to help address the issue. Each of the five roles deals with APT in the following way: 1 Mandiant White paper M-trends: The Advanced Persistent Threat Mandiant 2010 Copyright 2010-2011 FITSI 8 FCSP Performance-Based Certifications v1.0

1. FCSP-Penetration Tester Acts as an APT to gain access to a mock governmental system 2. FCSP-Security Control Assessor Runs into the APT as part of control assessment 3. FCSP-Incident Handler Identifies the APT at a CAT 1 event (Unauthorized Access) and must remediate the threat. 4. FCSP-Forensic Specialist Investigates the APT present on an information system and must remediate the threat. 5. FCSP-Network Defender Must defend the network against an APT intrusion and take steps to stop the intrusion before a foothold can be established. D. Candidate Pre-requisites Candidates that wish to pursue one of the FCSP exams must first earn a FITSP-Operator credential to demonstrate their ability to understand and apply appropriate federal IT security standards. The FCSP exams are highly technical and the FITSP-Operator role is the ideal perquisite as it is designed for candidates that are highly technical (system administrators, network engineers, and so on). The FCSP is a performance-based environment which focuses on the hands on skills and abilities of the 5 respective roles. Below is a visual representation of the complimentary role of the FITSP and FCSP certifications: E. Recertification Requirements The FCSP certifications are valid for no more than a five year period. Certified individuals carrying the credentials must recertify every five years by sitting for the FCSP exam to prove their technical competency in the latest knowledge, skills and abilities of their respective cyber security professional credential. F. Maintenance Details Because of the premier nature of the FCSP certifications, FITSI members who hold one of these certifications are required to pay a $99 annual maintenance fee. The fees go to supporting the nonprofit. To maintain the certification over a three year period certified individuals must earn at least 20 CPE per year that correlate to the credential they are carrying. Copyright 2010-2011 FITSI 9 FCSP Performance-Based Certifications v1.0

G. Audits Candidates will be randomly audited over the three year period to verify compliance with the Federal IT Security Institute s FCSP CPE policy. H. Grandfathering Due to the performance nature of the program, candidates are not allowed to grandfather into the program. I. Exam Costs The cost for the two day exam is still being determined. This will include proctoring and administration of both the written and practical portions of the exam. J. Exam Availability The exams are expected to be available sometime in 2012 and will be administered biannually in 6 geographic markets. Those markets are: Washington, DC Annapolis Junction, MD San Diego, CA Colorado Springs, CO San Antonio, TX Orlando, FL Copyright 2010-2011 FITSI 10 FCSP Performance-Based Certifications v1.0

3. FCSP-Penetration Tester A. Description The FCSP-Penetration Tester (FCSP-PT) is an offensive certification developed to test a candidate s ability to find and exploit operational, technical and management control weaknesses in United States Government information systems. It is a certification designed for members of red teams and other types of offensive groups which proactively attack systems to test their defenses before the bad guys can. B. Performance Model The FCSP-PT certification is broken into three components: a written exam, hands on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge of both the Open Source Security Testing Methodology Manual (OSSTMM) framework as well as National Institute of Standards and Technology (NIST) guidance as promoted in Special Publication 800-115, Technical Guide to Information Security Testing and Assessment. The lab environment is a ten hour evaluation of candidate s ability to demonstrate relevant penetration testing skills. Candidates must complete between 10-15 major tasks. The written exam is a four hour period of time where the candidate will have to put together a penetration testing report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-PT credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-PT Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses the OSSTMM framework promoted by the Institute for Security and Open Methodologies (ISECOM) as well as NIST Special Publication 800-115. Copyright 2010-2011 FITSI 11 FCSP Performance-Based Certifications v1.0

E. Skills Measured See the most current version of the FCSP-PT Candidate Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills measured on the FCSP-PT exam: 1. Perform a reconnaissance on the network and attached systems 2. Intrude into the network where the systems are located 3. Ability to establish a back door in the network and systems 4. Obtain user credentials 5. Install various utilities 6. Escalate privilege on a system 7. Move laterally in a system 8. Maintain persistence Copyright 2010-2011 FITSI 12 FCSP Performance-Based Certifications v1.0

4. FCSP-Security Control Assessor A. Description The FCSP-Security Control Assessor (FCSP-SCA) is an operational certification developed to test a candidate s ability to certify the controls found and used in United States Government information systems. It is designed for those who certify and assess a system as prescribed in NIST SP 800-37 Rev1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. B. Performance Model The FCSP-SCA certification is broken into three components: a written exam, a handson exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge found in NIST guidance as promoted in Special Publication 800-53A Rev1, Guide for Assessing the Security Controls in Federal Information Systems. The lab environment is a 10 hour evaluation of candidate s to effectively certify a mock government system. Candidates are given appropriate system documentation (organizational policies, System Security Plan, Contingency Plan) and vendor neutral tools, and are expected to verify the controls from 6 of the 18 control families as found in NIST SP 800-53A Rev1. The output of this work must result in delivery of a mini Security Assessment Report (SAR). The lab environment will require the candidate to analyze a number of control issues and make judgment calls as to the residual risk left on the system. Candidates must complete between 10-15 major tasks. The written exam is a four hour period of time where the candidate will have to put together a security assessment report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-SCA credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-SCA Candidate Exam Guide for a full exam blue print at the FITSI website. Copyright 2010-2011 FITSI 13 FCSP Performance-Based Certifications v1.0

D. Standards This certification uses the processes and standards as defined in NIST SP 800-53A Rev1. E. Skills Measured See the most current version of the FCSP-SCA Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills to be measured on the FCSP-SCA exam: 1. Review a SSP on a sample system 2. Use examine, interview and test techniques to verify the security state of a number of controls found on a mock government information system. 3. Review the technical controls found for two control families as defined in NIST SP 800-53A. a. Identify which items and issues should be added to a Plan of Action and Milestone (POAM) for remediation by the system owner 4. Review the operational controls found for two control families as defined in NIST SP 800-53A. a. Identify which items and issues should be added to a POAM for remediation by the system owner 5. Review the management controls found for two control families as defined in NIST SP 800-53A. a. Identify which items and issues should be added to a POAM for remediation by the system owner 6. Generate a SAR based upon the findings detailed in the review of the operational, technical and management controls found on a system. Copyright 2010-2011 FITSI 14 FCSP Performance-Based Certifications v1.0

5. FCSP-Incident Handler A. Description The FCSP-Incident Handler (FCSP-IH) is an operational certification developed to deal with a number of different types of incidents targeted against United States Government information systems. It is a certification designed for members of CIRT teams that are in direct support of the US Government. B. Performance Model The FCSP-IH certification is broken into three components: a written exam, a hands-on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge found in NIST SP 800-61, Computer Security Incident Handling Guide. The lab environment is a 10 hour evaluation of candidate s ability address a number of categories of events. Candidates must work within a mock environment and successfully deal with types of events including, but not limited to, unauthorized access, malicious code, and denial of service. Candidates must complete between 10-15 major tasks. The written exam is a four hour period of time where the candidate will have to put together an incident handling report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-IH credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-IH Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses guidance as specified in NIST SP 800-61, Computer Security Incident Handling Guide as well as guidance from US-CERT. E. Skills Measured See the most current version of the FCSP-Incident Handler Candidate Exam Guide for details on a breakdown of the skills measured on the exam. Copyright 2010-2011 FITSI 15 FCSP Performance-Based Certifications v1.0

The following are the planned skills measured on the FCSP-IH exam: 1. Be able to identify different types of incidents using a number of open source tools. 2. Be able to respond to a denial of service attack 3. Be able to respond successfully to an incident involving unauthorized access 4. Be able to respond successfully to a malicious code outbreak. Copyright 2010-2011 FITSI 16 FCSP Performance-Based Certifications v1.0

6. FCSP-Forensics Specialist A. Description The FCSP-Forensics Specialist (FCSP-FS) is an operational certification developed to test a candidate s ability to forensically identify security issues in United States Government information systems. It is a certification designed for forensic teams. B. Performance Model The FCSP-FS certification is broken into three components: a written exam, a hands-on exam and an essay exam. The multiple choice exam contains a 100 questions focusing on the knowledge of the following NIST guidance: o SP 800-86 Guide to Integrating Forensic Techniques into Incident Response. o SP 800-72 Guidelines on PDA Forensics o SP 800-101 Guidelines on Cell Phone Forensics The lab environment is a 10 hour evaluation of candidate s ability to run a forensic investigation against a number of targeted devices. Candidates must complete between 10-15 major tasks. The written exam is a four hour period of time where the candidate will have to put together a forensics analysis report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-ST credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-FS Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses the standards and practices identified in NIST SP 800-72, 800-86 and 800-101. E. Skills Measured See the most current version of the FCSP-Forensics Specialist Candidate Exam Guide for details on a breakdown of the skills measured on the exam. Copyright 2010-2011 FITSI 17 FCSP Performance-Based Certifications v1.0

7. FCSP- Network Defender A. Description The FCSP-Network Defender (FCSP-ND) is a defensive certification developed to test a candidate s ability to defend networks and information systems used by the United States Government. It focuses on skills and capabilities to identify remediate and correct issues real time in the protection of government information systems. B. Performance Model The FCSP-ND certification is broken into three components: a written exam, a hands-on exam and a written / essay exam. The multiple choice exam is a 100 questions focusing on the knowledge of network defense. The lab environment is a 10 hour evaluation of a candidate s ability to properly defend a network against a barrage of external and internal attacks. Candidates must complete between 10-15 major tasks. The written / essay exam is a four hour period of time where the candidate will have to put together a network defense report. A template will be provided to the student. Candidates must pass all three stages to successfully obtain the FCSP-ND credential. C. Exam Logistics The exam is a two day exam that begins at 9:00am and goes until 6:00pm on a Saturday and Sunday. The time periods are broken down as follows: Multiple choice exam - 2 hours and runs from 9:00am until 11:00am. Hands on exam 10 hours and goes from 11:00am until 6:00pm on Saturday and 9:00am-2:00pm on Sunday. Written/Essay exam 4 hours and goes from 2:00pm on Sunday to 6:00pm on Sunday. Candidates are provided all necessary equipment at the exam site. Candidates can obtain a copy of the FCSP-SCA Candidate Exam Guide for a full exam blue print at the FITSI website. D. Standards This certification uses a full range of standards and best practices across a number of NIST Special Publications and Interagency Reports. Copyright 2010-2011 FITSI 18 FCSP Performance-Based Certifications v1.0

E. Skills Measured See the most current version of the FCSP-ND Candidate Exam Guide for details on a breakdown of the skills measured on the exam. The following are the planned skills measured on the FCSP-ND exam: 1. Ability to perform a vulnerability analysis on a system a. Vulnerability analysis of an operating system b. Vulnerability analysis of a web server c. Vulnerability analysis of a database server 2. Ability to review network traffic real time looking for attack signatures a. Identify a DoS attack signature b. Identify a virus found on a system 3. Ability to remediate attacks real time by reconfiguring ACL rules on a route (Cisco device) 4. Ability to deal with an APT threat found on a system 5. Ability to identify malicious code on a system Copyright 2010-2011 FITSI 19 FCSP Performance-Based Certifications v1.0

8. Performance-Based Lab A. Overview The FCSP exams are hosted online with technology based upon cloud computing and virtualization. FITSI plans to host the necessary equipment for up to 10 exams to be conducted at one time. Because the lab environment is online exams locations can be easily established nationwide without extensive local setup requirements. The mock operational environment simulates a government agency known as the Department of Information Technology. Each candidate will be allocated a group of systems in this mock environment known as a POD. Each POD will consist of 12 virtualized systems. The systems are: 2 Domain Controllers (Windows Server 2003 ) 1 Email Server (Exchange 2003 ) 2 Web Servers (1 Apache and 1 IIS ) 1 Database Server (Oracle ) 1 Configuration Management System (SMS) 5 user Systems (Windows XP with the FDCC) The lab environment contains 3 accreditation boundaries. The three system boundaries are: 1. GlobalNet A general support system that encompasses all SBU systems on the department s network. 2. Webconnect a major information system that runs on the IIS and a local install of MS SQL Server 2005. 3. Infoshare a major information system that run on the Apache webservice and uses the Oracle server. Candidates are provided all necessary equipment at the exam site. Each exam will be broken into a separate module that will be scored at the end by a proctor who is certified by FITSI to administer the exam. Copyright 2010-2011 FITSI 20 FCSP Performance-Based Certifications v1.0

9. Overview of the FITSI Management Team The Federal IT Security Institute has a team of highly trained individuals with years of IT security, training and Federal government experience. To demonstrate the caliber of individuals that are involved in this project they are listed below with their qualifications and capabilities. A. Jim Wiggins, Executive Director Jim is the executive director of the Federal IT Security Institute (FITSI). FITSI in a nonprofit organization that provides a role-based IT security certification program targeted at the federal workforce. In 2011, the Federal Information Systems Security Educators Association (FISSEA) named him Educator of the Year for his tireless work training those who operate and defend federal information systems, as well as the impact FITSI is making in relation to the federal workforce. Jim possesses over 15 years direct experience in the design, operation, management, and auditing of information technology systems, with the past 11 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. Jim has the following IT security certifications: FITSP-M, FITSP-O, CISSP-ISSEP, CISM, CISA, CAP, SSCP, IAM, IEM, SCNA, SCNP, SCNS, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security B. Amee Devine, Chief Operating Officer Amee is a successful business woman who has run a number of training organizations and programs in her 20+ year professional career. In the 1990's she ran a successful FutureKids franchise and until 2002 she was involved with an IT training company in Northern Virginia. From 2002 to the present she's been involved in a small private boutique IT training company focusing on IT security training courses such as CISSP, Ethical hacking, Security+, etc. Amee has an MBA from Penn State. C. Maribeth Kuzmicki, Program Manager Maribeth Kuzmicki is a program manager for FITSI. She handles such programs as membership, exam delivery, and is currently working on FITSI ANSI accreditation program under the ISO 17024 standard. Maribeth has a PhD from Case Western Reserve University. Copyright 2010-2011 FITSI 21 FCSP Performance-Based Certifications v1.0

10. Overview of the FCSP Scheme Committee The Federal IT Security Institute has a team of highly trained individuals with years of IT security, training and Federal government experience. To demonstrate the caliber of individuals that are involved in this project they are listed below with their qualifications and capabilities. A. Jim Wiggins, Executive Director, FCSP Scheme Committee Jim is the executive director of the Federal IT Security Institute (FITSI). FITSI in a nonprofit organization that provides a role-based IT security certification program targeted at the federal workforce. In 2011, the Federal Information Systems Security Educators Association (FISSEA) named him Educator of the Year for his tireless work training those who operate and defend federal information systems, as well as the impact FITSI is making in relation to the federal workforce. Jim possesses over 15 years direct experience in the design, operation, management, and auditing of information technology systems, with the past 11 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. Jim has the following IT security certifications: FITSP-M, FITSP-O, CISSP-ISSEP, CISM, CISA, CAP, SSCP, IAM, IEM, SCNA, SCNP, SCNS, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security B. Jay Coplon, FCSP Scheme Committee Jay is a C&A lead for the Department of State. He is an information assurance professional implementing the NIST Certification and Accreditation domain for the past 10 years. His experience is focused in the risk management discipline where he spends a great part of his day reviewing security assessments and supporting artifacts as well as validating accreditation package documentation. Jay meets changes in federal guidance with sound interpretations that result in process improvements necessary to support his customers. Jay is currently working on the next generation implementation of C&A in support of Near Real-time Continuous C&A. Jay has the following IT security certifications: FITSP-M, CISSP, CAP, CISM and ISSPCS C. David Keyes, FCSP Scheme Committee Currently a private consultant, Mr. Keyes enjoyed a twenty-seven-year federal career in which he held multiple senior executive service (SES) leadership positions. His experience includes both interagency and intergovernmental coordination on issues including: personnel, physical, and computer security issues; special operations and crisis management; critical infrastructure protection; risk assessments, continuity of operations, and consequence and emergency management. He was selected as an Intelligence Fellow by the Director of Central Intelligence. In May 1999, the Armed Forces Electronics and Copyright 2010-2011 FITSI 22 FCSP Performance-Based Certifications v1.0

Communications Association (AFCEA) recognized him with their first annual award for excellence in critical infrastructure protection. He has provided critical infrastructure protection consulting services to the Executive Office of the President; the Departments of Energy, State, Education, Veteran Affairs, and Commerce; the National Aeronautics and Space Administration (NASA); and the Kingdom of Saudi Arabia. He has also served as a Visiting Scientist at Carnegie Mellon s Software Engineering Institute CERT CC. David has the following IT security certifications: FITSP-M, CISA, CISSP, CISM, and CAP D. Tina Kuligowski, FCSP Scheme Committee Tina has worked for the Department of State for the past 12 years as a Systems Instructor at the Foreign Service Institute in Arlington, VA., punctuated by an excursion assignment to the US Embassy in Bangkok, Thailand. In her capacity as an FSI trainer, she trained Foreign Service IT Specialist on a number of different Microsoft operating platforms. She holds a Masters Degree in Information Assurance and specializes in the development and delivery of IT security curriculum, to include ISC² Certified Authorization Professional, the well-regarded CISSP, and the fundamentals of CompTIA Security+. In addition, she has developed and taught Information Assurance courses, as adjunct faculty, on behalf of the Department s Diplomatic Security Training Center in Dunn Loring, VA. Tina has the following IT security certifications: FITSP-M, CISSP-ISSEP, ISSAP, ISSMP, CAP, CEH, MCITP:EA, MCSE: Security, Security+ E. Jim Wilson, FCSP Scheme Committee Jim is an experienced Information Assurance Professional paving new trails while setting the direction, the pace, and the mind-set to find complete solutions to the most challenging problems. Jim enables humans and technologies, with fact based science to defend, secure, and counter unwanted digital activities across and throughout enterprise environments. He specializes in Electronic Countermeasures, imaginative and creative solution. Jim has the following IT security certifications: FITSP-M, CISSP, CEH, and Security+ F. Leo Dreiger, FCSP Scheme Committee Leo owns and has operated TheSecurityMatrix.com since 1995. He has provided consulting services to many Federal clients to include The Department of State, The Department of Labor, Internal Revenue Service and the Centers for Medicaid and Medicare. Additionally, he has help thousands of IT professionals achieve their certifications and maintains an evaluation level above 90+%. Leo currently maintains www.thecodeoflearning.com online training and mentoring portal for the Information Assurance Community. Copyright 2010-2011 FITSI 23 FCSP Performance-Based Certifications v1.0

Leo has the following IT security certifications: CISSP, CEH, CHFI, CISM, and Security+ G. Pierre Colombel, FCSP Scheme Committee Pierre runs his own successful IT consulting business that is focused on Microsoft based cloud computing. He is a successful trainer teaching security courses for a number of clients. He is a high-energy, well-rounded senior consultant/trainer successful in overseeing the development and implementation of enterprise strategic visions through a balanced approach of skilled personnel, practical policy, well-defined procedures and tactical technology deployments. Leverages over 15 years of diverse industry experience and business acumen gained with start-up and mature multi-million dollar companies. Skilled at developing and maintaining customer relationships and identifying and exploiting opportunities Pierre has the following IT security certifications: CISSP, ECSA, LPT, CEH, and Security+ H. John Dunleavy, FCSP Scheme Committee John Dunleavy is the founder and President of The 3877 Group an Information Technology consulting firm. John has been providing IT support, training and consulting services for more than 25 years and provides top tier solutions for a broad range of clients and is considered an expert in network design, problem solving and information security by his peers. John focuses much of his time teaching information security related courses (CISSP, Security +, Certified Ethical Hacker) to staff at firms like Booz Allen Hamilton, TASC, Boeing, Teledyne to name a few. John s specialty is successfully resolving complex Windows and Exchange Server configuration problems. John has the following IT security certifications: CISSP, CEH, MCSE, and Security+ I. Robert Vescio, FCSP Scheme Committee Robert is the Director of Global Strategic Solutions (Managed Security Services, GRC Programs, and Hosting) for Verizon Cybertrust Security. He currently sits as the head of the Cybertrust Certification Board for the Security Management Program. Over the last eight years, he has specialized in compliance standards, essential security practices, risk modeling, and decision analysis. In his spare time, he teaches the occasional security class. Robert has the following IT security certifications: CISSP and HISP Copyright 2010-2011 FITSI 24 FCSP Performance-Based Certifications v1.0

10. Instructions for Public Comment FITSI is interested in public comment on the proposed certification program. Interested parties are asked to submit commentary by emailing responses to fcsp-draft1@fitsi.org by May 31 st, 2011. Copyright 2010-2011 FITSI 25 FCSP Performance-Based Certifications v1.0

11. Conclusion Certifications have become an important tool in measuring the knowledge, skills and abilities of individuals in all types of job roles. The FITSI certification programs (FITSP and FCSP) have been developed to help validate and demonstrate a level of knowledge of Federal workers and contractors in helping secure the nation s federal information systems. Copyright 2010-2011 FITSI 26 FCSP Performance-Based Certifications v1.0

12. Legal A number of organizations and trademarks were cited in this document. 1. Microsoft, MCSE, MCSE: Security, MCSE: Messaging, MCT, MCP, MCITP, MCITP:EA, Widows, Windows Server 2003, Exchange, Exchange 2003, and Windows XP are registered trademarks or trademark of Microsoft Corporation. 2. Cisco, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco IOS, Cisco Systems, are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. 3. Oracle is a registered trademarks or trademark of Oracle, Inc. and/or its affiliates in the U.S. and certain other countries. 4. ISC², CISSP, SSCP, ISSEP, ISSMP, ISSAP, CSSLP, and CAP are registered trademarks or trademarks of the International Information Systems Security Certification Consortium or ISC². 5. ISACA, CISA, CISM, CGEIT, are registered trademarks or trademarks of ISACA. 6. Red Hat and RHCE are registered trademarks or trademarks of Red Hat, Inc. 7. HISP is a registered trademark or trademark of the HISP Institute. 8. Ec-council, CEH, ECSA, LPT, CEI, CHFI, CIH, are registered trademarks or trademark Ec-council. 9. CompTIA, Security+, Network+ and A+ are registered trademarks or trademark of CompTIA. 10. SCNA, SCNP,SCNS are registered trademarks or trademark of the Security Certified Program corporation. 11. FITSI, FITSP, FCSP, FBK, are registered trademarks or trademarks of the Federal IT Security Institute. 12. Mandiant is a registered trademarks of the Mandiant corporation. All other trademarks mentioned in this document are the property of their respective owners. Copyright 2010-2011 FITSI 27 FCSP Performance-Based Certifications v1.0