While the claim of global warming continues to be debated, there is no disagreement regarding the red-hot demand for skilled IT security professionals. With dozens of sponsoring organizations offering hundreds of security-related certs, there seems to be something for everyone at every skill level.
The Certification Magazine team recently made a contact with the folks at the Federal IT Security Institute (FITSI) who manage and administer the Federal IT Security Professional (FITSP) certification program designed to train federal IT security workers. To get a better handle on FITSI and their certs, we exchanged e-mails with executive director Jim Wiggins. Here's what we found out:
What exactly is The Federal IT Security Institute (FITSI) and how long have you been around?
The Federal IT Security Institute (FITSI) is a non-profit organization managing and administering the Federal IT Security Professional (FITSP) certification program that contains four individual IT security certifications targeted at the Federal workforce based upon role. FITSI was established in November of 2009, so we've been operational for a little more than 7 years.
How important is it that the Federal Government have skilled IT professionals on board?
Today's Federal IT environment is a complex puzzle of people, processes and technologies. To protect and defend this environment, federal departments and agencies need to have a workforce with the appropriate knowledge, skills and abilities to meet the federal requirements of cyber and IT.
Security is certainly the word of the day, and there are plenty of security-related certs available. Why are yours needed? How are they different? Why did you create them? What need(s) did you identify?
The FITSP program is role-based and measures candidates based on standards and guidelines promulgated by the National Institute of Standards and Technology (NIST) and other relevant Federal laws, statutes and regulations. Collectively, these Federal resources comprise a special Federal Body of Knowledge (FBK) for the Federal IT security workforce.
FITSP certification holders demonstrate an in-depth knowledge of Federal IT security management, operational, and technical control requirements as identified in the FBK and the best means by which to ensure their proper installation and operation. The FBK is broken into 6 domains:
- NIST Special Publications
- NIST Federal Information Processing Standards
- NIST Control Families
- Government Laws and Regulations
- NIST Risk Management Framework
- NIST Interagency Reports
What are the four security certs you offer?
These certifications/roles are: FITSP-Auditor, FITSP-Designer, FITSP-Manager and FITSP-Operator. FITSI's mission is "To help secure the Nation's Federal Information Systems by certifying that Federal Workforce members understand and can apply appropriate Federal IT security standards."
What are your certifications designed to authenticate?
With the FITSP program, military, civilian, and contractor personnel demonstrate their understanding of the requirements and security controls necessary to protect and defend Federal information systems. This is accomplished by demonstrating competency with the Federal Body of Knowledge (FBK) and provides a way that the knowledge, skills and abilities acquired through other security certifications can be applied to the FITSP program.
Our program is not a replacement for other certification programs but rather an extension for those who wish to demonstrate an ability to work with these Federal IT security requirements.
What are some IT security challenges to keep in mind when working for the Government?
The Federal government has an extensive set of requirements that must be followed to properly protect and defend Federal information systems. In 2002 Congress passed the Federal Information Security Management Act (FISMA) which helped formalize these requirements, and in 2014, Congress passed the Federal Information Security Modernization Act which updated those requirements.
Federal security requirements are constantly being shaped by Congress, the Office of Management and Budget (OMB), Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST). Keeping up with all of this can be challenging for IT security professionals.
The Departments of State and Homeland Security have both approved your certifications for their employees. How difficult was it to obtain those approvals?
The Department of State and Homeland Security both have "Skills Incentive Programs" (SIP) that are used to attract and retain IT and cyber talent. FITSI certified professionals realized the benefit of the program in the government, applied to both agencies and had to provide detailed information of the FITSP program to be considered and accepted into their respective SIP programs.
Describe FITSI's vetting process. How do you determine whether a new cert program will actually provide certificate holders with the skills needed to deliver effective, efficient solutions in the workplace?
The FITSP certification program is a specialized program designed for those in the Federal government who have "significant security responsibilities." FITSP certifications are aligned directly to the requirements used in U.S. government information systems in civilian, defense and intelligence community Departments and Agencies.
Your certifications focus on IT professionals working for or with the U.S Government. Do they also readily transfer into the private sector?
Anyone who uses NIST guidance to protect their information systems could potentially benefit from the FITSP certification program. We're seeing interest from State and local municipalities who tend to follow NIST guidance and standards. IT security professionals in these environments are good candidates for the FITSP program beyond those that directly support the Federal government.
What sort of IT pros will benefit from FITSI certifications?
The four FITSP certification designations - Auditor, Designer, Manager, and Operator - represent certification roles from the FBK that are specifically tailored to fit the job requirements of every person in the Federal workforce with "significant IT security responsibilities." Military, civilian, and contractor personnel supporting the Federal government in an IT/cyber role are ideal candidates and can benefit from FITSI certifications.
Any prerequisites to pursuing FITSI certifications?
Candidates are required to have 5 years of full-time experience working in information security. Optionally, a candidate may waive some of this experience with one of several industry IT security certifications and/or a bachelor's and/or master's degree in information technology or information assurance from an accredited college.
Any recertification requirements?
Certification is good for 3 years and candidates must earn 60 CPEs over the 3-year cycle and pay a $45 annual maintenance fee. If the CPEs are earned and the annual fee is kept current during the original 3 years, the certification is automatically renewed for another 3 years.
Any authorized training partners? What sort of training materials and instruction are available for those pursuing FITSP certification?
Currently, our authorized training partners include: PhoenixTS, Knowlogy, SecureNinja and Securible, LLC. FITSI has partnered with 30bird Media as the exclusive authorized content provider for the FITSP certification program. Interested candidates can purchase FITSI authorized courseware from 30Bird Media at their website.