What requirements must I meet to become a CERT-Certified Computer Security Incident Handler?
Submission of the Certification Application package, including
completed Certification Application, accompanied by a current resume and signed Code of Professional Conduct form
completed Certification Recommendation Form signed by your current manager
Successful completion of the application review by the SEI
Passing score on the qualification examination as administered by the SEI
What courses are available to prepare me for the CSIH exam? SEI CERT provides training programs to support the needs of civilian, military, and contract personnel who handle information assurance for networks and systems. The SEI CERT Virtual Training Environment provides online courses that support several certification programs, as well as development of core information assurance and security based skills. Completion of one or more of these courses may help individuals to prepare for various certification programs or exams, but course completion does not guarantee successful completion of the SEI CERT CSIH examination or any other certification examination.
How long do I have to take the examination after approval of the application and submission of the appropriate fees? You have 12 months to complete the exam before a new application must be submitted. The 12 month window begins when the candidacy approval email is sent from the SEI. The SEI will refund the examination fee upon written request from the candidate.
What types of professional experience meets the criteria for application? We are looking for security professionals who have experience in various tasks and processes related to computer security incident management activities. Incident management processes include preparing for, detecting, analyzing, and responding to computer security events and incidents. This includes steps taken to contain or prevent threats and incidents from spreading throughout systems and networks. Experience in incident management can cover a wide spectrum of tasks, including the initial detection or reporting of a security event or incident, the categorization or prioritization of reports, analyzing incidents and events, determining the appropriate response strategies, performing the actual response, resolving the incident, communicating with appropriate individuals throughout the process, and documenting or recording actions taken.
Specific experience would include, for example
Activities involved in operating and/or managing a CSIRT, or working in a security operations center or network operations center
Teaching courses in incident, vulnerability, or artifact handling
Taking action to protect systems and networks affected or threatened by intruder activity (such as filtering network traffic, patching or repairing systems, and rebuilding systems)
Collecting evidence (following established rules of evidence)
Performing computer forensic analysis on compromised systems (following established rules of evidence)
Performing artifact analysis or malicious code analysis
Analyzing networks and systems to look for security weaknesses, anomalous activity, or intruder activity
Providing solutions, mitigation strategies, or work-arounds through hands-on assistance or via alerts, bulletins, advisories, technical documentation, web sites, phone calls, emails, or other dissemination mechanisms
Coordinating response efforts and incident data exchanges
Coordinating and collaborating with management, legal, law enforcement, and other internal or external organizations
Coordinating communications with stakeholders involved in computer security events and incidents such as affected individuals, management, and other internal or external organizations
What is the fee to take the examination to become certified? A fee
of $499 (USD) is required from all applicants. The exam can be purchased on our testing services portal. For information on registering for the exam, please see the exam information webpage.
How do I submit my Certification Application? Once you have completed your application package, send the application, and all supporting documents to the following address via any of the following methods: • Email a scanned or digitally signed version to: email@example.com • Fax: 412-268-5758, Attention SEI Certifications, CSIH • Postal Service: Software Engineering Institute SEI Certification Program Manager 4500 5th Ave Pittsburgh PA 15213 USA We strongly recommend that you keep copies of all materials you submit to the Software Engineering Institute for the duration of the application process.
How do I submit my manager's recommendation? Your recommendation form must be submitted in a sealed envelope, signed by the recommender across the seal, and mailed to the address below by you or the recommender: Software Engineering Institute Carnegie Mellon University Attn: SEI Certification Program Manager 4500 5th Avenue Pittsburgh, PA 15213
How much time will there be between when I submit my application for certification and when I hear from the SEI Certification Program Manager? You will hear from the SEI Certification Program Manager approximately 2-6 weeks after we receive and process your completed application package. The SEI Certification Program Manager will review your application materials for completeness. At that point, one of the following will occur:
If you meet the experience requirements, the SEI Certification Program Manager will approve the application and contact you to make arrangements for the certification examination.
If you have not met the requirements, the SEI Certification Program Manager will notify you with the specific steps that you must take to meet the requirements and complete the application process.
What if I do not qualify to take the certification examination? The SEI Certification Program Manager will provide you with the gaps identified from your application documentation.
When is the certification examination offered? Administration of the certification examination is available from approved testing centers throughout the world. Proceed to the testing services portal, create a personal account and schedule a day and time at the location of your choice.
Where can I take the certification examination? The certification examination can be taken at the SEI offices located in Pittsburgh, Pennsylvania, in Arlington, Virginia, and in Frankfurt, Germany, as well as at through SEI testing network locations or in written format at selected conferences and events. For information on registering for the exam, please see the exam information webpage.
What types of identification are required to enter the examination facility? Candidates will need to present two forms of identification to be admitted into the examination facility. At least one form of identification must have a picture and a signature (driver's license, passport). State or government issued identifications are valid with photograph. Candidates who do not have the required identification will not be allowed to take the examination.
How many attempts can I make to pass the certification examination? If you do not pass the certification examination on the first attempt, you may retake the examination up to two (2) additional times within twelve (12) months of the initial attempt. All retakes have the same exam fee as the initial attempt. After two retakes or 12 months from your initial attempt, you must reapply to retake the examination. Once you reapply, you are then permitted to take the examination up to two additional times under the following terms:
Each successive time you want to retake the examination, you must pay an additional $150 (US) examination fee.
For these subsequent requests to retake the examination, you do not need to submit a new certification application package with your payment of the $150 (US) examination fee each time.
If you do not pass the examination after these subsequent attempts, you are required to wait two years and show evidence of further incident handling and/or security experience and knowledge before you can reapply again.
How much time is allowed to complete the exam? Two (2) hours are allotted for an individual to complete the CSIH Certification examination
How long is the certification valid? The certification is valid for three (3) years after the award date, after which it will expire. The certification may be renewed by applying for CSIH Certification Renewal. The application fee for renewal is $150 (USD).
What are the requirements for renewing my certification? Renewal involves: a. Obtaining continuing education or professional experience, as measured by Professional Development Units (PDUs) earned by participating in qualifying events equal to 60 PDUs. Qualifying events must be relevant to the practice of Computer Security Incident Management. Additional qualifying events are explained on the CSIH Certification Renewal page. b. submission of a $150 (USD) certification renewal fee
What are Professional Development Units (PDUs)? A Professional Development Unit (PDU) is a measuring unit used to quantify learning and development activities. One (1) PDU can be earned for every one (1) hour spent in a planned structured experience or activity as approved by the SEI. Additional information about PDUs is available on the Certification Renewal page.
I have a few additional questions about the program how may I submit them? For more information about the Computer Security Incident Handler certification program, please see the CERT-Certified Computer Security Incident Handler page. You can also request additional information by contacting the SEI Certification Program Manager via one of these methods: a. Email: firstname.lastname@example.org b. Telephone: +1 412-268-5800