8570 and Security+

john.m.jones123

At wits end trying to break the code on this... I'm an ISSM overseas in Korea and most of our service members are only here for one year. Getting them Security+ certified in order to have admin credentials is killing us over here. A recent (and previous) MTT provided course resulted in about a 10% pass rate. Has anyone else broken the code on getting young 1st term service members certified on Sec+? We've tried internal training, provided material and study videos, MTT classes and still consitently have a low pass rate, it appears this is across the Theater, not just in our organization. Has anyone had luck with the other IATII exams (GSEC, SSCP, etc)... Any thoughts?

Find more posts tagged with

Comments

cyberguypr

I they can't pass Sec+ I highly doubt they can do GSEC or SSCP.

thomas_

I hate to say it, but make life painful if they don't have Security+.

Kalabaster

Negative, tangible, real consequences are how you get 1st term service members "motivated" for compliance issues you may be having. Force a certain amount of remedial training hours as a sort of "extra duty" that needs to be logged and signed by supervisors is how I've seen it most consistently applied.

It never ceases to amaze me how resistant 1st termers can be to things that would ultimately help them. It's like they are allergic to forward progress, especially in regards to training and education.

Archon

Threaten to send them to the camps north of the boarder if they don't pass

Stiffmeister

I'm not a fan of 8570. I think the material is great but the certification test is very nit picky. All that money shelled out for boot camps and tests with only a 10% pass rate?

Obviously withholding promotion would be a factor for first termers. Unfortunately, it's not fair because you can be a cook...be paid the exact same...and skate through your enlistment.

My complaint with Security+ was seeing our unit pay for boot camps and the test. Perhaps a DoD test would be fine and instead of forking all the money to CompTIA. I was the first in our unit to take the test in 2009 because I was a civilian contractor on the SIPRnet (aka decent pay as motivation).

thomas_

I like everything Kalabaster said. I do have a few additional thoughts.

What are the benefits of them not getting Security+ qualified and thus not having an admin account? Are they not on call? Do they not have to come in after hours or stay late to do things that require the admin accounts? If this is the case I could see why they wouldn't want to pass. In this case I would make them come in with the on-call guy so they have to still feel the pain even though they don't have the admin account.

Are they able to use Tuition Assistance without getting Security+? If so, I would try to get a policy implemented that they can't use it until after they're qualified(if it's legal and inline with policy/regulations to do that.)

Is it possible to reward the people that do pass and have admin accounts? Can you let them go home early every once in a while? Have them not have to clean up, take out the trash or any other sort of manual labor? In addition to using a cattle prod to motivate, giving them a little carrot to look forward to could help.

john.m.jones123

Lot's of great input... In my situation, the NCO's are in charge of them, but not really enforcing 8570 as a standard... because it's not an MOS qualifier, they are not putting the correct emphasis on it... As a civilian, I manage all the other civilians and they are above and beyond qualified (most have 4-5 certs)... The breakdown is the NCO's need to be doing all mentioned above, but unfortunately, I'm not in their chain of command/responsibility... I could have my civilians not use their credentials, but would result in mission failure and puts us all in a catch 22... I may have to in the end though... thanks for the recommendations!

fmitawaps

If you have CCNA Security, is that good enough for the 8570 standards, then you don't even need to bother with the Security+ at all?

thomas_

fmitawaps wrote: »

If you have CCNA Security, is that good enough for the 8570 standards, then you don't even need to bother with the Security+ at all?

IAT Level 1 and 2 it's good enough. IAM Level 1, it's not.

http://iase.disa.mil/iawip/Pages/iabaseline.aspx

fmitawaps

That list makes it seem like at some point a Security+ is better than CCNA Security? Only a government agency could come to that conclusion!

And that CE - continuing education thing, is that a different addon to Security+, or are all Security+'s the CE version?

Kalabaster

All new Sec+ earners are now enrolled into Sec+ CE instead. Meaning, basically, that they are automatically enrolled in their program that now leverages the use of CE credits and maintenance fees to keep the certification, instead of forcing retakes of the same or higher level CompTIA certifications to maintain certification.

thomas_

Basically, I believe around 2011, CompTIA started transitioning to the CE model. There was huge outcry against CompTIA who had previously stated the certs were good for life. CompTIA decided to compromise and say that if you got the cert before the deadline it was "Good For Life" and they wouldn't say those certs were now invalid, so those certholders can list the cert on their resume(not the CE part). Which brings us to the CE part. After that cutoff date you have to renew the cert every 3 years or do Continuing Education(CE). This is relevant because if you were a "Good For Life" certification holder that wouldn't fulfill the 8570 requirements.

Eston21

As a prior service member I wonder if you have spoken with your squadron's training manager? They may have some ideas that you may not have thought about. Honestly if these airman they can pass their CDCs then Security+ should be a piece of cake.

Throls

You are blaming the wrong party for this problem. When 8570 dropped it was designed to ensure those with admin privileges worked from a security oriented mindset. Basically it was designed to avoid a Snowden type incident. It originally did that. One could study the Sec+ 101 exam for a few hours a night for a couple of weeks and reliably pass the exam. From there with reinforcement from your SSO you applied what you studied. It was a wonderful system.

My how things have changed! What was once a do-it yourself process has morphed into a multimillion dollar industry. Guys like Myers, Messer, and Gibson have made bank on writing books, releasing videos, and practice tests. While organizations like CompTIA cash in on voucher and CEU fees.

So, how do you keep the industry going? Make the test harder. Use ambiguous language, make the questions "scenario based", and toss in some clunky simulations. If people complain tell them they need more hands-on experience or my favorite "try harder." Everyone wins. CompTIA makes more in retake fees, testing centers make out peddling boot camps, and the gurus of the industry release revised versions of their books. All of this is reinforced by the crab mentality of cert holders which views passing these exams as a badge of honor when instead they should be advocating for improvements so those behind them have a better experience.

No one really gets hurt from all of this since Uncle Sugar is paying the bill. He covers those study guides, boot camps, and exam fees. Can't pass? No worries cause he will pay for whatever you need to continue trying.

A 90% in theater fail rate? Punish those lazy airmen! It has to be their fault.

Kalabaster

One could study the Sec+ 101 exam for a few hours a night for a couple of weeks and reliably pass the exam. From there with reinforcement from your SSO you applied what you studied. It was a wonderful system.

To be fair, you can still do this. I and many of my colleagues have done so recently...

Throls

Kalabaster wrote: »

To be fair, you can still do this. I and many of my colleagues have done so recently...

You are a CISSP holder. I would hope you could pass Sec+.

Kalabaster

Security+ was the first certification I ever got.

ultm8mind

Is the CCNA Security an easier test?

Kalabaster

ultm8mind wrote: »

Is the CCNA Security an easier test?

No, it is much more difficult than Sec+

ultm8mind

Sec+ it is then, haha

NavyMooseCCNA

I am in the middle of studying for my Security+ and I had been looking at taking the SSCP exam. It doesn't look like the DoD places much worth on the exam and none at all on the CCFP, which is on my list of certifications to take. I was in the defense industry for several years and would like to get back into it.

Kalabaster

Finish your Sec+, get your foot in a door, then pursue your CEH and CISSP in the order you like, knowing the CEH is a bit easier. Bingo, Bango, you are 8570 compliant for all the things (ish)