US DoD Embraces Hacker Certification to Protect US Interests

JDMurray

Look like the CEH is being added to DoD Directive 8570.01.

United States Department of Defense Embraces Hacker Certification to Protect US Interests - Free-Press-Release.com

veritas_libertas

JDMurray wrote: »

Look like the CEH is being added to DoD Directive 8570.01.

United States Department of Defense Embraces Hacker Certification to Protect US Interests - Free-Press-Release.com

Yeah I saw that earlier today JD. Should be interesting to see how that affects its popularity.

Bl8ckr0uter

JDMurray wrote: »

Look like the CEH is being added to DoD Directive 8570.01.

United States Department of Defense Embraces Hacker Certification to Protect US Interests - Free-Press-Release.com

Saw this on ethical hacker. That is pretty cool...

down77

I have a feeling that in the next few months you will see requests for CEH start to spike on sites like dice and career builder.

chrisone

Well this bit of news has this cert in my radar now.

JDMurray

It looks like CEH along with (ISC)2's CAP has just been added to the 8570.01 cert list: http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

It also looks like MCSA:Security cert has been taken off the list. I wonder if Microsoft had problems during the ISO 17024 certification process.

dynamik

Odd that they don't have the GPEN with all the other GIAC certs. That is a much better pen testing/ethical hacking cert than the CEH.

Mrock4

Very cool. Might be worth a second look sometime in the near future.

rage_hog

After being laid off for 7 months, all the sudden I am in demand again. My future is looking a whole lot brighter. Thanks for the tip JD.

carboncopy

Great news!

JDMurray

Now the Change 2 revision that added CEH has disappeared from the 8570.01-M document. If this is a precursor to releasing a new rev of 8570.01 then I've some 'splain'in to do in my blog article.

novovictus

Does anyone know why DoD 8570 Rev2 that is supposed to have the CEH listed for CNDs is no longer posted on IASE? It appears as if the "Exam 70-699: Windows Server 2003, MCSA Security Specialization Skills Update" is also missing....

JDMurray

I'm checking into why the latest update to 8570.01-M that added the CEH seems to have been rolled back. I do have an answer from the DIAP Cybersecurity/IA Workforce Improvement Program as to why the MCSA has gone missing from 8570.01:

The MCSA was never an approved baseline certification in the DoD 8570.01-M.
It was considered when we drafted Change 1 but was not approved by the DoD IA
WIP Certification Committee. The Committee represents each of the Services,
NSA, and DISA as well as other key organizations within the DoD. The
Committee voted not to include the MCSE in the Manual because it did not
support the "DoD baseline" security requirement since it is focused on a
specific system. The Manual does include a requirement to obtain a "Computing
Environment" certification. See Table C3.T1. "IA Technical Workforce
Requirements".

So while MCSA has not been included in the Manual as a baseline certification,
if a DoD Organization is using the Microsoft Operating System, then those
Information Assurance Technicians should also get the MCSA in addition to the
appropriate baseline certification. The idea is to have the basic
understanding of IA from the baseline certification from the Certification
Table at AP3.T1. along with the operating system certification to know how to
apply those security principles to their particular system.

novovictus

Here is the response received from Steven Graham at Ec-Council:

"There was a temporary "re-staffing" of the directive. They republished Change 1 in the mean time. Change 2 with the updated chart will refer to all CND positions as CND-SP, it was simply a classification change that was required by the Pentagon press Office. Change 2 is still in effect, and published on CAC access sites all over."

JDMurray

It sure would be nice to have a link to the offical distribution point of 8570.01-M Change 2. It should be here, but it's not.

novovictus

As long as you possess a DoD issued 'Common Access Card' you do have access to official IA distribution points.

JDMurray

OK, I just got the "official word" from DIAP:

We had Change 2 ready to go and in fact was posted for a few days but then it was pulled back for "administrative" reasons. Those administrative issues have been resolved and it is now in final review by the "admin experts" for DoD. We hope to have it signed by the end of April. CEH is still in the approved certification list for the CND-SPs.

So CEH is still on list.

And seeing as how the previously released 8570.01-M Change 2 document has been pulled, if it is still in distribution anywhere then the manager of the responsible content management system should be notified.

rage_hog

After a solid review, it should be noted that the CEH is only for the IA track. 8570.01-M only refers to the 2210 series as "Information Assurance" Positions. However, while a part of 2210, IA has a separate track from the rest of 2210. The chart visually defines this.

JDMurray

The 8570.01 chart has been updated with the CEH and the Change 2 document is available here.

wastedtime

I still find it odd that the only copy of version 2 is on the army atc website and not posted on a dtic or disa website.

JDMurray

From what I understand, the Change 2 document was withdrawn within a few days of it being released for additions/corrects and re-approvals. The document management systems of all the different DoD departments are not unified under a single change control system, so the original Change 2 document was removed from some, but still remains in others. It's either failure to receive notification of the document's obsolescence, or sloppy content management that has failed to remove it.

wastedtime

Looks like it might be official now. You can get it from http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf. Also they added a table in there called "Summary of IA Workforce Requirements" which gives more information about the requirements for people holding those positions.

JDMurray

Yes, good find. It's not final yet, but the April 20, 2010 date means it's the latest. And the workforce requirements are very interesting. Requirements for both formal training and a deadline for getting the required cert after getting the IA position. I assume the liberal use of "normally" and "usually" means that the given experience levels are suggested guidelines and not hard requirements.

wastedtime

JDMurray wrote: »

I assume the liberal use of "normally" and "usually" means that the given experience levels are suggested guidelines and not hard requirements.

At least on the military side of the house those positions could be filled by people straight out of Initial Entry Training (IET) or by people who have recently received their job specialty (MOS or what ever a particular branch calls it).

TrainingDaze

I like how GSE is just lumped in with all of the other IAT Level III certs.