CSSA (Certified SCADA Security Architect) passed today
AlexNguyen
Member Posts: 358 ■■■■□□□□□□
I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.
Knowledge has no value if it is not shared.
Knowledge can cure ignorance, but intelligence cannot cure stupidity.
Knowledge can cure ignorance, but intelligence cannot cure stupidity.
Comments
-
JDMurray
Admin Posts: 13,092 Admin
Congratulations on passing the CSSA exam!
SCADA is a really cool specialization to have. I wish that I had been able to get into it and ICS more when I had the chance. As it is, I can't tell a NERC from a FERC.
-
AlexNguyen
Member Posts: 358 ■■■■□□□□□□
Outside people think SCADA is cool...but there's nothing exciting about it. It's old technology. There are many SCADA systems still running for almost 30 years. There's a lot of security holes in those systems. The SCADA communication protocols (e.g. Modbus, DNP3) are 'insecured'. It's based on serial communication and now encapsulated in TCP. There's no authentication. In the SCADA security class, a guy said that you can buy a Lego Storm kit and program it to talk to a PLC via Modbus.Knowledge has no value if it is not shared.
Knowledge can cure ignorance, but intelligence cannot cure stupidity. -
JDMurray
Admin Posts: 13,092 Admin
SCADA is cool because of what it controls and how naive the security controls are. The ladder logic of the PLCs is primitive at best, but that's all ICS needs. In fact, most ICS only use SCADA as a convenience and don't need it to actually operate.
-
remilad2002
Registered Users Posts: 1 ■□□□□□□□□□
can i get the recent question and answer to the CSSA exam -
erg0n
Member Posts: 2 ■□□□□□□□□□
congrats! I'm also in the SCADA industry but on the vendor side of things specifically in the Oil and Gas sector, but work with clients in water, electricity and traffic. I'm from Montreal as well, but have since relocated to Houston
-
ugur5253
Registered Users Posts: 1 ■□□□□□□□□□
AlexNguyen wrote: »I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.
Hello Alex;
How was the exam questions ? How did you work on exam ?
Can you please answer ? -
NovaHax
Member Posts: 502 ■■■■□□□□□□
Hello Alex;
How did you work on exam ?
Alex...I second this one... What material did you use for studying/preparing for the exam? Thanks
-
dustervoice
Member Posts: 877 ■■■■□□□□□□
Congrats on the pass - I would also like to see what materials was used.
Yes please let us know what material you used to prepare. Thanks
