Federal IT Security Professional?

SephStorm · June 2010

Anyone familiar with this line of certs? http://www.fitsi.org/

colemic · June 2010

never heard of 'em.

Welcome to FITSI - the Federal IT Security Institute!

Site says they are pursuing ISO/IEC 17024 for the FITSP program. You can grandfather in for $395, but read the fine print, you pay up front, and no mention of ever getting your $ back if you are not accepted.

Other than that, I don't know... wouldn't hurt, I guess, but would probably become a closet cert. I don't see it ever breaking into 8570.

veritas_libertas · June 2010

I did a Monster.com search and got zero hits on it. That is what I usually use to judge whether or not to go after a certification.

colemic · June 2010

btw they don't do anything except their certs (unlike ISACA, ISC2, etc.)

JDMurray · June 2010

A cert needs to be ISO/IEC 17024 before it is included in 8570.01. This is why you don't see any Microsoft or Cisco certs currently listed.

JDMurray · June 2010

colemic wrote: »

btw they don't do anything except their certs (unlike ISACA, ISC2, etc.)

What does CompTIA and EC-Council do besides their certs?

colemic · June 2010

I have no idea, that's why I didn't list them.

jgiambr · July 2010

I hate to be pessimistic but I would wait before you hand over money to these guys. There are plenty of places on the net that promise a glorious cert only to find it is not worth a damn. They are charging alot and it is not real brand name to speak of. It is a good idea to certify people on NIST pubs and all rules in regs in Federal work but I am not convinced they are legit. It's just some private company trying to to become giant cert company like ISC2 and Comptia. They say they are non-profit but I have my doubts. Hope I am wrong. Keep an eye on them and see if there is any traction to their name in a few years.

SephStorm · July 2010

all good advice. It sounds flashy, but it would seem thats about it.

JimW · July 2010

Hi guys,

A couple of points. The grandfathering fee for the FITSP is only applicable if a candidate's application is accepted. However, the requirements are a minimum of five years working for a federal agency or department in an IT security or IA role. We're not going to take someone's money if they don't meet the requirements.

Also, if you you know your NIST and government regulations we are offering 500 exam vouchers for free. The only caveat is we have candidates join the non-profit as a member for a $45 yearly fee. These fees are used to help market and grow the program. You can get exam guides that cover the FBK on our website. Here's the link: Study Resources

The ISO 17024 is a pre-cursor for getting on the 8570 so we are working in that direction.

We are very new and we realize that it will take time to achieve market acceptance. This program is our attempt at making a positive impact on cyber security in the federal government.

SephStorm · July 2010

Hi Jim, a question.

It seems at if your certs are simply testing knowledge of NIST and gov regulations, is that the case?

JimW · July 2010

Hi StephStorm,

Yes we are focused entire on the federal regulations, statues, standards and best practices used by the federal government. We are not attempting to compete with other well established and respected security certification program.
In fact we really see that the FITSP certification provides a framework within which the holders of other IT security certifications can extend their knowledge and experience to specialize in the federal IT security space.
If you download our guides you'll see that we have put together a pretty comprehensive list of federal requirements. Are they perfect? No, but our guides will mature as the program grows. In fact we are asking our members to provide commentary each year on how to make the Federal Body of Knowledge as used by the FITSP program better.
Also, with the recent release of SP 800-53 Rev3, 800-37Rev1, and 800-53a Rev1, there is a harmonization effort in the federal government to bring all the different communities (civil, defense, IC), under one umbrella.
Hope this helps...

SephStorm · July 2010

ok, thank you very much.

bellaafsec · September 2010

SephStorm,
I just recently received the FITSP-M certification last week. One of the deciding factors I used while researching its true value was if other security professionals were getting it too and there are! That let me know, this certification is hot! Not only that, I started seeing jobs here and there that required it in lieu of the CISSP. My current employer does not offer an education benefit for me to afford the thousands of dollars it costs to maintain the 120CPEs for the CISSP which is the only reason why I dont have it. So this FITSP was a blessing alternative because it is lower cost to maintain. You dont see it on 8570 yet because it just came out like this past March or April. But who's to say its not in progress?

I like this certification because it is cheaper to maintain than the CISSP, it is highly specialized, and actually based on federal security experience which everyone doesnt have. With the exception of 1 year off, that is my entire IT career background. I also had years of experience with C&A and the NIST controls but had no actual certification instrument that addressed those arenas specifically to prove it, along with my management skills, all wrapped up into my security experience that was current (other than a B.S. degree pursing a M.S). To put a cherry on top, it is strictly for Federal security. Now this might not mean anything to you because you are Army. But Corporate American types with zero federal security experience will have a different experience in trying to understand how to apply federal security control requirements to information systems. But those of us accustomed to DoD and Federal regs and policies, we are used to applying that specifically indecipherable, vague jargon everyday without skipping a beat.

This certification is such a big deal with everything going on in cyber security in the federal sector but because it's new and alot of people dont understand NIST, FIPS, etc, they dismiss it's value. Dont dismiss things that you dont know. Research!

Its funny. I had been telling my coworkers that I used to be a manager for many years before giving it all up for my current security position. Now that I have that -M manager identifier all of a sudden, it becomes clearer seen in black and white. I wouldve thought my degree addressed that. hmm. I am SO psyched about my FITSP-M cert!

veritas_libertas · September 2010

Uh, no offense but you sound like a salesman.

This certification may eventually be worth achieving, but I'm not yet convinced.

SephStorm · September 2010

JDMurray wrote: »

What does CompTIA and EC-Council do besides their certs?

got a smart ass answer for you JD.

CompTIA and EC-Council are bot community sponsors, they "advance the industry".

And EC-Council has it's "University".

0wned.

Moult001 · September 2010

CCCure is really pushing this cert. I agree something that highlights US Federal policy is definitely needed, but like everyone else here I haven't bought into this completely yet either.

Are any Federal Agencies recognizing this yet? How long before ISO 17024 is approved?

JimW · September 2010

Moult001,

Healthy scepticism is not a bad thing. I am involved directly in FITSI so I'll attempt to answer your questions.

The ANSI/ISO/IEC 17024 process is expected to take 12-18 months. I hesitate to put a firm date on when this will be achieved only because there are so many pieces and as a new organiation we have a tremendous amount of work to do to comply with the standard. But I can tell you it is one of our major objectives as it will facilitate the type of recognition and credibility in the market place you are currently concerned with.

With ANSI accreditation under the ISO 17024 standard we'll be able to pursure inclusion on the DoD 8570 and at that point approach other government agencies.

Given our debut this past march I'm pretty happy with our progress. It may not fast enough for some but based upon the comments I hear from our members I know we're on the right track.

Thanks,

Jim Wiggins

JimW · September 2010

Hi veritas_libertas,

FITSI definetly has some enthusiastic members. No sales force however...

Thanks,

Jim Wiggins

bellaafsec · September 2010

Im flattered because Im actually the worse salesperson ever. Im simply talking about what it has done for me. I wasnt trying to convince anybody to go out and get it. Thats not my job. This cert isnt even FOR everybody. You need to ask yourself what your goal is for your career. This might not be for you.

John.Feist · November 2010

I applaud the direction that FITSI has taken. There is a genuine need for a Federal credential process. For those who are actively, or plan to be, involved with Federal programs this has been long awaited. No, I am not a sales person, just someone that has been in this business a very long time. Thank you, Clement for bringing this certification process to light. Hopefully with a little patience and participation, we be part of the solution toward a meaningful process.

colemic · November 2010

I got a mass email message from Clement yesterday, they have opened up the grandfathering process.

cabrillo24 · November 2010

Not interested in any certifications you can "grandfather" into. Just a way to get cert happy professionals to legitimize their new certification and get it rolling but not necessarily offering any immediate return on investment. Your money is better served on other more established certifications that offer a return on investment, unless you just want more certifications listed on your resume.

I grandfathered into several of the ETA-I certifications about 3-4 years ago, let them all expire. Didn't even mention them on resumes. Last thing you want to explain is "I paid a fee and grandfathered into it and got my certification in the mail!"

drk1980 · November 2010

veritas_libertas wrote: »

I did a Monster.com search and got zero hits on it. That is what I usually use to judge whether or not to go after a certification.

i think someone's been reading "Secrets and lies" for too long now

... no offense meant

veritas_libertas · November 2010

drk1980 wrote: »

i think someone's been reading "Secrets and lies" for too long now ... no offense meant

I don't see how that is relevant.

instant000 · February 2013

I was thinking about this thing today (saw it in someone's signature, so decided to see what it was)

I get 0 hits for FITSP across monster and careerbuilder. Dice "auto-corrected" it to "fits" ... *mutters*

All the exams are in VA, so not likely to ever take it.

I did request for the materials though. I've read through FISMA, OMB Circular, Presidential Directive, NIST, etc. docs already though (kinda have to working with the feds). .... Just seeing what materials they have.

If I have to pay, then I guess I won't be able to review the guides.

Humbe · February 2013

Never heard of such certification.

Psyco32 · February 2013

I'm guessing that the majority of people that have never heard of FITSI don't live or work in the DC/VA area. These certifications deal primarilly with your knowledge of federal/commercial policies and issuances (Think along the lines of ICD 503, DCID 6/3, SP 800-37, etc...) and how they are applied in a federal/government/military IT enviroment. BTW, a great reference to federal policies if you are thinking about taking one of thier certs or the CISSP-ISSEP is: CSIAC - Information Assurance

instant000 · June 2013

I'm revisiting this post because I got an e-mail offering a free test on June 29 to anyone who signs up for a membership.

Dear CCCure Members,
The Federal IT Security Institute (FITSI) is offering a unique opportunity. Our upcoming exam on June 29th in Arlington, VA is free to candidates who use the promo code FITSP2013 during registration.

*Candidates are required to join FITSI as a member for one year at $45/yr and use promo code FITSP2013 during registration. The promo code is good only for this June 29th exam date.

Candidates can request study resources for any of the four certification roles at the FITSI website.

Click on the big red button labeled "Register" to the right to register for the June 29th, 2013 exam event.

There are a few reasons not many people have heard of it:

1. Not everyone is in the area where the tests are given
2. It is not on DoD 8570.
3. Job descriptions do not ask for it.

I have been working off and on with DoD since Y2K.

I checked a few search engines today, to see where any jobs asking for FITSP are hiding

monster: 1 hit
careerbuilder: 1 hit
dice: 2 hits
isaca.org: 7 hits

Oh well, hope this helps someone.

Federal IT Security Professional?

Comments