1 / 15

Training Certification of the Army s Cyber Workforce

Track 1, Session 6 Training and Certification of the Army's Cyber Workforce. PURPOSE: To present and discuss Army Information Assurance Training and Certifications initiatives.?OBJECTIVES: By the end of this brief you will be able to: ? (list of take-aways from this session)A - Understand

adie
Download Presentation

Training Certification of the Army s Cyber Workforce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Rule: Follow the exact same format in this slide template. Indicate your rank/title, first, last name, office symbol, AKO email address, office phone number.Rule: Follow the exact same format in this slide template. Indicate your rank/title, first, last name, office symbol, AKO email address, office phone number.

    3. IA Training Best Business Practice Defines Information Assurance Technical Levels specified in DOD 8570.1 Manual: IAT1:System Administrator (SA)/ Network Manager (NM), Network Officer (NO) Limited privileged access IATII: System Administrator (SA)/ Network Manager (NM), Network Officer (NO) Privileged access IATIII: Regional Chief Information Officer/DOIM/MACOM/IMA SA/NM/NO. Privileged access Our first step in implementing the DoD directive was to establish an IA training and certification BBP. It was initially published in October 2005, and updated several times. The latest version is 9 March 2007. It can be downloaded from AKO. This BBP outlines the IA positions in the technical area as you see on this slide. The level one would be an office/computing environment area, a level two would perform the functions for an installation/network environment, and a level 3 would perform the functions for an enterprise/enclave level. The actual DoD document has a list of the functions that fit each category, it can read and downloaded from iase.disa.mil (dod 8570.1M). For the technical area – determining if the individual has privileged access is the first step. Then they IAM or supervisor works with the individual to figure out which level is appropriate.Our first step in implementing the DoD directive was to establish an IA training and certification BBP. It was initially published in October 2005, and updated several times. The latest version is 9 March 2007. It can be downloaded from AKO. This BBP outlines the IA positions in the technical area as you see on this slide. The level one would be an office/computing environment area, a level two would perform the functions for an installation/network environment, and a level 3 would perform the functions for an enterprise/enclave level. The actual DoD document has a list of the functions that fit each category, it can read and downloaded from iase.disa.mil (dod 8570.1M). For the technical area – determining if the individual has privileged access is the first step. Then they IAM or supervisor works with the individual to figure out which level is appropriate.

    4. IA Training Best Business Practice Management Levels specified in DOD 8570.1 Manual: IAMI: Information Assurance Security Officer (IASO) and Information Management Officers (IMO)/Information Systems Officers (ISO) IAMII: Installation/Major Subordinate Commands (MSC)/posts, Major Command (MACOM)/ Tactical Units/PEOs Level Information Assurance Manager (IAM) and Certification Agent (CA) IAMIIII: Regional Chief Information Officer Director/ MACOM and RCIO Information Assurance Program Manager (IAPM)//CA/ Designated Approving Authority (DAA)/Installation (IMA)/DOIM IAM: This is the second category identified by the DoD manual. The management category. The BBP aligns the three levels with IASO, IAM and IAPMs in Army. As with technical level one would be an office/computing environment area, a level two would perform the functions for an installation/network environment, and a level 3 would perform the functions for an enterprise/enclave level. This is the second category identified by the DoD manual. The management category. The BBP aligns the three levels with IASO, IAM and IAPMs in Army. As with technical level one would be an office/computing environment area, a level two would perform the functions for an installation/network environment, and a level 3 would perform the functions for an enterprise/enclave level.

    5. IA workforce Training & Certifications The program includes training – the minimums are in the BBP. Then personnel will continue study to take exams (given by vendors) and obtain certifications. The chart you see here are the DOD approved baseline certifications. For technical personnel, they must also obtain computing environment certifications. A list of those is not included because it is too comprehensive. DoD left it up to the services to determine what they will use in this area. The Army’s elearning program has courses for many of the computing environment certifications (microsoft, cisco, and others). And some of the baseline offerings.The program includes training – the minimums are in the BBP. Then personnel will continue study to take exams (given by vendors) and obtain certifications. The chart you see here are the DOD approved baseline certifications. For technical personnel, they must also obtain computing environment certifications. A list of those is not included because it is too comprehensive. DoD left it up to the services to determine what they will use in this area. The Army’s elearning program has courses for many of the computing environment certifications (microsoft, cisco, and others). And some of the baseline offerings.

    6. Mapping to the DOD Baselines Security+ certification (Technical Level II and Management I) Training: SYO-101 Security+ modules (5 modules) A+ Certification (Technical Level I) Training: Computer Fundamentals modules Network+ Certification (Technical Level I) Training: Networking Essentials modules GSEC (Techncial Level II) Training: GIAC Security Certification (GSEC) Exam (15 modules) CISSP (Technical Level III/Management Levels II/III) Training: CISSP modules (11 modules) What I show here are some of the baseline certifications with a mapping to training provided free through the Army elearning (skillport) program. The Army is the only service that has provisions for contractors to also access and take the IA courses in skillport. Contractors should send email, through their government POC to iawip@us.army.mil for access. A form will need to be filled out and returned, then students will be registered for an account. Military and civilians can sign up for their own skillport accounts and take courses in the IA custom path.What I show here are some of the baseline certifications with a mapping to training provided free through the Army elearning (skillport) program. The Army is the only service that has provisions for contractors to also access and take the IA courses in skillport. Contractors should send email, through their government POC to iawip@us.army.mil for access. A form will need to be filled out and returned, then students will be registered for an account. Military and civilians can sign up for their own skillport accounts and take courses in the IA custom path.

    7. Fort Gordon and 11 mirror sites 1-week Security+ course (IATII/IAM I) 2-week CISSP course (Fort Gordon only) (IATIII/IAMII/III) 1-week SSCP course (Warrant Officer course) -Fort Gordon only (IATI/II) Advance Initial Training (AIT) (25B) students (IATI) A+ (Computer Fundamentals- 6 days) Network+ (Network Essentials- 4 days) Classroom training is available from the mirror sites and during MOS producing courses taught at the Signal center. One question we often get is “Can the class be done mobile?” At this time we do not have a mobile capability, but in the contract update we hope to include it and able to put on a limited number of onsite courses in FY08. Eleven mirror sites and one primary. The mirror sites are at the following locations. Fort Gordon (primary), Fort Hood, TX, Fort Brag, NC, Korea (2), Fort Huachuca, Germany, Fort Monmouth, NJ, Fort Shafter, HI, Fort McCoy, WI, Camp Robinson, AR, Fort Lewis, WA Classroom training is available from the mirror sites and during MOS producing courses taught at the Signal center. One question we often get is “Can the class be done mobile?” At this time we do not have a mobile capability, but in the contract update we hope to include it and able to put on a limited number of onsite courses in FY08. Eleven mirror sites and one primary. The mirror sites are at the following locations. Fort Gordon (primary), Fort Hood, TX, Fort Brag, NC, Korea (2), Fort Huachuca, Germany, Fort Monmouth, NJ, Fort Shafter, HI, Fort McCoy, WI, Camp Robinson, AR, Fort Lewis, WA

    8. Must be in Validated IA position Provide copy of appointment orders and privileged user agreement to the school Must have completed level I training (IASO course) Must have completed all skillport courses for their level. To attend the classroom courses for Security+ and CISSP students need to meet these pre-requisites.To attend the classroom courses for Security+ and CISSP students need to meet these pre-requisites.

    9. Additional Trainings Sources Fort Gordon website Awareness Training (Initial and annual) (All users) IASO (All IAT and IAM personnel) UNIX CND/Level III (Fort McCoy, WI) Specialized training: IA Virtual Training website Army tools (Scanner, Firewall, Wireless detection) DoD tools (Retina, Hercules,) Topics (Incident Handling, OPSEC, Web content, thumb drive) In addition to training that focuses on certifications, we have training for IA user awareness, IA Security officers, Unix and an advanced systems administrator course for personnel who support CERTs (the CND/level 3). The virtual training website – at iatraining.us.army.mil. Has specialized IA courses to enhance IA skills. This is where you will find Army tools (such as STAT), DoD tools (such as retina and hercules), and other topics of interest. Two of the newer courses will include Netscreen firewalls and a wireless discovery tool – flying squirrel.In addition to training that focuses on certifications, we have training for IA user awareness, IA Security officers, Unix and an advanced systems administrator course for personnel who support CERTs (the CND/level 3). The virtual training website – at iatraining.us.army.mil. Has specialized IA courses to enhance IA skills. This is where you will find Army tools (such as STAT), DoD tools (such as retina and hercules), and other topics of interest. Two of the newer courses will include Netscreen firewalls and a wireless discovery tool – flying squirrel.

    10. Initiatives Revamped the traditional 2-week SA/NM course to one week Security+ (Classroom prep for Security+ commercial certification); Piloted a tool for tracking training and certification statistics Updated the IA Training and Certification Best Business Practice Distributed over 100 certification vouchers to the IA Workforce; Established initial and annual Awareness training solutions Established a Certified Information Systems Security Professional two week at Ft Gordon These are some of the items we have accomplished in the last year. PEO EIS participated in our pilot of a tracking system last year. We hope to bring it online on a .mil site in late May 2007. The first step to successfully using the tracking system is registering your IAMs, then they can validate others at the PM levels. The system will be a place to show training completions, manage and distribute exam vouchers and create reports to meet FISMA specialized training queries. These are some of the items we have accomplished in the last year. PEO EIS participated in our pilot of a tracking system last year. We hope to bring it online on a .mil site in late May 2007. The first step to successfully using the tracking system is registering your IAMs, then they can validate others at the PM levels. The system will be a place to show training completions, manage and distribute exam vouchers and create reports to meet FISMA specialized training queries.

    11. Army Training and Certification Tracking System Pilot Jun 06 – Dec 06 This is the pilot we conducted with the IASTAR system.This is the pilot we conducted with the IASTAR system.

    12. Purchased 1000 licenses 10 sites participated-( 1st IO, FORSCOM, PEO EIS, TRADOC, IT School, COE, NGB, RCIOSW, USARC, OAA) Purchased two CISSP on-line instructor led courses: (Global Knowledge and New Horizons) Purchased ten seats in the Navy led GSLC course hosted at Norfolk VA Purchased 250 vouchers (CISSP, Security+, A+, and Network+) During the program OIA&C purchases 1000 licenses for a tracking tool called IA stat and had participation for various sites. This allowed a thousand people to register, take a quiz to determine their technical or management level, and track training and certification completions. We ran courses to test the value of web-delivered instruction. For this we used two different companies and both had good reviews from students. What we learned from this is students need to study first, then take the course to achieve success on exams. We were able to partner with Navy to get seats in a GSLC course they offered. Again the student must be committed to study in order to pass. We also bought a limited number of vouchers for the pilot. These are distributed to students who have completed their minimum training, taken pre-assessments tests with a score of 75% or better. Your IAPM was the source for determining who will get vouchers. During the program OIA&C purchases 1000 licenses for a tracking tool called IA stat and had participation for various sites. This allowed a thousand people to register, take a quiz to determine their technical or management level, and track training and certification completions. We ran courses to test the value of web-delivered instruction. For this we used two different companies and both had good reviews from students. What we learned from this is students need to study first, then take the course to achieve success on exams. We were able to partner with Navy to get seats in a GSLC course they offered. Again the student must be committed to study in order to pass. We also bought a limited number of vouchers for the pilot. These are distributed to students who have completed their minimum training, taken pre-assessments tests with a score of 75% or better. Your IAPM was the source for determining who will get vouchers.

    13. Application Features The tool will allow personnel to, show training completions show certification completions when fully populated IA personnel will not have to track their training in AVTR any longerThe tool will allow personnel to, show training completions show certification completions when fully populated IA personnel will not have to track their training in AVTR any longer

    14. Users Complete 2-page Questionnaire Answers Create Individual Profiles Mapped to DoD 8570.1-M Plans Include COTS and GOTS Courses Drill down Hierachy Army Command, Army Service Components and Direct Reporting Units, PEOs, RCIOs Application Features When IA personnel register on the tracking system them will fill out a questionnaire. During the registration they will designate a manager who will validate their profile. The answers create profile that puts you into IA technical one, two or three or management one, two or three. The training requirements and certifications that fit will then be mapped to the category/and level. For example, if you are a technical one, and you want a voucher. Once you meet the requirements (Training, pre-test, IAPM or IAM validation) – you will be eligible for a voucher in the technical one area. To help the process the OIA&C has built into the tool the hierarchy for PEO EIS, Ms Kenon validated it for use in March. When the tool comes online we will work with you to load in your IAM at the various PMs. When IA personnel register on the tracking system them will fill out a questionnaire. During the registration they will designate a manager who will validate their profile. The answers create profile that puts you into IA technical one, two or three or management one, two or three. The training requirements and certifications that fit will then be mapped to the category/and level. For example, if you are a technical one, and you want a voucher. Once you meet the requirements (Training, pre-test, IAPM or IAM validation) – you will be eligible for a voucher in the technical one area. To help the process the OIA&C has built into the tool the hierarchy for PEO EIS, Ms Kenon validated it for use in March. When the tool comes online we will work with you to load in your IAM at the various PMs.

    15. Contact Information Ms Phyllis Bailey at phyllis.bailey@us.army.mil, 703-602-7408 Ms. Doris Wright at doris.wright@us.army.mil, 703-602-7420 iawip@us.army.mil https://informationassurance.us.army.mil These are your points of contact for the training an certification program.These are your points of contact for the training an certification program.

    16. Questions? https://informationassurance.us.army.mil (AKO Credentials or CAC Validation for Access) These are your points of contact for the training an certification program.These are your points of contact for the training an certification program.

More Related