CERT-CSIH – Exam Information

Many cybersecurity professionals consider certifications an essential part of advancing in the field. So do employers looking for talent. According to the job-analytics company Burning Glass Technologies, more than a third of job openings in cybersecurity ask for a certification, compared to less than a quarter of all jobs in IT.

If you’re interested in a career in incident response, one certification to consider is Computer Security Incident Handler (CSIH) from CERT, a division of the Software Engineering Institute (SEI) at Carnegie Mellon University. Although not as popular as some other similar certifications, CERT-CSIH is a solid credential and SEI has a longstanding reputation in doing work with the Department of Defense and other government agencies, as well as the private sector.

Incident responder is one of the industry’s top-paying jobs, according to Tripwire. As the role requires a broad range of skills — from Web-application security and threat detection to forensics — CERT-CSIH is a good way to demonstrate you have the knowledge of the latest best practices, can produce high-quality results and have the skills and ability to help your employer achieve its objectives.

Topics Covered on the CERT-CSIH Exam

The closed-book CERT-CSIH exam contains a total of 65 questions in five content areas: infrastructure protection, event and incident detection, triage and analysis, response and sustainability. The certification was designed for military, contractor and civilian personnel based on a rigorous multi-phase process that included a panel of subject-matter experts and multiple reviewers.

Here’s a sampling of topics that each section covers:

Protect Infrastructure (7 percent of the exam)

  • Implement infrastructure changes to help mitigate an incident or potential vulnerability exploitation
  • Give guidance to your constituents (e.g., CISO or IT administrator) on best practices for protecting information systems (IS)

Event/Incident Detection (17 percent)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: