Training for Security Success
Promulgating methodologies is one thing; learning how to use them successfully—especially on company time—is another. That's why ISECOM offers three OSSTMM-related certifications:
- OSSTMM Professional Security Analyst (OPSA)
- OSSTMM Professional Security Tester (OPST)
- OSSTMM Professional Security Expert (OPSE)
They also offer a certification to become a Hacker Highschool teacher.
Not interested in being a training company itself, ISECOM relies on outside trainers, who pay a yearly fee. "We take on training partners [who] pay a yearly fee to be associated with ISECOM, and we give them all the training materials, all the information, and they're basically on a closed [mailing] list so we can keep them up-to-the-minute on what we're doing," notes Herzog.
Training is also a theme at the annual conference devoted to all things ISECOM, dubbed ISESTORM. The latest iteration, held in Las Vegas in October 2004, kicked off with a one-day symposium on security processes, followed by three two-day seminars, each leading to one of three potential certifications—OPST, OPSA, or Hacker Highschool teacher.
As the latter certification suggests, ISECOM isn't just about the OSSTMM. Hacker Highschool, for example, is a set of courses for teaching "tweens" and teens about safeguarding themselves against fraud, identity theft, and privacy leaks in this age of rapidly changing communication modes.