Anatomy of a (New) CyberSecurity Exam: Logical Operations' CFR
Logical Operations released the CyberSec First Responder (CFR) certification. Aimed at those who must handle security incidents, it offers a general first security responder exam that focuses on threat detection and response.
Source: Logical Operations' CFR home pageGiven that cybersecurity continues to be at the top of everybody's list of desirable IT skills and knowledge sets – employers and IT pros alike – it should come as no surprise that there's another new security certification on the landscape. This one is called the CyberSec First Responder, or CFR, for which the current version is the CFR-20 exam. Interestingly, the sponsoring organization, Logical Operations — a long time purveyor of courseware, training and learning management solutions – is obtaining ANSI/ISO/IEC certification for the CFR program right out of the chute.
What's the Deal with ANSI/ISO/IEC Meta-Certification (Certification of a Certification Program and Specific Credentials)?
Credentialing programs can apply for ANSI/ISO/IEC 17024 certification, entitled "Conformity Assessment – General Requirements for Bodies Operating Certification of Persons." This, in turn, falls under ISO/IEC 17011 and international standard defining quality third-party accreditation practices. Microsoft has done it for several of its credentials, as has Cisco for CCNA and CCNP, and CompTIA for A+, Security+ and Network+. But by no means does everybody do it, nor is it common for a brand-new credential to start life by undertaking this course of action. Logical Operations has been going through this process since 2015, and expects to receive the official ANSI/ISO/IEC imprimatur sometime soon.
MORE: Best IT Certifications
"Why is that?" you ask. Lots of reasons, not least of which are time, effort and expense. According to Tim Barnosky, Logical Operations' Manager of Certification Development, conformation with the ANSI/IEC/ISO requirements takes a typical 4- to 6-month exam development process and stretches it out to 18 months (for the CFR-210 exam) also making it substantially more expensive because of higher personnel costs and activities involved.
First, a scheme committee for the exam must be formed, whose initial job is to carefully vet all Subject Matter Experts (SMEs) recruited to work through the lengthy exam development process. Next comes a rigorous job task analysis, which establishes the real-world context, problems, and activities that the exam must encompass. Next comes development of detailed exam objectives which address topics to be covered, proportion of exam coverage to be devoted to such topics, and the cognitive level at which they must be addressed in the exam (this latter element describes whether candidates must be familiar with concepts, familiar with operations, or demonstrate higher levels of mastery and understanding).
Only after all this up-front stage-setting is done, does the exam creation process begin. It starts off with a laborious and lengthy item development process that includes writing items, discussing and defending them, beta-testing them for psychometric evaluation, all leading to development of a large question bank from which current exam items may be drawn. These questions, along with future or prospective exam items, which usually comprise 20 to 25 percent of questions that candidates see when taking an exam, are subject to ongoing statistical and psychometric scrutiny so as to toss out aging or compromised exam items, while ensuring a steady supply of new and useful questions to make sure candidates possess the right skills and knowledge to do the job if indeed they pass the exam. Thus, the exam development process is never truly complete, though the Scheme Committee will decide to restart the process from scratch from time to time, re-vetting SMEs and redoing the job task analysis, to kick the whole life cycle over again.
What Does this Mean for CFR?
Logical Operations invested heavily in the definition and creation of the exam and is banking on the rigor and heft of "serious certification" to attract candidates to its program. Furthermore, it is also betting heavily that the perceived value and importance of a CFR certification can be quickly established, allowing this upstart new program to take a seat in the top tier of cybersec certs, alongside the likes of CISSP, CISM, CEH, Security+ and so forth. It has been incredibly canny in its selection of an exam focus, in that there are no ANSI/IEC/ISO accredited cybersec certifications for first responders/incident handlers currently available, and because there is high demand for security professionals properly trained and equipped to handle such responsibilities.
Logical Operations has also invested heavily in crafting a fairly complete support environment for its fledgling credential. In addition to the $300 exams (CFR-110 and CFR-210) available through Pearson VUE, it has developed a course to cover the exam objectives (no surprise, from a highly-respected training company of long standing). Through a partnership with Transcender, the company also expects to make a practice test for the exam available before the end of 2016. They are also considering development of a set of self-study materials as well, to cover all the usual avenues for practicing and aspiring cybersecurity pros to take up the certification mantle (accredited or otherwise).
The only big question now is "How will uptake for the CFR program proceed?" Given all the time, effort and money that Logical Operations has invested in this credential, the company is hoping that the answer to that question will fall somewhere between "vigorous" and "astonishing." But of course, only time will tell. Whatever the outcome, the company has done its best to craft a serious and marketable certification credential. The rest is up to the marketplace.