Steve Young - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What are the benefits of CERT's ITPM certification?

CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and its relevance.

CERT came out with a new certification that is designed to assist companies in developing a formal insider threat program. Could you briefly explain the certification? Is it relevant enough for current security professionals to obtain?

The insider threat doesn't typically get the same level of recognition as other external threats. State-based actors or cybercriminals in foreign countries often get all of the media attention, but an insider breach can cause far greater damage to an organization. The Snowden leaks are a good example of how much damage can be done by a trusted insider. Organizations struggle with building an insider threat program and CERT has responded by developing a new program -- called the Insider Threat Program Manager (ITPM) -- to assist organizations in the process. The goal of the ITPM certification is to provide education and testing so an organization can develop its own insider threat program.

This is a quality certification that adds value to any organization looking to build an insider threat program.

There is a deserved level of skepticism surrounding certifications, and many in the industry question their value. This is often due to a limited number of questions that don't require a full understanding of the topic to be successfully answered. Cram sessions and rote memorization can pass certifications but are not helpful in the real world. The CERT ITPM certification addresses this by requiring a combination of online and on-site classes, as well as a certification exam. The three-and-a-half day on-site training does have a downside in that it dramatically increases the cost of this certification, which ranges from $3,000 to $4,000. However, it should also add to the validity of the certification.

The topics covered in this certification range from education on prevention, detection and response to insider threats. It also requires the CERT STEPfwd (Simulation, Training and Exercise Platform), which provides an online multi-media learning environment. The online learning portion of the program is extensive, requiring 12 hours of student time. The only weak point in this entire program is that the exam is only 65 multiple-choice questions to be completed in 24 hours. The exam could not represent all of the material covered during the training courses, and this diminishes the certification value somewhat.

The trusted insider can do more damage than most external threats, and organizations need to develop programs to prevent, detect and respond to these threats. The CERT ITPM certificate is a great way for information security professionals to obtain these skills. It is expensive and the exam is not comprehensive, but the material is covered with a high level of expertise by a highly qualified organization. This is a quality certification that adds value to any organization looking to build an insider threat program.

Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

Next Steps

Trying to decide what security certifications to get? Check out our vendor-specific certification guide.

This was last published in March 2015

Dig Deeper on Security Awareness Training and Internal Threats-Information

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does the fact that it combines online and on-site classes, as well as a certification exam, make the CERT ITPM more valuable?
I agree. The truth is we are in a fast-paced society and studying is a bit challenging due to time constraints. However, the integrity of education needs to remain, which means as much as I want my certificate, it has to be authentic. Certification exams therefore mean the CERT ITPM is awarded to a qualified individual. And more importantly, online and on-site classes give students the flexibility required to learn and do so well.
I've stated this in many places, and I will continue to do so... i consider any "certification" can cannot somehow, if even subjectively, demonstrate actual skill in the knowledge learned to be suspect. A model I look to and have respect for is the Cisco CCIE Certification, or at least the one I knew about in the 1990's (can't speak for today). In addition to an exam, there was also an in depth lab that had to be completed, in real time, to show you could actually do the work you just tested for.
Any time an online class can be complimented with classroom sessions where students can go for hands-on work in a lab like environment makes them more confident of what they learnt and also clearly shows them how to implement what they learnt. 
Joseph Granneman is 100% wrong. The CERT's ITPM is a certificate, it is not a certification? Any organization that calls their training a certification, without being backed by a certification body is dead wrong. Jim Henderson
I am a bit skeptical about certifications but I appreciate the fact that CERT ITPM has gone the extra-mile to validate it.
I would agree with the previous comments that it may not be appropriate to call it a certification. Training is the right word for it. However, without getting into the specifics of nomenclature, the content of the training programs designed under the theme are excellent and should be looked upon as a serious investment by not only the government departments but also the big and small corporates. The content equips one with the concepts of insider threat and the understanding of ones role in protecting their organization's critical assets.