*Originally published on SecuritySales.com
A first-of-its kind cybersecurity certification will create a pathway for integrators to train and qualify their technicians to securely perform installations.
SILVER SPRING, Md. — The Security Industry Association (SIA) is spearheading a first-of-its kind cybersecurity certification program for physical security integrators that is expected to be formally unveiled in June.
SIA is joined by stakeholders from across the security industry ecosystem in development of the program, including members of the consultant and manufacturing communities, PSA and SecuritySpecifiers.
“In today’s world of converged security we recognize there is a competency gap between the installation of physical security devices and the assurance of a secure connection to network infrastructure, which today really goes hand-in-hand,” Elli Voorhees, Ph.D., director of education for SIA, tells SSI.
During the past year, Voorhees and a core group of subject matter experts have worked to develop a program that complies with the ANSI National Accreditation Board’s ISO/IEC 17024. The standard is a globally accepted benchmark for bodies managing the certification of persons, and is being increasingly recognized by the U.S. government, the certification industry and organized labor.
The working group’s tasks have been manifold as it labors to meet the stringent criteria under ISO/IEC 17024. Among the activities of an initial focus group was to identify the knowledge, skills and abilities (KSAs) necessary for a security technician to perform cybersecurity work activities. The list of KSAs generated by the focus group then became the foundation for developing a functional job task analysis. Subsequently, the KSAs were validated through the administration of a questionnaire to determine essential job functions.
“From that initial focus group we created a long list of competencies. Then through a somewhat iterative process you go back and group them into domains,” Voorhees explains. “And then the next step is once you have those initial domains and the competency statements, you send them out for validation in a survey.”
The survey was administered to individuals from 50 systems integration companies, both SIA and PSA members. Participants rated each competency statement as part of the job task analysis. With that data, the working group was then able to identify which competency statements would qualify for inclusion to form the basis of the certification exam.
“Once you have those exam specifications that’s when you get into the item writing process,” Voorhees continues. “And that’s where we currently are in that phase of development, finishing up writing exam questions.”
Physical security technicians will be administered a multiple choice-style exam to achieve the certification, which is officially named Security Industry Cybersecurity Certification (SICC). The exam is purely a competency-based assessment; there will be no in-person evaluation of performance. SIA is contracting with Scantron to administer the exams at the vendors’ various testing sites around the nation. A remote proctoring option is also expected to be available later in the year.
‘Sense of Confidence’
Most, if not all, current cyber certifications are IT-oriented, making the certification program for security integrators the first to address the hands-on technician who installs electronic security, explains Ray Coulombe, managing director of SecuritySpecifiers. Coulombe, who has been instrumental to the inception and development of the program, says a certified technician will give a sense of confidence to their employer and specifying consultant.
“Consultants will have the ability to include this in specifications under Contractor Qualifications, thereby setting a bar for installing companies. This reduces the consultant’s own liability, in my opinion, and it helps drive integrators to use qualified technicians to support a cyber-hardened installation,” he says. “Further, it could become part of the criteria for manufacturers to use to certify their integrators, thus reducing their potential cyber exposure in the process.”
In the simplest terms for a security integration business, the importance of sending cyber-certified technicians into the field is all about securing what you sell, says Anthony Berticelli, vice president of operations for PSA and member of the certification working group. Ensuring integrators have the knowledge to keep their clients secure is one benefit, but the certification can also help to instill confidence in the eyes of the client that the integrator has expertise in all aspects of the products and infrastructure they install on the network, adds Berticelli.
“I believe that the ability to provide cybersecurity awareness and solutions will help security integrators present a more complete security solution to their customers,” he continues. “Those who embrace this will have a competitive edge in the market.”