How to Become a Certified Security Expert in the Age of Social Media – with Justyna La Pay

by Mirek Burnejko

Justyna La PayThis is an interview with Justyna La Pay from Ultimate Knowledge Institute (Director, Strategic Development and Marketing) about three new trainings and certifications:

  • Social Media Security Professional Certification – SMSP Powered by CompTIA
  • Social Media Engineering and Forensics Professional Certification – SMEFP
  • Social Media Management and Governance Professional Certification – SMMGP

In this interview you will find:

  • Why social media security is one of the hottest topics in 2013?
  • Do companies need certified social media security experts?
  • How to prepare for these certifications?

Mirek Burnejko: Hello Justyna. It’s nice to have you here. Can you first tell us a few words about Ultimate Knowledge Institute?

Justyna La Pay: Thank you so much for having me. The Ultimate Knowledge Institute (UKI) has been around for over 15 years as the preferred Information Technology (IT) and Information Security training provider to both Department of Defense and Fortune 500 companies. We have trained more than 25,000 professionals to obtain the IT industry’s most prestigious certifications, from Microsoft and Cisco to CompTIA and (ISC)2 credentials. We thrive on innovation and work closely with our federal and commercial clients as well as students to develop new and cutting-edge training courses to prepare the workforce for emerging threats within the Information Assurance space.

MB: Today we are going to talk about Social Media Security certifications. Why social media security is so important?

JLP: There are now more than one billion people using Facebook. Think about this number for a second. If Facebook were a country, it would be the third biggest in the world. When we add other social media platforms to the mix, Twitter, LinkedIn, Google Plus, Pinterest, etc., the number of users are just staggering. With so many people freely sharing personal details and often unknowingly leaking confidential organizational information, it’s no wonder that social media has become the main platform for hackers to execute social media engineering attacks, phishing attacks, and identity thefts. Social networking is now also the main vehicle for spreading malware. We are not the only ones in the industry who think that social media poses a security risk.

A recent survey by McAfee revealed that the majority of IT professionals consider social networking to be the number one risk to information security.

Other studies done by Norton, Gartner, and Forrester place social media as one of the top three biggest threats to information security. Social media is a new communication medium, and it’s only getting bigger. We need to be ready to defend ourselves and our organizations from the risks it brings.

MB: Why have you decided to launch the Social Media Security certifications?

JLP: The Ultimate Knowledge Institute developed the Social Media Security training by request from the Department of Defense (DoD). Obviously, the consequences of a military member or spouse over-sharing sensitive information on social media platforms can be very dangerous, if not deadly. However, security risks to organizations can also have enormous consequences, including defamation and financial losses. As such, organizations from all industries and sectors are increasingly looking for professionals who have a strong understanding of social media threats and can mitigate the risks involved. Following the creation of the training, we were approached by training managers and students with request to establish a measurable standard for social media security knowledge and skills. We partnered with CompTIA to develop a reliable and valid certification exam to measure those skills.

MB: Are these certification created for IT Professionals?

JLP: Absolutely. We have developed three training and certification programs to address Social Media Security, and all three are geared towards Infosec professionals. Our foundations course – the Social Media Security Professional (SMSP), Powered by CompTIA — requires a minimum of one year of cybersecurity work experience.

MB: Do companies need Social Media security experts in IT departments?

JLP: It is crucial for IT security professionals to have a solid understanding of the risks specific to social media. A professional with Security+ certification has a strong understanding of general network security matters, while someone with a CISSP has the knowledge of a large array of security topics from a technical management perspective. UKI’s Social Media Security courses and certification build on general network security training, but the unique aspect is their focus on technical granularity specific to social media platforms such as cross-site scripting, socware (social media malware), geo-tagging, and evil twin attacks.
The high demand for our Social Media Security courses affirms that there is a real need for experts with social media security skills.

Also, taking into consideration that the Global State of Information Security Survey PwC found that only 38% of organizations currently have some sort of security strategy for social networking, we expect the need for training and certifications to increase exponentially.

MB: Can you describe the differences between your certifications (SMSP, SMEFP, SMMGP)? Are they targeted to the same group of specialists?

Social Media SecurityJLP: The Social Media Security Professional (SMSP) Powered by CompTIA certification is our foundations course and is designed for professionals with good understanding of general network security matters (Security+ level) who want to specialize in Social Media Security. This certification covers social media theory and principles, technical composition, risks, security and incident response, and social media management. We often see professionals with titles such as security administrator, architect or engineer attend the training. However, we’ve also had information assurance professionals and quite a few chief information security officers (CISOs) take this training in order to specifically guide them in designing user training and drafting social media security policies. The SMSP is a pre-requisite for our SMEFP and SMMGP certifications.

The Social Media Engineering and Forensics Professional (SMEFP) training and certification is a deep dive into detecting breaches, analyzing their impact, mitigating the risk and finally collecting necessary evidence for further investigation and possible prosecutions. This certification is most beneficial to those who want to further their understanding of the technical details of the social media platforms and breaches.

The Social Media Management and Governance Professional (SMMGP) certification focuses on the proper design, implementation, and management of social media security policies in alignment with the strategic goals of the organization. Professionals in charge of information security programs, such as information security directors, architects, and chief information security officers are the specialists who often take this specialized training.

MB: What do the exams look like?

JLP: At this time, the SMSP Powered by CompTIA certification exam is still in the beta phase, which will end on February 28, 2013. Interested professionals can participate in this exam from any convenient location with access to internet. The exam features 65 questions, which must be completed within 90 minutes. Prior registration on our website is required to participate in the beta exam. Professionals who participate in the beta exam will be awarded the SMSP certification Powered by CompTIA upon successful completion of the exam. They will not only be among the first certified SMSPs, but will also help establish the passing score for this certification.

The SMSP Certification Powered by CompTIA is expected to be launched in market in early April 2013. The SMEFP and SMMGP certifications will be released later this year, but the training programs are currently accepting students.

MB: How to prepare for these certifications? Do you offer trainings or books?

JLP: Candidates can choose to prepare for the SMSP exam by participating in an official training course or by challenging the exam (self-study). We currently offer ground and convenient online, live, and instructor led 2-day training courses with special introductory offer for students to get ready to pass the beta exam. You can find more information about the training here. Following the launch of the SMSP Certification Powered by CompTIA in early April, we will offer 3-day training courses to prepare students for the certification exam.

MB: Do you offer any promotion for the exams? Can we find any free materials on your website?

JLP: Currently we have a special introductory online, live, and instructor-led training course promotion for the SMSP certification that will end on February 28th, 2013. For more information, please visit this site.
For those professionals who opt for the self-study option, we offer a full SMSP Common Body of Knowledge outline as well as free webinars on our website. We are constantly working on developing new and free resources for interested individuals.

MB: What are your plans for the future? (New exams, new trainings?)

JLP: The next big step for us is to begin offering the Social Media Security courses through our Authorized Training Partner network in early April. We are very excited about this as it will allow information security professionals to have a convenient access to this training and certifications in the US and around the world.

In terms of new training programs, innovation is very important to us and we’re working hard to develop new course offerings that fulfill the current workforce needs. We have a few interesting courses in the works, but it’s too early for me to share more information about them. Once we get closer to launch, your readers will be the first ones to know about them.

MB: Thank you so much Justyna.

JLP: Thank you. It was a pleasure to speak with you. If your readers have any questions about the Social Media Security training or certifications, they are very welcome to email us at info[email protected] or call 1.888.677.5696.

Question to readers: What is your opinion about social media security certifications? You can leave your answer in the comment section below.

[This is part of the Interviews with Vendors Series]