Security University: Piecing Together Your Security Skills Puzzle – with Sondra J. Schneider

by Mirek Burnejko

Sondra J. SchneiderThis is an interview with Sondra J. Schneider the Founder and CEO of Security University.

Security University offers amazing hands-on computer security trainings and certifications. They’ve been on the security trainings market for 13 years!

In this interview you will find:

  • Who should think about hands-on cyber security skills
  • Why Ethical Hacker Certification from Security University is so powerful
  • What about trainings from Security University think others


IT Certification Master: Hi Sondra. It is a pleasure to have you here. Tell us about you.

Sondra Schneider: Everyone starts somewhere, my start was in 1990 when I needed to find a new career and fell into the “internet space” working with MFS (Metropolitan Fiber Systems) Datanet selling bandwidth for the internet up and down the eastern seaboard, placing internet co-locations in buildings big to small.

ICM: Can you tell us about beginnings of the Security University certification system? What was your first certification?

SS: In 1999 Security University began the AIS Certification, Advanced Information Security Certification, in 2004 we were requested to change the name and in 2004 the AIS was renamed to the Q/ISP Certification, Qualified/ Information Security Professional – because there is a difference in being certified – passing an exam – to being Qualified for the job with validated cyber security skills.

Q/ISP has 4 certifications – Q/EH, Q/SA, Q/FE & Q/ND and 1 Q/PTL workshop.

Q/ISP® Cert Exam CNSS 4011/4012/4013/4015/4016A
Q/EH® Qualified/ Ethical Hacker Certification
Q/SA® Qualified/ Security Analyst Pen Tester Cert.
Q/PTL® Qualified/ Penetration Tester License
Q/FE® Qualified/ Forensic Expert Certification
Q/ND® Qualified/ Network Defender Certification

ICM: You have 24 certifications in your offer. Who should think about them?

Since 1999 Security University has pioneered hands-on security skills. We have always taught hands-on cyber security skills which are critical to protecting our military, industry and financial assets. I’m not sure who thought taking an 250 question exam meant you were certified to operate a secure network. Anyone can read a book and pass an exam.
You can’t read a book and get a driver’s license, but we pay people to get certified to drive the most important networks in the world.

Everyone in IT should needs hands-on cyber security skills – everyone! Once everyone knows hands-on basics of cyber security we can ensure stupid mistakes are avoided or exploited before critical damage is done. We can’t afford to have systems down or compromised… we can’t afford to show weaknesses for our enemies to attack because of arrogance.

To answer your question, anyone who touches networks needs to know cybersecurity, everyone who is tasked with protecting e-assets on wired and wireless networks. Everyone who manages risk (at all level) needs to have qualified and validated cyber security skills. We all touch the network… we all need cyber security skills.

ICM: What is your the highest certification/s?

Security UniversitySS: The certifications are hands-on certifications that qualify and validate students with escalating labs during class and a performance based practicals after class is completed for the Q/SA – Q/PTL Certification (3 hour full target range security assessment w/ report), Q/FE Certification (3 full investigations on 3 different mediums w/ reports ) & Q/ND Certification (fully executed VA with compliant firewall, SEIM and IDS Signatures (Snort) on a live VM w/ report).

ICM: You have in your offer Qualified/Ethical Hacker Certification. Tell us something about it and what is a difference between this certification and CEH from EC-Council?

SS: Big difference! ALL Security University training and certifications are based on a “process and methodology” that uses escalating hands-on labs and real world experience ending with practical homework to validate the students security skills.

SU’s Q/EH class materials are 330 sides of highly focused “security testing tools” specific to 22 area’s of the enterprise.

The class will study security testing tools hackers use to gain access and penetrate a network or application.
The Q/EH is first class and certification in the Q/ISP Master Certification. Security University provides step by step learning methodology about how hackers break into networks and gain access to targets. If I may quote a student:

I have over 20 years experience in both teaching and information security. I am very particular about both and highly concerned with the decline in real training revolving around the current challenges which we face. I was honestly impressed with both the level of expertise and the instructor’s ability to relay this information to the students. This is not simply another idiot boot camp but a well-reasoned and directed classroom experience which prepares the student for the real world. I was impressed with the hands-on exercises. These combined with the instructor’s elevated knowledge base made the class enjoyable and extremely topical. When you compare Security University to other training groups in the region, they are infinitely superior in both talent and developmental materials.

ICM: What are the benefits for an employer with an engineer with Security University certifications?

SS: The Q/ISP certification rigorously Qualifies & Validates CyberSecurity Professionals with hands-on tactical security skills necessary to deliver the capability to establish, operate, defend, exploit, and attack in, through, and from the cyberdomain”. Where workforce meets HQE, HIGHLY QUALIFIED EXPERT’s to deliver tactical hands-on security skills with a consistent process & methodology. With Security University Highly Qualified Experts so fewer people can do the same job or more with consistent hands-on security skills

ICM: You are on the certification market since 1999. I guess you’ve created many security experts. What is the best way to create a security expert with certifications in 2012. What is your subjective opinion?

SS: Security University has been building security experts by “layering” hands-on skills certifications training with performance based practicals. We practice pre-class immersion by engaging the student before class by sending historical exam questions that each student is requested to answers prior to class.

They not only answer the correct answer, but why all the other answers are incorrect. Again to engage the students to learn exponentially a wider amount of information, not just the answers.

ICM: What is THE BEST option to prepare to your certifications?

SS: Study a book, use a pre-class online quiz, read the chapter, quiz, read the chapter, quiz… keeping track of your wrong answers in a word doc creating your own study guide for known weaker areas – so you understand better in class.

ICM: Why your students like your trainings?

SS: Let me quote one of my students:

As an Army Information Systems Management (FA53) officer focusing on Cyber Defense, I’ve had the opportunity to train and certify in several IA/CND specific programs as well as work a myriad of Army Cyber Defense workforce training and development issues.

SU training techniques are a perfect match for our military cyber defense workforce goals since they not only train the relevant concepts of cyber defense and its CND specialties but also in the case of Q|SA and Q|PTL courses challenge the students to apply those concepts in a “tactical” setting that an actual security analyst or penetration tester might see.

Security University’s Q|SA / Q|PTL program of instruction is impressive and superior to some other training programs in several ways; one of them being the daily hands-on assessment of critical skills being taught. I spent 30 post-course hours alone on analyzing the data and developing a 32 page report. That’s definitely an experience you’re not going to get through other training programs that teach a five-day curriculum that’s predominately lecture based. The Q|SA and Q|PTL courses also expose the students to a wide range of open and closed source automated tools for use in security analysis and penetration testing as well as the built-in assessment and exploitation capabilities of both Linux and Windows-based operating systems.

Hence, managers focus on CISSP and miss excellent training like Security University’s programs. Security University training should be a major part of any organization’s information security training programs.

SHANE F. LIPTAK,
Major, USA
Cybercom – former Cyber Defense Officer, 21st Signal Brigade

ICM: Thank you so much and I hope we can talk soon about more detailed aspects of your certifications.

SS: Thank you for your patience.

[This is part of the Interviews with Vendors Series]