I just passed my
Certified SCADA Security Architect (CSSA) certification. The classes where hosted by the
InfoSec Institute and the certification itself is offered by the Information Assurance Certification Review Board (IACRB). The IACRB is a non profit organisation that focuses on certifying individuals and their skills in various information security and ethical hacking related topics.
The classes offered by InfoSec Institute are somewhat ordinary, the instructor is reading the slides to you without much commenting and the slides seam to be from one of the last decades. The labs which are mandatory, are offered through WindowsXP based virtual machines, which you will have to have a license key for. You will, among others, be writing policies, replaying Modbus packets and write some IDS signatures to detect Modbus attacks.
Nevertheless, the content provided can help you to get an understanding of the topic. So the class can be a great starting point for further research and learning. The class will also more or less ensure that you pass the exam, even if you fall asleep while watching the recorded training.
The exam itself is comprised of 100 multiple choice questions across all topics. You will have 150 minutes to answer them all, not answering a question counts as a wrong answer. One third of the questions are simple yes or no questions which will partially rule out each other, so they are very easy to answer, the other two thirds are more complex and sometimes not very precise but still doable.
Concluding, the training classes could be much better, the labs could use some renovation and the certification exam could be a little harder. It was fun doing the exam though. Nonetheless, I would suggest reading a
good book on the topic and do the exam straight away without taking any training classes to anyone interested in the SCADA security.
