Security University Testing Governance
The SUT Advisory Boards oversees the Qualification/Certification Board affairs of the organization, subject to decisions on policy and actions by the membership during meetings or by ballot. The Advisory Boards consist of security professionals from the IT industry and representatives from IT companies.
SUT consists of the following Governing Bodies:
- SUT Honorary Council
- SUT Advisory Board
- SUT QPTL License Board
- SUT Q/FE Forensic Board
- SUT Scheme Committee
About SUT Advisory Board
Since 1999, The SUT Advisory Board is a member based network of volunteers that are recognized by SUT as highly qualified cyber security experts key in the field of cyber security.The advisory board is a group of experts/business executives who meet on a consistent basis to provide leadership, support and constructive feedback to the executive leadership of SUT. The advisory board's purpose is to assist in leading the organization. Unlike a traditional board of directors which represents the interest of a company's shareholders and to whom the President or CEO reports, the advisory board exists as an advocate, supporter, and resource for the organization.
Advisory Board Roles and Responsibilities
- Contribute innovative ideas for the benefit of Q/ISP Qualification/Certification Program
- Contribute ground-breaking ideas for the benefit of expanding Q/ISP licensing process and methodology.
- Participation in speaking events and the SUT Q/ISP Qualification/Certification security community.
- Assist SUT in driving performance based cyber security standards for the Q/ISP.
- Mentor new SUT Q/ISP Qualification/Certification candidates.
- Advocate and promote the Qualified/ Information (Cyber) Security Professional
- Assist SUT in designing and developing ideas for new training programs and content.
- Mentor and advise the SUT for the continued improvement of the Q/PTL standard.
Join the Board
If you would like to join SUT as Advisory Board member, please send us your resume and your academic achievements to advisoryboard@SU-testing.com
About Qualified/ Penetration Tester License Board
Since 1999, The SUT Q/PTL Qualified/ Penetration Tester License Board is a member based network of volunteers that are recognized by SUT as highly qualified cyber security experts key in the field of cyber security. Once a Q/SA earns their Q/PTL License they can request to participate in the Q/PTL program to review new Q/PTL assessments. Each Q/PTL reviewer is an independent highly qualified expert in cyber security with a proven track record to recognize excellence in cyber security assessments. QPTLBoard@SU-testing.comRoles and Responsibilities
- Contribute innovative ideas for the benefit of Qualified Q/PTL Qualification/Certification members
- Contribute ground-breaking ideas for the benefit of expanding Q/PTL licensing process and methodology.
- Participation in speaking events and the SUT security community.
- Assist SUT in driving performance based cyber security standards for security analysis and penetration testing assessments.
- Mentor new SUT Qualified Penetration Testers.
- Advocate and promote the Qualified/ Information (Cyber) Security Professional
- Assist SUT in designing and developing ideas for new training programs and content.
- Mentor and advise the SUT for the continued improvement of the Q/PTL standard.
About Qualified/ Forensics Expert License Board
Since 1999, The SUT Qualified Forensic Expert License Board is a member based network of volunteers that are recognized by SUT as highly qualified cyber security experts key in the field of cyber security. Once a Q/FE Qualification/Certification Practical is completed the Q/FE Qualification/Certification holder has earned their Q/FE License and may request to participate in the Q/FE Qualification/Certification program to review new Q/FE assessments. Each Q/FE Qualification/Certification reviewer is an independent highly qualified expert in cyber security with a proven track record to recognize excellence in cyber security assessments. QFEBoard@SU-testing.com
About Scheme Board
Since 2004, The SUT Scheme Board is a member based network of volunteers that are recognized by SUT as highly qualified cyber security experts key in the field of cyber security who meet on a consistent basis to provide leadership, support and constructive feedback to the executive leadership of SUT. The advisory board's purpose is to assist in leading the organization.
The SUT Qualification/Certification Boardreviews and validates schemes to ensure currency and relevancy. Schemes shall include, but are not limited to, the following components:
- scope of Qualification/Certification
- job practice analysis including task and knowledge statements
- identification of required knowledge and experience for Qualification/Certification
- prerequisites
- code of ethics and professional conduct standards
- assessment processes used for initial certification
- surveillance methods
- Qualification/Certification renewal criteria
- Qualification/Certification suspension or withdrawl criteria
The SUT | Scheme Board members are volunteers. schemeboard@SU-testing.com
About SUT Honorary Council
The Honorary Council is a member based network of volunteers that are the top cyber security experts in their fields. They are carefully selected from academia and/or industry and are committed to contribute back to society. An invitation is extended based on contribution to the cyber security community. And are an independent voice of the industry.
Their leadership role is honored and they can proudly declare their membership in the Honorary Council.
Roles and Responsibilities
The role and responsibility of each member varies based on their area of expertise, the development projects at hand and the resource availability of members.
Their contribution can be in many ways;
- Contribute innovative ideas for the benefit of Qualification/Certification members
- Participation in speaking events and the SUT security community
- Share Indulge best practices and assist the SUT in driving performance based cyber security standards
- Mentor new SUT Qualification/Certification
- Advocate and promote Qualified Cyber Security Professional
- Assist SUT in designing and developing ideas for new training programs and content
Disclaimer
Honorary Council members are not employed or otherwise by SUT. honaryboard@SU-testing.com
About SUT Job Task Analysis (JTA) & Physcho's (Psychometrics)
JOB TASK ANALYSIS BLUEPRINT: From June 1996 - July 2018; The information security professional’s work environment continually changes as new technologies emerge, rules and regulations are updated and new threats are identified. In order to ensure that each certification it offers remains relevant to these changing environments. SUT conducts Job Task Analysis (JTA) for its Q/ISP Certificate Program of Mastery credentials at 5 year intervals, or upon request, if needed. A JTA study is the methodical and critical process used to determine tasks that are performed by credential holders. Results of the JTA study link candidates’ examination score and practical’s directly ;ined to the cybersecurity skills and knowledge being tested.The content areas of the assessment or exam must be directly aligned to information gathered during a job/task analysis (JTA); also referred to as a role delineation study. The portion of the exam or assessment aligned to each area must be established and validated according to psychometric practices SUT’s JTA study begins by assembling a small diverse group of Qualified Subject Matter Experts (QSME) who practice in the cybersecurity field with years of experience and are representative of various geographic region, ethnicity, and practice settings. Led by a psychometrician, the group reviews the list of tasks and knowledge statements of the existing job role outlines to review and incorporate changes based on new cyber tools and methodologies currently in practice since the last outline was developed. The final list developed by the group is converted into a survey. The entire membership group of the credential holders is asked to validate the survey. This process is be updated every 5 years, based on industry trends. The result of the JTA process is a detailed exam blueprint, which contains weights which demonstrate the portion of the job, and therefore the portion of the exam, that is represented by the specific mastery of the tasks and knowledge, skills, competencies and abilities, and other (KSAOs).
Once the survey responses are collected and its data are analyzed by a psychometrician, the results are presented to the members of the Job Task Analysis (JTA) committee. The psychometrician leads the discussion and the Committee finalizes the results to develop new questions based on the survey and exam outcomes. The new questions become the basis for additional exam item development. Since this was additional questions, there is no new release of the Candidate Information Bulletins (CIB). Based on this JTA process, the mandatory content within the outline could be changed, moved around and rephrased to reflect the current practices. Cyber areas / domain names could also be changed, deleted. All SUT official documents, such as the candidate handbooks and communications will reflect these changes per acceptable psychometric standards and ISO/IEC 17024 requirement before they are made available to candidates.
What are the Benefits of Obtaining Professional Qualification/ Certification? The Q/ISP and other Certificate and Certification programs provides employers and consumers with an assurance that the qualified individual has attained a highly defined level of understanding or ability against a particular hands-on skill set or body of knowledge, and will maintain that level of expertise over a specific period of time. The certification renewal requirement ensures that certified, qualified and validated individual continually maintain and expand their knowledge and skills in the profession while keeping informed of advancements and updates in their field. Certification is required for employment in some professions, whereas in other fields, qualified certifications provides a competitive advantage to individuals who hold a particular credential.
Exam Administration
The SUT exam administration is consistent for every candidate. Policies and procedures are in place to ensure that each candidate has the same amount of time and testing conditions. The exam is always proctored and the proctor (whether in-person or virtual/ remote) has been trained to enforce SUT procedures. SUT exams are criterion-referenced. That means your exam score is not compared to others who took the exam (often referred to as test-curving). Rather, your score is based strictly on the number of questions answered correctly. The passing score on the SUTexam was determined by a panel of experts in the field of cybersecurity. Candidates must obtain the minimum scaled score of 70% to pass regardless of when or where they take the exam. A scaled score is reported rather than a raw score because the scaled score will not vary due to slights differences from test to test. TesTrac.com reports SUT examination scores as raw scores without any sort of adjustment or transformation, which is simply the number of questions the candidate answered correctly. Raw scores present the full picture to candidates because they take into account the qualitative factors and mandatory competency skills necessary to pass the exam. Exam scores are not based on difficulty of the questions or the performance relative to other candidates. A committee of experienced and qualified IT security QSME’s developed initial objectives for each certification based on mastery of competencies, which are then refined by a larger panel of subject matter experts through a formal Job Task Analysis (JTA) process. This ensures that all objectives are valid and relevant to the certification. http://www.securityuniversity.net/sut_governance.phpPsychometric research is conducted to determine passing points to ensure that every candidate receives a fair and valid exam of the highest possible quality. All candidates receive unlimited access to SUT proprietary practice tests to help them prepare for the certification exam.A committee of experienced IT security professionals develops initial objectives for each certification, which are then refined by a larger panel of subject matter experts through a formal Job Task Analysis (JTA) process. This ensures that all objectives are valid and relevant to the certification. When reporting SUT examination scores, we report them as raw scores without any sort of adjustment or transformation, which is simply the number of questions the candidate answered correctly. Raw scores present the full picture to candidates because they take into account the qualitative factors and difficulty of the questions not the performance relative to other candidates.
SUT uses Classical Test Theory, the simplest and most understandable way to report scores is to tell candidates how many questions they got right (their raw score) or what proportion of the questions they got right (their percent-correct score). All forms have a consistent 70% passing score. Passing score does not vary depending on the difficulty of the particular set of questions you get. Everyone takes a form of the test that has a mandatory set of questions that result in a passing score of 70%. You answered 68% questions correctly. Unfortunately, you did not pass the test. Or your answered 70% questions correctly and you passed. http://www.securityuniversity.net/sut_governance.php.
SUT uses input from qualified subject matter experts every 5 years to review the difficulty of the questions in the item pool relative to the skills, mastery, competencies and abilities of the target audience and provide guidance on where the passing score should be set is essential to the standard setting process. Competency-based objectives and mastery increased cybersecurity skills and capabilities of the incumbent and entrant IT workforce. As a result, the actual number of questions that a candidate has to answer correctly to pass has not varied because the difficulty of the question set changes has continually been based on mandatorymastery questions that define competency. All candidates see the same more or less difficult set of questions. SUT provides fair play to all candidates. Everyone should be able to answer the same percentage correct as no one sees an easier set of questions. SUT raw scores are deciphered in terms of their actual meaning across different examination forms – a passing score base on the same level of difficulty.
The SUT exam administration is consistent for every candidate. Policies and procedures are in place to ensure that each candidate has the same amount of time and testing conditions. The exam is always proctored and the proctor (whether in-person or virtual/ remote) has been trained to enforce SUT procedures. TesTrac.com reports SUT examination scores as raw scores without any sort of adjustment or transformation, which is simply the number of questions the candidate answered correctly. Raw scores present the full picture to candidates because they take into account the qualitative factors and mandatory competency skills necessary to pass the exam. Exam scores are not based on difficulty of the questions or the performance relative to other candidates.
A committee of experienced and qualified IT security QSME professionals develops initial objectives for each certification based on mastery of competencies, which are then refined by a larger panel of subject matter experts through a formal Job Task Analysis (JTA) process. This ensures that all objectives are valid and relevant to the certification. http://www.securityuniversity.net/sut_governance.php
SUT adheres to ANSI and NCCA Standards for the accreditation of certification programs and examination administration. The security of exam materials, from storage of the item bank to prevention of exposure of test content during exam administration, is ensured by TesTrac.com’s implementation of documented testing procedures and Security University’s secure implementation of documented procedures and proctoring. The confidentiality and soundness of test results requires systematic and productive efforts in all aspects of the design, development, and maintenance of these exam programs. SUT implements additional efforts to prevent and detect if any cheating has occurred. SUT has implemented solid security procedures for high stakes assessments, proctored and managed by TesTrac.com from student registration to renewal and the results of all exam scores. http://www.securityuniversity.net/sut_governance.php
Grievances, complaints and ethics violations are a serious matter. SUT has an established process for answering candidate questions and addressing issues and complaints. Grievances, complaints and ethics violations are a serious matter. SUT has an established process for answering candidate questions and addressing issues and complaints. If a student has contacted SUT previously and have not received a satisfactory response to the exam issue, he/she may submit a grievance email form to escalate the matter.
To report a Code of Ethics violation, please see the Code of Ethics and Professional Conduct violation form available from http://www.securityuniversity.net/SUT/report.php
For all other matters, please submit an email to report@su-testing.com.
