Certified Penetration Testing Specialist Student Review by FAA Security Officer

Subject : Recommendation
Date : Wed, 20 Sep 2006 10:26:00 -0500
From : XXXXXXXX@faa.gov
To : roberts06 (at) mile2.com

Michael,

Having attended both the CPTS and CPTE security training classes presented by Mile2, I will definitely recommend this training for IS security analysts within the FAA ( Federal Aviation Administration).

As you may know, our certification and authorization packages performed on various critical infrastructure assets are directed by FISMA guidelines, as well as other Federal directives and orders. FISMA guidelines state that"periodic testing and evaluation of the effectiveness of information
security policies, procedures and practices, to be performed with a frequency depending on risk,.. which shall include testing of management, operational, and technical controls of every information system identified in the inventory..."

The only way for an organization to know the effectiveness of the security controls already in place is to think like an attacker, and be knowledgeable about, and skilled with, the cyber attack tools that are
readily available to anyone. This is not any different than securing a house or other structure. You must know all of the entry points in order to make sure those are secure. This is where the value of the Mile2 CPTS/E classes lie. Mile2 instructors do not just teach theory of information system attacks. They have real world penetration testing experience that they professionally convey in a hands-on environment. I have attended a similar course offered through SANS which taught volumes about tools and theory, but with 300 other individuals in the class, and no hands-on until the last day of class, the learning experience was disappointing, to say the least. All Mile2 classes I have attended have had no more than 15 students, which allows substantial one-on-one time with the instructor.
All of the modules include hands-on labs that allow the student to gain an understanding of the attack tools, which is paramount in mitigating attacks.

All in all, Mile2 training far surpasses that of SANS for the following reasons:

1) Small class size ensures that all questions from students are discussed and answered, either as a group, or one-on-one with the instructor. This is not possible in a large class setting typical of SANS training.

2) Hands-on experience with attack tools on a daily basis.

3) Lower cost than SANS training, usually by at least $500.00.

Thank you for presenting the penetration testing material in such a way that was very conducive to really absorbing the knowledge needed to better help me protect the critical information infrastructure of our nation.