|Pentest magazine has selected mile2 to be featured on their magazine. Ray Friedman the CEO of mile2 was asked to be featured on the front cover of the magazine. Read the entire interview about the exciting development of mile2's global presence and newly featured training programs.
Download the Interview with Ray Friedman
Raymond Friedman is the CEO and President of mile2 and has been in the IT Security Space since 2002. While in this industry, he has been actively engaged in consulting for global financial and government institutions; performing security audits, penetration tests and digital forensics services. During his tenure at mile2, Raymond has spearheaded the developmentof the present series of mile2 certifications which have become globally recognized by Militaries worldwide. Presently, Raymond carries several certifications and advanced degrees such as the Master of Science in Accounting – Forensics & Controllership,the Certified Information Systems Security Officer, Certified
Penetration Testing Engineer and Certified Digital Forensics Examiner.
When was Mile2 founded and what is your philosophy?
Mile2 was developed in response to the threat of corporate and national information security attacks in the aftermath of 9/11. Our philosophy is to provide an excellent and effective education, certification and consulting to individuals and organizations that will provide the answers to their security challenges. We pride ourselves in delivering a high quality program that is unmatched in the information security arena, combining theoretical and practical education with extensive labs that give each student the opportunity to understand and apply their knowledge and have the skills needed to provide exceptional value to their clients, employers and nation.
Please tell us about your professional experience in Information Security.
I have been in the IT Security Space since 2002. During that time, I have actively been engaged in consulting, instructing, developing material and as well as new pen testing methodologies.
Can you tell us some of Mile2’s accomplishments since its inception?
Since mile2’s inception, we have become the de facto standard for education and certification for organizations and militaries worldwide. We have accomplished this feat by developing a series of high level security certifications that focus on industry standards and leading technical policies. In addition to this, mile2 is in the process of developing the most cutting edge distro (presently called Ghost), which should surpass Backtrack inadequacies. The distro is lighter, more effective, robust and will have instructional videos, as well as, labs to help aid the student perform some complex penetration testing functions. Ghost is unique because it’s a powerful tactical tool that focuses strictly on educational purposes as opposed to blackhat methodologies which tend to bring down what we are trying to bring up in a secure fashion. Ghost is currently in Beta form and should be out in the market space in Q2 as an open project.
Tell us more about the instructors at Mile2 and some of the courses offered.
Mile2 instructors are highly experienced consultants and globally recognized authors such as Kevin Henry and James Michael Stewart who were converted to instructional services. They understand what it means to be in the field and are not simply academics.
What are some of the mile2 certifications that are in high demand what are the major differences between the certifications verses those in the market space?
Our highest Demand is our flagship certifications that include the following:
Certified Penetration Testing Engineer (designed originally for the US Air Force), – this course and certification is a key to educating administrators and auditors how to test, evaluate and strengthen system defenses. The CPTE describes and demonstrates the tools and techniques used by hackers and penetration testers. Mile2 students use and become familiar with the tools in mile2’s secure lab environment and learn how to use the tools to assist them in evaluating their own systems and networks. Compared to other certifications in the Pen testing space, the Mile2 courses use up to date tools in current environments that are in use today, and do not just use old tools against old vulnerable system. Mile2 is at the forefront of developing new pen testing tools and Mile2 students benefit from the very latest in new testing methodologies. Other certifications in this space would include the Ec-Council CEH program.
Certified Secure Web Application Engineer (Developed for Boeing Aerospace) – The CSWAE certification addresses one of the most serious gaps in the information security market today, vulnerabilities in web applications and architecture. The majority of data breaches are the result of vulnerabilities in web applications. Web developers are not usually aware of the security issues,
threats and vulnerabilities that plague web application and are not provided access to the training that would enable them to design, develop, test and deploy secure web applications. Other certifications in the field of web application security include the (ISC)2 CSSLP.
Certified Information Systems Security Officer (Developed for the Department of National Defense). This certification was developed specifically at the request of clients to create a program that met the educational requirements of an information security officer. This course and certification is closely aligned with the everyday needs of a security manager and ensure the certified officer has a complete and authoritative level of knowledge that will enable them to direct, design, and maintain a strong information security program that will support business operations and compliance requirements. This certification leads the way in an area also addressed by the ISACA CISM and CRISC, and (ISC)2 CISSP and ISSMP program.
How are Mile2 certifications different from other certifications in the industry?
Mile2 certifications are unique in their approach of combining theory with practical experience. Mile2 courses are always up-to-date with the latest developments in tools, best practices and threat scenarios. Most other certifications are either too technical and do not address the need to retain a business-orientated focus on security, or they are too theoretical and do not provide the certificate holders with the practical knowledge they require to implement and maintain a security program. The balance provided by Mile2 courses equips the attendees with the knowledge, skills and practice needed to immediately provide benefit to their organization or clients and be confident in using their enhanced skills.
What services do you offer in your Information Assurance Division?
Our main focus is Application Testing, Network Penetration Testing, Secure Virtualization, Systems Auditing and Disaster Recovery Planning.
For a lot IT professionals it is quite challenging to move into Penetration Testing/ Computer Forensics, as an educator what is your advice to people who are interested in Computer Forensics but don’t really have the necessary industry experience?
Perhaps the best advice is be careful what you ask for. Far too many people gravitate to Pen testing and Forensics because they see the James Bond glamour of being a cyber-intelligence officer. Forensics is the investigation of potential criminal activity and pen testing bears a high level of responsibility. When working on a pen test or forensics investigation, the professional must ensure that they are working within a clear scope, authority, and well-defined methodology and execute their tasks in a thorough and accurate manner – this is no area for a casual exercise since a mistake may lead to serious consequences for everyone involved. A person interested in this must understand business, culture, law, reporting, detail, documentation, and tools. This is a great field but enter with care, seek to learn everything you can, and be creative – it is far more than just running tools.
How often do you update your training material and what are your sources of information?
Mile2 material and labs are updated every 3-6 months. All of mile2s material is printed on demand so that it can reflect the latest developments.
What are some of your training options (online, on-site, corporate etc)?
Our training options are the standard Instructor Led Training, On-live Remote and in a Computer Based Format. All of our students have the opportunity to learn directly from knowledgeable and experienced instructors and then immediately use the tools and apply that knowledge through accessing our remote labs.
What are your plans of expanding internationally?
Presently, the international market has responded extremely well towards the mile2 certifications due to the fair pricing, the flexibility of examination and the high quality step by step labs needed to prove high competency levels. With this winning equation, mile2 has expanded to almost 100 locations in 2011 and are looking to triple that in the next 18 months.
How is the market responding to entry-level security professionals, someone who has training but no industry experience?
Education and certification is a key first step – it ensures that the new professional has the core knowledge required to work effectively, but, as most experienced professionals know, certification is no guarantee of proficiency. The entry level person must be keen to learn, seek out advice and be willing to learn to follow test scripts and methodologies. They cannot just start jumping around from point to point in a test without having the patience and determination to follow a test through to its completion. This maturity often comes through in job interviews and as we often say, certification may get you the interview, but your attitude and experience will get you the job. We need more security experts and there is a need for those to enter the field – and we are all passionate about mentoring new keen people.
What are some of the hot topics in Information Security today and how are you integrating them in your training?
Every organization must be recognize the impact of new technologies, new threats and changes to business processes and the work of the security professional will never be done. The first priority is to work on aligning security with the business and working to integrate security into the business processes and strategies. Specific technologies that have been brought into Mile2 programs in the past few updates relate to the issues associated with Cloud Computing, SCADA networks, Mobile Applications, virtual environments and Voice over IP. The responsibility of the Security Professional is to be proactive and begin to address emerging risk even before it becomes an issue. There is really no excuse for a security program that is always trying to play catch-up with changes in technology, Mile2 also believes this and ensures that these topics are built into the courses, labs, and certifications even before they become commonplace.
The interview done by A Rao (CISSP, CISA, ITIL)