How the ISAC Scholar Program surpasses CISSP in many areas
In the evolving landscape of cybersecurity, professionals are continually seeking advanced training programs to stay ahead of emerging threats and technologies. The Certified Information Systems Security Professional (CISSP) certification, developed by the International Information System Security Certification Consortium (ISC2), is widely recognized as a benchmark for cybersecurity expertise. However, a new program from a cybersecurity non-profit foundation, referred to as the Scholar Program, is rapidly gaining traction for its comprehensive and innovative approach.
This article explores how the ISAC Scholar Program not only aligns with but also surpasses the CISSP certification in various critical aspects.
Overview of CISSP Domains
The CISSP certification encompasses eight domains, forming the foundation for a well-rounded understanding of cybersecurity. These domains include:
The CISSP certification covers the following eight domains:
1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security
The Scholar Program covers the following topics:
| Module | Title |
+ — — — — — — — — — — — — — — — — — — — -+
| NCS 101 | OT Security and CII Protection |
| NCS 102 | Off-grid living + Hardware Hacking |
| NCS 103 | Security Architecture and Engineering |
| NCS 104 | Security Assessment, Testing & Reporting |
| NCS 105 | Governance and Risk Management
| NCS 106 | Cloud Security and Asset Security |
| NCS 107 | Application Security, SDLC and Reverse Engineering |
| NCS 108 | Zero Trust Architecture |
| NCS 109 | War Gaming: Red Team and Blue Team Labs |
| NCS 110 | Identity and Access Management |
| NCS 111 | Aviation cybersecurity + AOCC Visit |
| NCS 112 | Security Operations and Next Generation SOC |
| NCS 113 | Advanced Threat Intelligence and Hunting |
| NCS 114 | Digital Forensics, Incident Response and Cyber Insurance |
| NCS 115 | CII Focus: Healthcare Sector |
| NCS 116 | Artificial Intelligence and Machine Learning in Cybersecurity |
| NCS 117 | Space Cyber Security |
| NCS 118 | Economy, Intelligence and Cyber Warfare |
| NCS 119 | CII Focus: Telecom Sector, Network and Comm Security |
| NCS 120 | War-Game Hands-on |
| NCS 121 | Creating Cyber security Policies |
| NCS 122 | CII Focus: Defense Sector |
| NCS 123 | War-Game Hands-on and Interactions |
| NCS 124 | Security and Risk Management |
| Industry Visits | |
| Capstone and Closing Ceremony | |
+ — — — — — — — — — — — — — — — — — — — -+ — — — — — — — — — — — — — — — — —
Empanelment in the National Security Database platform
How the Scholar Curriculum Surpasses CISSP in several areas:
1. Broader Scope with Industry-Specific Modules:
a. CII Focus: NCSS curriculum includes specific modules on Critical Infrastructure Information (CII) Protection in various sectors (Power, Transport, Healthcare, Telecom, Defense), providing specialized knowledge that is not covered in depth by the CISSP. This makes it more applicable to professionals working in these critical sectors.
b. Aviation Sector Security + AOCC Visit: This is unique and offers practical insights into securing aviation infrastructure, which is not specifically covered by CISSP.
2. Advanced and Emerging Topics:
a. Artificial Intelligence and Machine Learning in Cybersecurity: This module covers cutting-edge technologies and their applications in cybersecurity, an area that is only briefly touched upon in the CISSP curriculum.
b. Space Cyber Security: This is a highly specialized area, reflecting the growing importance of securing space-based assets, which is not included in the CISSP syllabus.
3. Practical and Hands-On Training:
a. War Gaming: The extensive hands-on labs for Red Team and Blue Team exercises provide practical experience in offensive and defensive cybersecurity strategies. This hands-on approach is more detailed than the CISSP, which is primarily theoretical.
b. Off-Grid Living and Physical Security Skills: These modules introduce physical and survival skills and covers hardware hacking, lockpicking workshop, using HAM Radios and RF Hacking, adding a unique dimension of preparedness that integrates physical security with cybersecurity, which is not covered in CISSP.
4. Holistic Approach to Security:
a. Economy, Intelligence, and Cyber Warfare: This module offers a broader perspective on how cybersecurity intersects with economic stability and national security, providing a more comprehensive understanding of the global impact of cybersecurity.
b. Creating Cybersecurity Policies: While CISSP covers policy development, the Scholar curriculum offers a dedicated module that emphasizes practical policy creation and implementation.
Unique Aspects
· Integration of Physical and Cyber Skills: The inclusion of off-grid living and physical security skills alongside traditional cybersecurity topics is unique. This holistic approach ensures that professionals are well-rounded and prepared for both digital and physical threats.
· Specialized Sector Training: The targeted modules for different critical infrastructure sectors provide deep dives into specific industry needs, making the curriculum highly relevant for professionals in those areas.
· Advanced Practical Training: The extensive use of war gaming and hands-on labs ensures that participants gain practical, actionable skills, which enhances their ability to respond to real-world threats effectively.
Use of a Physical Cyber Range for OT Security Simulation:
Another standout feature of the Scholar Program is the incorporation of a physical cyber range for Operational Technology (OT) security simulation. This advanced training environment has won two Guiness Book of World Records in 2023 and allows participants to engage in realistic, hands-on exercises that mimic real-world cyber-attacks on critical infrastructure systems.
By simulating breaches and defensive responses in a controlled setting, professionals can better understand the complexities of OT security and develop effective strategies to protect vital industrial systems. This immersive experience is a significant enhancement over the theoretical focus of the CISSP, providing practical skills that are directly applicable to protecting critical infrastructure in the modern cybersecurity landscape.
Conclusion
The Scholar Program curriculum not only matches but surpasses the CISSP content in several areas, particularly in its practical application, specialization, and inclusion of advanced topics. The unique integration of physical security and survival skills with cybersecurity, as well as the focus on critical infrastructure, makes it exceptionally comprehensive and relevant for modern cybersecurity professionals.
