Global Information Assurance Certification
By Bob Witham, OIT
The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization, which now reaches more than 165,000 security professionals. SANS is the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, a large collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center.
In December 2006, MS-ISAC (Multi-State Information Sharing and Analysis Center) entered into an agreement with SANS to offer several SANS training courses for MS-ISAC members at reduced tuition rates. Taking advantage of Maine's membership in MS-ISAC, Mike Pomerleau, Kevin St. Thomas, and Bob Witham enrolled in an over-the-web course from SANS (SANS@Home) entitled "Security Essentials." This qualified the trio to be able to test for the "GIAC Security Essentials Certification" or GSEC.
GIAC (Global Information Assurance Certification) was established in 1999 to validate the skills of computer security professionals and to provide assurance that a certified individual has the knowledge and skills necessary for a practitioner in key areas of computer, information and software security. Though not as well known as the CISSP family of security certifications granted by the International Information Systems Security Certification Consortium, GIAC certifications are recognized and trusted by many companies and government agencies, including the United States National Security Agency (NSA).
This certification by Mike, Kevin and Bob meets one of the findings of the OPEGA audit which noted that the State did not have any professionally certified security staff. Beyond simply meeting an audit requirement, however, this certification demonstrates the OIT and the state commitment to ensuring that our information technology security personnel are kept up-to-date on current threats and trends in information security.