Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

CERT-Certified Computer Security Incident Handler

Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When information or technology incidents occur, it will be critical for an organization to have an effective program, process, and qualified individuals responding. The speed with which an organization can recognize, analyze, and respond to an incident will limit the damage done and lower the cost of recovery.

The CERT-Certified Computer Security Incident Handler (CSIH) certification program has been created for

  • computer network incident handling and incident responder professionals
  • computer security incident response team (CSIRT) members and technical staff
  • system and network administrators with incident handling experience
  • incident handling educators
  • cyber security technical staff

The certification is recommended for those computer security professionals with one or more years of experience in incident handling and/or equivalent security-related experience.  Although completion of training is not a requirement, we highly recommend that each applicant ensure they have studied appropriately for the examination.

SEI CERT provides certification and training programs to support the needs of military, civilian, and contract personnel who handle information systems with the appropriate certification and training needed for the job they perform.

Why Become Certified as a Computer Security Incident Handler?

Every organization relies on professionals who are highly skilled in various computer security practices to operate successfully in today’s environment. These same organizations have discovered that using certifications is a way to identify, hire, and promote motivated and skilled individuals in the workforce.

SEI Certifications support the transition of best practices in various technologies. More specifically, SEI-Certified Computer Security Incident Handlers

  • are knowledgeable and skilled in the latest practices in the cyber security field
  • will produce high-quality results
  • have the abilities and skills to help an organization reach goals
  • have completed an industry leading qualification track
  • committed to a professional code of conduct that separates them from all other practitioners in the field
  • ensure that the organization stays current on recent innovations and research in the computer security field.

The certification program supports those who are computer security incident handling or incident responder professionals, computer security incident response team (CSIRT) members, network security technical staff, and other information assurance practitioners who are involved in incident handling functions.

Steps for Becoming a CERT-Certified Computer Security Incident Handler

1. Apply

  • Submit your Certification Application with one (1) or more years of experience in incident handling in a technical and/or management role within seven (7) years of submission of the Certification Application.
  • Provide a detailed resume listing your relevant experience. (See the CSIH FAQ for more details on experience that meets the criteria for application.)
  • Submit a completed Certification Recommendation Form signed by your current manager.
  • Candidacy Acceptance- The SEI will review your application and associated documentation for completeness and applicability to the experience standards required by the program. Applicants not accepted will receive notification with information highlighting areas that need improvement.

2. Meet Examination Requirements

Obtain a passing score on the CSIH certification examination. Submit examination and certification fee of $499 when registering for the examination. Testing can be accomplished via the SEI testing network or in written format at conferences and events.

Candidates who successfully complete the examination are then submitted to the CSIH Advisory Board for confirmation of certification.

Candidates who do not successfully complete the examination are provided with a score report and guidance for next steps.

3. Receive your certification

Successful candidates will receive a certification diploma. If at any time your performance during qualification is unsatisfactory, the SEI will provide you with feedback and, if necessary, steps for remediation.

4. Keep your certification up to date

Your CERT CSIH certification is valid for a period of three years from the award date. Learn how to renew your CERT CSIH certification.

Important Change to the CERT-CSIH Certification

In 2012, the CERT-CSIH earned accreditation from the American National Standards Institute (ANSI) Accreditation Program for Personnel Certification Bodies for compliance with the US DoD 8570 Information Assurance Workforce Improvement Program. However, please note that as of August 1, 2013 the SEI will discontinue its ANSI accreditation and the CERT-CSIH will no longer be an approved DoD 8570 baseline certification. Effective immediately, those professionals seeking to complete the CERT-CSIH program in order to fulfill the DoD 8570 requirement should search for a different certification to be in compliance. The SEI will continue to offer the CERT-CSIH certification program, including the exam, for all others seeking this relevant, professional development credential.