ITCC June Member Meeting

ITCC June Member Meeting
June 15, 2017
11:00 am CT


Integration of an Acquired Certification Program: M&A Considerations

Presenter: Beverly van de Velde, Senior Manager, Symantec

Have you ever wondered just where to begin when starting the integration process after acquiring another company’s certification program? If so, then this session will cover lessons learned touching on topics such as gathering requirements, planning the credentials data migration, planning exam migration, voucher management, communication planning, and best practices.


Beverly is a sailor, skier, paddle boarder, beach cruiser, hiker, foodie, world traveler, and occasional fisherwoman, as well as a Senior Manager for Symantec Global Education Services, specializing for 9+ years in high stakes certification testing. Her latest challenges include integrating a new company, implementing an LMS, evaluating testing approaches such as lab exams, implementing digital credentials, and leading a production team in the development of an end user security awareness service. She also serves on the Performance Testing Council board and enjoys receiving and sharing knowledge.

ITCC Certification Program Question List

ITCC Certification Program Question List

Working in the IT certification field I come across a plethora of certifications, some good, some bad and a few that crossed the line into ugly. As I’ve read and written about the merits and weaknesses of various certifications, I’ve occasionally wondered if I couldn’t put one together myself. Beyond wondering, I’ve even scribbled some ideas on a whiteboard. After all, even ink-stained hacks like myself can take a run at IT fame and fortune.

Alas, developing a certification program is a really, really difficult thing to do. The more I scribbled, the more it became evident that I was in the deep-end of the pool without my water wings. There were so many questions to be answered. Questions like: How much can I charge? Who can I sell it to? What should the certification cover? And finally, “What was I thinking? I don’t have any idea how to do this.”

I’m not trying to discourage anybody who is thinking of developing their own certification program. Far from it, I’m actually here to share some news about ITCC’s latest white-paper, the Certification Program Question List.

If you’ve got the itch to create your own certification, this paper is worth a deep-dive. Compiled by a multi-company team of ITCC members, it’s a detailed checklist of important questions that to consider before attempting to create a certification program. The checklist covers all of the major areas of concern that should be taken into consideration when starting a certification program from scratch including policies and agreements, systems and vendors, economics exams, security, maintenance and operations, and staffing needs.

Each section covers not only the obvious questions like renewal and test delivery, but important questions that are often overlooked. For example, who stops to think about addressing any legal or regulatory issues or how does the proposed certification fit in with existing certification products?

For those who follow the checklist carefully, it will be extremely useful in facilitating important discussions with stakeholders and executive management to ensure their full support. Moreover, obtaining answers in advance to the many questions presented in this document should be advantageous to the director of any high stakes certification program.

It is ITCC’s hope that the detailed, thought-provoking questions outlined in the document will “help create a solid foundation when constructing a new certification program from the ground up and to help others avoid the pitfalls that many of us have experienced in creating our own programs.”

Creating a certification program is anything but easy, and to be sure, no two certification programs are exactly alike. However, we can all benefit from the experience of those who have gone before us with a goal of creating the best certification program possible using whatever resources are available.

ITCC Projects are for the use of ITCC  Members. To download, visit Basecamp or request a copy from ITCC HQ.

About the Author — Calvin Harper is an associate editor for GoCertify and a veteran of the publishing industry.


Remote Proctoring: Benefits, Risks, and Lessons Learned

Remote Proctoring

It’s an online world and we are all captives. Almost any sort of business can now be conducted via the internet. This includes shopping, gambling, gaming, programming, day-trading, data entry, transcribing, recruiting, accounting, payroll services, and even one as famously stress-filled as wedding planner.

It turns out that the internet is also a great place for learning, particularly when it comes to certifications. Of course, once instruction began taking place online, it was only a matter of time before somebody came up with the idea that testing could also be done online. Hence the introduction of remote proctoring, (also known as online proctoring) the “process by which a candidate is proctored live over the internet via a web camera rather than being proctored by someone in the same physical location.”

Candidates who are being remote proctored typically sit in front of their computer keyboards and screens with a camera focused on them. Proctors watch test takers through the camera in order to detect any cheating activities like crib-notes or unauthorized study materials. Proctors can view the entire room and even detect any prolonged eye-movements away from the screen that might indicate a candidate is looking at notes.

During the last decade, remote proctoring has become a widely accepted method for delivering tests to students and candidates. One major advantage is cost savings: test providers don’t need to set-up an established test site and test takers can avoid having to spend a great deal of time and money traveling to a designated testing site.

Academic institutions in particular have found remote proctoring to be good fit for themselves and their students. However, credentialing and licensing bodies have only recently begun to experiment with remote proctoring with the greatest interest coming from credentialing organizations, particularly those offering IT certifications.

Given the IT community’s increased interest in remote proctoring, the ITCC Securing Certifications subcommittee commissioned the Remote Proctoring Task Force to document the pros and cons of remote proctoring, interview IT certification organizations regarding their experience with remote proctoring, and provide considerations for those exploring the adoption of remote proctoring.

Certifying organizations are increasingly enamored with remote proctoring because the process enables them to introduce new content to the course quickly and easily and, since exam sessions are typically recorded, they can readily audit proctors and exam candidates to help resolve any complaints or issues that arise.

Accessibility is the most commonly mentioned reason for an organization to utilize remote proctoring. The increased coverage and convenience to candidates is vital to companies with global programs, whose candidates often have to drive long distances or fly to testing centers. One company interviewed stated that “offering online proctoring makes it more convenient for current candidates, and potentially opens opportunities for new business.”

Remote proctoring has thus far proven helpful, but it’s not a panacea for either candidates or certifying organizations. There are advantages and disadvantages in each of the following areas:

  • Testing Environment
  • Perceptions of Remote Proctoring
  • Exam Structure
  • Access/Convenience and Geographical Reach
  • Comfort and Anxiety
  • Cost
  • Technology
  • Privacy

For example, the comfort and anxiety levels of candidates can vary greatly. Some may be comfortable using the technology in their home or office and are able to ignore the camera. Others however, may find the camera distracting and the limitations on body and eye movements to be intimidating and stressful.

It’s the same with access and convenience. While certification opportunities are open to individuals living or working in remote areas, such opportunities require the proper technology and internet access.

While remote proctoring appears to be here to stay, there are certain questions one should answer before deciding to implement it, including: what are the benefits to your organization, what happens if a candidate experiences technical issues during an exam, and how will you ensure the privacy of test takers in compliance with the legal requirements of different countries.

ITCC Projects are for the use of ITCC  Members. To download, visit Basecamp or request a copy from ITCC HQ.

About the Author — Calvin Harper is an associate editor for GoCertify and a veteran of the publishing industry.

ITCC Member Updates

As a member of ITCC, we wanted to provide you with key details on the latest special projects and member benefits. Below highlights the ways you can get more involved in ITCC in the coming months.

Join a Project or Task Force
Contribute to industry task forces and special projects that influence global IT Certification policies. Current projects include:

  • Agile Development
  • Documentation of the IT Certification Ecosystem
  • Process for Legal and Program Support to Invalidate if Unauthorized Material is Used
  • ITCC Marketing Task ForceIf you are interested in participating or have additional ideas, tell us here.

Monthly Member Meetings
Each month ITCC hosts virtual Member Meetings with the goal of encouraging members to take time to listen to what others are doing in the certification industry to spark discussion. Meetings are held the third Thursday of each month. Have an idea for an upcoming meeting? Interested in reviewing recent meetings? Visit the Member Meeting Database on Basecamp for more information.

Basecamp is the project management tool ITCC Task Forces use to collaborate and also hosts:

  • Member Meeting Video Database – All Member Meeting Videos since 2014
  • ITCC March In Person Member Meeting Wrap-Up
    • March Meeting Presentation and Minutes
    • 2016 Employer Survey Results
    • Recently Completed Task Force Projects:
      • ITCC Incident Matrix
      • Certification Program Question List
      • Remote Proctoring – Benefits, Risks, and Lessons Learned White Paper

March In Person Meeting Wrap Up
If you weren’t able to attend the March in person meeting at ATP, stop by the ITCC Blog for a quick recap. Otherwise, all materials are available on Basecamp for your review.

Join Our LinkedIn Group
ITCC’s private LinkedIn Group is the format members use to engage with each other. Have a quick question or interested in starting a discussion? This is the place to connect with other individuals in the industry who are part of ITCC.

We also have a public company page, so feel free to connect with ITCC there as well.

Have questions about your membership? Want to learn more about other members of the group? Interested in getting more involved? Contact ITCC HQ for more information and support!

Invite Your Colleagues
To make sure you and your colleagues stay up to date on the newest ITCC news, please email ITCC the contact information of those who should be added to our member roster.

Fighting Fire: The ITCC Incident Matrix

When viewing the entire IT certification landscape, the multitude of problems posed by cheating on certification exams probably often seems like a plume of smoke from a far-off wildfire. There’s visible evidence of danger and destruction, but unless the flames are literally beneath your nose, then it’s easy to discount the damage done and tuck the incident into a file marked “Pending Action: Must Address Someday.”

Perhaps the issue can be contained without needing to be stamped out. Maybe it will eventually subside and disappear altogether. Don’t wildfires sometimes burn out and dwindle away without any direct intervention from human responders?

Cheating on exams, of course, may represent the destructive flames of our metaphorical wildfire. There are a host of contributing factors, however, which could be seen as acting in the same manner as wind, or deadfalls and dry brush: causing the initial burn to spread and rage out of control. If these exacerbating agents could be better managed, then the fires, when they break out, might be easier to confront.

Actual firefighters don’t typically have the means or information needed to mitigate the ruinous impact of wildfires before they strike. Those who manage and administer IT certification programs, on the other hand, need not be taken by surprise when a cheating crisis emerges. With the right blend of precautions and active monitoring, certification programs can be fortified and protected against the devastating effects of cheating.

Ready and Waiting

Sometimes knowing where to start is among the biggest hurdles to overcome when tackling a complex and ongoing problem. The IT Certification Council, with a big assist from the certification team at Citrix, has designed an outline for certification programs to follow when assessing threats and implementing precautions. The ITCC Incident Matrix can be your test and testing protection blueprint, guiding you in securing both exam materials and the exam process itself.

One early indication of brewing trouble, for example, is exam candidates using forums, chat rooms, list mail, or other means to ask about the availability of content from past or current certification exams. The inquiry may sound harmless: “I’m preparing to take the XYZ exam and I’m wondering what to expect. Does anyone have any questions from past exams that I could look at?” The initial intent may even be harmless. Sinister ends don’t always arise from sinister intentions.

The ITCC Incident Matrix can help you determine the appropriate level of response to the various activities that either directly indicate, or could lead to, actions that compromise exam security. It can also help you know where to direct your monitoring. A candidate who retakes a certification exam after passing could merely be a perfectionist driven to pursue a better score. Seeking repeated exposure to exam content, on the other hand, could certainly be spurred by ulterior motives.

Cybersecurity experts are bound to be familiar with the “defense in depth” approach to information security, which uses multiple layers of security controls to protect an IT system. An attacker may penetrate one layer of protection, but get tangled in the next, or the one after that. The ITCC Incident Matrix can similarly help certification programs deploy multiple protections against cheating.

Cheating on certification exams may seem like a distant or insignificant problem. Just as wildfires can suddenly and dramatically increase in size and destructive intensity, however, the harmful consequences of cheating can quickly spiral out of control. The ITCC Incident Matrix can help you immediately embark on a course of proactive and preventive action.

ITCC Projects are for the use of ITCC  Members. To download, visit Basecamp or request a copy from ITCC HQ.

Article by: Cody Clark, Managing Editor, Certification Magazine

Recap: ITCC Spring In-Person Member Meeting


In March, 33 members of the IT Certification Council (ITCC) gathered together in Scottsdale, Arizona for their
Spring Meeting. Each year the group convenes ahead of the Innovations in Testing Conference to discuss the latest from member organizations and the industry. The day kicked off with updates from each of the different Task Forces and Committees including Membership, Education, Securing Certifications, Badging, Marketing, and Finance.
The highlight of the day was when members exchanged ideas and best practices for success in the testing industry in small groups. Discussions focused on key issues facing stakeholders including certification candidates, program managers, and vendors. The interactive session led to the development of new projects for the Badging Task Force Task Forces around agile development, documentation of the IT certification ecosystem, and developing a process for legal and program support to invalidate if unauthorized material is used.

During the meeting, ITCC also presented the Innovation Award in recognition of
achievements or innovations from a team for the creation of a product, service, or initiative that resulted in a positive impact to their company or the IT certification industry. This year, Acclaim / IBM were announced as the winners in acknowledgment of the innovative learning recognition program created by IBM. With a goal of attracting, developing, and engaging a workforce of IT talent to support its strategic goals, the recognition program uses open badges, which IBM began issuing in 2015 through Pearson’s Acclaim platform. Working together, the two organizations developed and applied best practices to create an industry-leading badging program that is producing remarkable results, increasing learner engagement and motivating skills progression across IBM’s talent ecosystem.

As the Board and members alike wrap up details of the Spring Meeting, consider joining in and contributing your experience at the ITCC Fall Meeting. Additional information to follow when available.

Looking to learn more about the details of the meeting? The presentation and meeting minutes are available for your review on Basecamp. Contact ITCC HQ for access today.


new member meeting

ITCC In-Person Member Meeting
March 4-5, 2017
Scottsdale, Arizona


Saturday, March 4th, 2017
6:00 P.M. – ITCC Member Dinner
Blanco Tacos & Tequila
6166 North Scottsdale Road, Scottsdale, AZ 85253

Sunday, March 5th, 2017
8:30 a.m. – 3:00 p.m.
ITCC Member Meeting
The Scottsdale Resort Plaza | Grande Ballroom B
7220 N. Scottsdale Rd, Paradise Valley, Arizona 85253
*Continental breakfast will be available beginning at 8:30

2016: Held Ransom

Written and originally posted by Transcender

It was predicted late last year that 2016 would the year for ransomware. Thus far, the prediction is proving right; only four months in to 2016, the Locky ransomware has managed to spread itself over 114 countries (displaying its demands in dazzling array of 24 languages). The Hollywood Presbyterian Medical Center paid $17,000 in bitcoins after having their computer systems seized in February 2016, while hospitals in Kentucky and Maryland report similar attacks.

In case you’ve been in that doomsday bunker a bit too long, ransomware is malicious mobstersoftware that blocks access to your own data, usually by encryption that targets a local computer. Data stays locked away until you pay a tidy sum of money to the hacker (or, more commonly, to the hacking organization). The malware usually contains a ticking bomb that will format the entire hard drive if you don’t pay by a deadline (or post the data for everyone to see, just as extra motivation). The data kidnappers may call themselves hackers or vigilantes, or even pretend to be a federal agency, but their demand is always the same: pay us for your data — or else!

Worse, with automated viruses like Crytpolocker, Crytowall and TeslaCrypt, hackers don’t have to go through the extra effort of targeting big fish like CEOs of Fortune 500 companies. Any end user could be bilked for hundreds of dollars. And, through the economies of scale, hackers rake in millions per campaign. While current year damages won’t be tallied for a while,  the FBI estimates the CrytoWall variant pulled in over $18 million from 2014 to 2015 alone.

End users are not the only targets; nor are Windows users. Major sites like the New York Times, BBC, AOL and NFL had their advertising networks compromised by malvertising, where a malicious ad hijacked user’s browsers and redirected them to install a crypto-virus via the Angler toolkit (another argument for using adblockers?). And the once near-invincible Mac OS has been revealed as the target of the KeRangers malware – the first ransomware Mac users have ever had to contend with.

Posting to the security community in late March, Jonathan Klijnsma noticed an unusual vulnerability to the Angler toolkit on a WordPress plugin used by the iClass site. It was possible for a TelsaCrypt payload to be installed if the following conditions were met:

  • The user’s browser was Internet Explorer (or the user-agent was set to IE).
  • The user was redirected from a search engine, like Google or Bing.
  • The user’s IP address or location information was blocked (probably from some blacklist to protect the hackers  from getting served themselves!).

This vulnerability was not only difficult to detect, but also uncommon – most users do not use IE and EC-Council students would access the iClass directly without going through a search engine. I’m proud to say that EC-Council didn’t rest on their laurels. They fixed the problem within days of being notified of the security breach.

A Testing Horror Movie

Written by David Foster, CEO of Caveon

There is a funny television commercial where a group of friends is running from an unseen danger, seeking a place to hide. They make several panicked suggestions to each other including hiding in an attic and a basement. They finally decide to hide behind a wall of chainsaws. The point was that in a horror movie you make poor decisions.

For a high-stakes testing program, the number and variety of test security threats would rival any horror movie, and the potential and actual damage can keep you up at night. In the light of day, it makes sense to be aware of those threats—and what to do about them—in order to make better decisions than the group in the commercial.

For years now I’ve talked about using a threat-based approach to security, eventually producing a list of 12 test security threat categories, divided equally between cheating and theft. In its simplest form, here is the list:

Cheating Threats

  • Using Pre-Knowledge of Test Questions
  • Using a Proxy Test Taker
  • Getting Help During the Test
  • Using Cheating Aids
  • Tampering with Scores after the Test
  • Copying from Another Person During the Test

Theft Threats

  • Capturing Downloaded Test Files on a Server or Stealing Test Booklets
  • Photographing Test Content During the Exam
  • Copying the Test Content Electronically
  • Memorizing the Test
  • Recording the Content Orally on a Recorder
  • Receiving the Test Content from a Testing Program Insider

For each of these there are dozens, or maybe even hundreds, of different ways the threat can be carried out.

By reviewing this list, a program can evaluate which threats pose the greatest danger or risk. The program can then put in place a carefully-crafted solution to prevent a possible breach or deter an attacker. It can set up a defense in order to better detect the beginnings of a breach or to mitigate any potential damage.

There are several reasons why avoidable test security breaches occur. Some testing programs will be surprised by a breach, and then be focused for months and years on future solutions for that specific breach, ignoring other dangers. A program may rely on a single security solution, such as requiring proctoring for their exam, not realizing that there are many threats to the security of a program that a proctor cannot detect or do anything about. Programs may not be aware how technology is being used today to cheat or to steal a program’s tests. Or a program is simply not funded adequately to protect the tests and usefulness of the test scores. These programs are living in a real horror movie with no control over the ending.

The good news is that great decisions can be made; risks of cheating and test piracy can be eliminated or mitigated. Good solutions are available. There is no reason to be in a horror movie to begin with or to stay there any longer than is necessary.

The CompTIA A+ 900 Series: What’s New

By: Robin Abernathy, Content Developer for Kaplan IT

It’s that time again! CompTIA has released a new version of the A+ certification by rolling out the 220-901 and 220-902 exams on December 15. The 220-801 and 220-802 exams are still available, but will retire June 30, 2016 in the United States. This deadline should give you enough time to finish studying for the 800 series if you have already taken one test, because you cannot mix and match exam versions. If you pass the 220-801 or 220-802 exam, you must pass the other 800-series exam to obtain your A+. If you pass the 220-901 or 220-902 exam, you must take the other 900-series exam to obtain the A+.

Once again, with a new release, we see another small shift in the structure and topic coverage of the two exams. Years ago (and I am going to date myself here), the two exams were referred to as a Hardware exam and a Software exam. While I think the topic coverage is moving in this direction again, CompTIA is NOT referring to them in these terms, and all documentation from CompTIA will refer to them as 220-901 and 220-902. Broadly, though, I think of the tests as “hardware and networking” and “software and security.”

For the 220-901 exam, you will be expected to understand installing, configuring, and troubleshooting desktop, laptop, mobile device, and printer hardware, as well as basic networking topics. The breakdown of the exam’s topics are as follows:

o    Hardware – 34% o    Networking – 21%

o    Mobile Devices – 17%

o    Hardware & Network Troubleshooting – 28%

For the 220-902 exam, you will be expected to understand installing, configuring, and troubleshooting Windows Vista, Windows 7, Windows 8, Windows 8.1, Mac OS, Linux, and mobile device operating systems. (Notice that Windows 10 is NOT included in this list.) It  includes virtualization, cloud, and. server technologies. It also covers security, including security devices and configuring and troubleshooting security components. Finally, it covers those soft skills and operational procedures required by the IT technician. The breakdown of the exam’s topics are as follows:

o    Windows Operating System – 29%

o    Other Operating Systems & Technologies – 12%

o    Security – 22% o    Software Troubleshooting – 24%

o    Operational Procedures – 13%

When the 800-series A+ was released back in 2012, many test candidates decided to knock out both exams on the same day because there was so much overlap between the topics being covered. For those exams, this was probably a good strategy. But with the 900-series exams, the structure has changed enough that I would suggest that you prepare to take them separately, NOT on the same day. As you can see from the topic listings above, there is hardly any overlap between the two exams.

CompTIA has launched a new CompTIA Instructor Network (CIN), which I encourage all CompTIA instructors to join. It’s easy as going here to sign up. It is a great way to network with other instructors. Recently, they started a Deep Dive series of Webinars on the new A+ exams! To access the A+ Deep Dive series, go here.

Watch for my upcoming posts!