ISACA, an association representing IT professionals, typically updates its certifications every five years. When it comes to one of its cybersecurity exams, however, it’s had to revamp more quickly.

Last week, the association announced an update after just three years to its CSX Practitioner Certification, which is targeted at cybersecurity professionals. “Generally speaking, ISACA updates their job-practice certifications every five years just to keep pace with industry demands and changes,” said Jonathan Brandt, senior manager, cybersecurity exams, at ISACA. “Obviously, cyber moves a little faster.”

Sensing that there were shifts since the first iteration of the exam, ISACA convened a volunteer group of approximately three dozen subject-matter experts and those who have the certification to discuss changes and create and test new scenarios. “What we’ve attempted to do is create a diverse panel that wasn’t indicative of any one industry,” Brandt said. “It wasn’t just a whole group of people from the banking industry, or from government. And we really tried to make sure that we were covering different points in someone’s career as well as different industries.”

In addition to upgrading the exam, ISACA has also made it available remotely online, instead of requiring that the exam be taken at a test center. That helps expand access to the exam, but it also responds to an issue particular to an online-focused certification: It needs a lot of bandwidth and a consistent connection.

“[Many test centers] were not set up to deliver an exam such as ours, which requires persistent Internet access for upwards of four hours,” Brandt said. “So we feel that the remotely proctored exam allows greater flexibility not only in scheduling, but within our demographics, they’re either going to pay for greater internet or they could take it at work, where it’s a little bit more stable than some of these smaller test centers.”

Do the changes mean the next update for the exam will also arrive ahead of schedule? Not necessarily, Brandt said: Because the CSX Practitioner Certification is a performance test, designed to measure how a professional responds to a variety of threat scenarios, it doesn’t require the same kind of updating that an exam testing knowledge of specific facts does. “We will surely take a strong look at updating at the next three years,” Brandt said. “But it’ll based on our own research and what we’re hearing back from an industry, and any reporting that comes out as to if there are certain skills that are in higher atrophy.”

(FroYo_92/iStock/Getty Images Plus)