SIM3 Certified Auditor training

From 31 March – 2 April 2020, the Open CSIRT Foundation (OCF) will organise a 3-day training to become a Certified SIM3 Auditor .

The OCF shepherds the further development of the SIM3 maturity model, that is used by TF-CSIRT/TI, by ENISA for national teams in the EU, by the NCA (Nippon CSIRT Association) in Japan, and is now also being taken up by the Global Forum on Cyber Expertise (GFCE) for their GCMF – Global CSIRT Maturity Framework.

Certified Auditors play an important role in making it possible that SIM3 is used in a professional and objective way, and also contribute to further improving SIM3 in the near future.

Trainer: Don Stikvoort MSc (original author of SIM3)
Co-trainers: Olivier Caleff, Seiichi Komura and Yoshiki Sugiura
Location: Zuiderduin Hotel, Egmond aan Zee, The Netherlands.
Schedule: 31 Mar – 2 Apr 2020 every day from 09:00-15:30.
Pre-requisites: applicants need to have demonstrable knowledge *and* at least 5 years experience in cyber security incident management (“CSIRT work”) and inside the CSIRT community (e.g. via FIRST membership), in order to be eligible to participate in this training.
Fee: to be published soon. The fee will include 3 hotel nights, all meals and (during the training) tea/coffee/water/cookies. Also, the fee includes the first year of being a Certified SIM3 Auditor, assuming you pass the exam.

The training ends with a short exam – providing you have experience in the CSIRT field, and providing you pay attention during the training, you will pass that exam. (If for whatever reason, you might not pass the exam, then OCF will allow you to take another exam within 6 months, at no extra cost.)

  • Cancellation clause: cancellation for the training is possible without charge no later than February 1st. If cancellation takes place after 1 February until 1 March, 50% of the full amount will be due. In case of a cancellation on 1 March or later, or a no-show, 100% of the full amount will be due. In clear cases of absence due to “Act of God” the payment obligation remains, but OCF will seek to provide due care, e.g. offering access to the next training at only marginal cost.
  • Auditor certification clause: OCF will provide due care to prepare the trainees for certification as SIM3 Auditors at the end of each training, and after successful certification, the first year of being certified will be at zero cost.However if (a) a trainee is absent during parts of the training (unless after explicit consent of the OCF head trainer), or (b) fails or misses the exam on the 3rdday, certification will not take place, nor will any re-fund. In the case of failed exams only, OCF will provide a timeslot of 6 months in which, at no additional cost, the trainee will receive a task to fill any knowledge/experience gaps, and after successful completion of that task, will get  a verbal repeat exam (this can be done via videoconferencing) – and providing this is completed successfully, certification will then take place. (In case of repeated failure, OCF has no more obligations towards the trainee and/or the organisation who paid for their participation.)