Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems is higher than ever before. It’s clear that having the right skills and experience to address cybersecurity is a must, but sometimes it can be difficult to identify exactly what training or competency program is right for you.

With exida’s new CACE Specialties its as easy as one, two, three.

One: Am I interested in a certificate program or personnel certification?

The first step is to identify which level of professional competency is most appropriate for your goals, and whether you are interested in receiving a certificate or personnel certification.

A certificate program is the result of an educational process either for newcomers or experienced professionals and is awarded by educational programs/ institutions to indicate completion of a course/ series of courses and understanding of the covered content, based on the requirements of the specific provider or institution, (different than a degree granting program). 

Personnel certification is the result of a formal assessment process that recognizes an individual’s knowledge, skills, professional experience, and competency in a particular specialty. It is awarded by a third-party, standard setting organization to indicate mastery/competency as measured against a defensible set of standards, based on industry wide processes that result in an outline of required knowledge and skills, usually by application or exam and has ongoing requirements to maintain.

exida offers both certificate programs and personnel certification in cybersecurity: 

  • Certificate Program
    • Practitioner- CSP, addresses need to provide confirmation that an attendee showed competency by retaining knowledge presented in a course.
  • Personnel Certification
    • Specialist- CACS, Certification program with operated per 17024.  Requirements are tougher than certificate programs. To be eligible for this program 5 plus years of relevant experience is required.
    • Expert- CACE, Certification program operated per 17024 that represents the GOLD STANDARD in competency demonstration. To be eligible for this program 10 plus years of relevant experience is required.

The decision for which tier should be targeted is based on the individuals’ level of relevant experience and competency requirements for their desired role.


Two: Which specialty is right for me?

The next step is to identify which specialty is right for you. IEC 62443 identifies three key stakeholders for the industrial automation and control system (IACS): asset owners, service providers, and equipment manufacturers. Regardless of which group you fall into, demonstrating competency is a must for meeting the intent of the standard and aligning with industry best practice. 

To assist with the development and demonstration of professionalcompetency, exida is proud to offer three specialties for cybersecurity training, certificate programs, and personnel certification that tailor their focus to the three primary stakeholders identified for the IACS.

  • Asset owners: The owner-operator of the running IACS
    • Competency Requirements: IEC 62443-2-1: “Security roles and responsibilities shall be assigned to qualified personnel, including employees, contractors, and consultants.”
    • exida program: Automation Cybersecurity (Focuses on IEC 62443-2-1, 3-2, and 3-3)
  • Service Providers: System integrators and maintenance providers offering support to the IACS
    • Competency Requirements: IEC 62443-2-4: “The service provider shall have documented minimum IACS cybersecurity qualifications for security lead positions and the capability to assign security leads to Automation Solutions who meet these qualifications.”
    • exida program: Integration Cybersecurity (Focuses on IEC 62443-2-4, and 3-3)
  • Product Suppliers: Software developers for individual components that comprise the IACS
    • Competency Requirements: IEC 62443-4-1: “The purpose of the security management process is to ensure that the security related activities are planned, scheduled and assigned such that they are completed by competent people.”
    • exida program: Software Development Cybersecurity (Focuses on IEC 62443-4-1, and 4-2).

Three: Sign up!

Based on your targeted competency tier and area of expertise you can pick the exact training and professional competency specialty that is best for you. Sign up today using the following links:

To learn more about exida’s cybersecurity training visit our website:

For more information about personnel certification visit the exida CACE specialties page:

Or join me for the upcoming webinar CACE Specialties, Now That’s New on April 17th:

[1] Business Advantage Group., The State of Industrial Cybersecurity 2017: Global Report, Kaspersky Labs, 2017.

Tagged as:     Patrick O'Brien     IEC 62443     IACS Cybersecurity     IACS     cybersecurity attacks     cybersecurity     CACE  

Other Blog Posts By Patrick O’Brien