SecurityInfoWatch and SecureXperts Launch CSfC Certification Program

SecurityInfoWatch (SIW) has formally launched Cybersecure, a cyber and critical infrastructure protection training initiative developed in partnership with SecureXperts. Learn more at ISC West Booth 1090.

The program debuts with a highly specialized offering: the CSfC Trusted Integrator Workshop, a certification-driven course designed to prepare integrators to build secure, mission-ready systems aligned with the National Security Agency’s Commercial Solutions for Classified framework.

The workshop centers on the NSA’s Commercial Solutions for Classified (CSfC) program, which enables the transmission of classified and sensitive data using layered, NSA-approved commercial technologies rather than relying solely on government-built encryption hardware.

“This is not theoretical cybersecurity education,” says Bill MacRae, Vice President of Endeavor Business Media’s Security Group. “This initiative focuses on defensible architectures, compliance precision, and practical implementation skills that organizations can apply immediately.”

From Theory to Compliance-Ready Engineering

Unlike general cybersecurity training that concentrates on concepts or vendor-specific tools, the CSfC Trusted Integrator Workshop is structured as a systems engineering program with measurable competency outcomes.

Under CSfC, security is achieved through dual, independent layers of encryption implemented within tightly controlled architectures. The model is designed to ensure defense-in-depth: if one encryption layer is compromised, the second layer maintains data protection. But while adoption has expanded across defense, intelligence, and civilian federal agencies, the pool of integrators capable of designing and documenting compliant systems has lagged behind demand.

The Cybersecure Program directly targets that deficit.

Participants are trained to:

• Select components from the NSA’s CSfC Approved Products List
• Align architectures with specific CSfC Capability Packages
• Produce compliant architecture documentation
• Prepare and submit CSfC registration packages
• Validate deployments and maintain configuration control

The program emphasizes that CSfC is not simply a matter of “stacking encryption.” It is a lifecycle compliance framework that requires rigor at every stage. Even minor deviations from approved configurations can invalidate compliance, underscoring the importance of documentation discipline and change management for operational integrity.

The curriculum is organized around a five-phase methodology: Design & Architecture; Registration; Deployment; Operation & Maintenance; and Decommission or Renewal. Each phase reinforces governance controls, traceable documentation, and configuration management – disciplines that are often underestimated by integrators accustomed to commercial enterprise deployments.

Darnell Washington, President and CEO of SecureXperts, frames the initiative within the evolving threat landscape: “The new battlefield is no longer a desert terrain with missiles and bombs,” Washington says. “Advanced cyber warfare now includes weaponized artificial intelligence and quantum computing. Used by adversarial domestic and nation-state actors, these capabilities can cripple our economy and threaten national security.”

Washington emphasizes that the workshop aligns with Department of Defense workforce directives, including 8140, which establishes role-based certification standards for cyber defense analysts, incident responders, security managers, and related positions.

Applied Learning and Earned Certification

One of the program’s most distinctive elements is its applied evaluation model. Rather than awarding certificates based on attendance, the workshop requires participants to complete a practical design exercise. Integrators must engineer a notional CSfC-compliant secure communications solution that includes:

• Dual-layer encryption architecture;
• Clearly defined security boundaries and trust zones;
• Capability Package alignment; and
• Complete life-cycle documentation.

Performance is assessed using a weighted scoring matrix measuring architectural accuracy, encryption implementation, compliance mapping, and professional documentation standards. Certification is granted only upon demonstrated competency.

This objective evaluation framework is intended to establish credibility not only within the integrator community but also among federal stakeholders who depend on verifiable implementation quality.

For more information, enrollment details, and course schedules, visit securityinfowatch.com/CyberTraining, and if you are at ISC West, be sure to stop in at Booth 1090, where Darnell Washington and/or Steve Lasky will be able to answer any of your questions.