Boot camp-style training catches on

Intense School

They don't yell "ten hut!" at Intense School, but they might as well. The training center, based in Fort Lauderdale, Fla., specializes in immersive training methods for information technology professionals. In a bid to catch more federal business, the school is one of several taking the "boot camp" approach.

The 5-year-old school opened a branch in Washington, D.C., about 18 months ago to serve federal agencies and private-sector customers, said Ron Rubens, the school's chief financial officer and chief operating officer, who was at the FOSE conference in Washington, D.C., two weeks ago. Since then, federal business has begun to grow.

"We're in the security space, and the government's spending money on security," he said. "A large part of our business comes from repeat and referral business. The boot camps have been frowned on in the past, but they're more accepted today."

The government accounts for less than 20 percent of Intense School's business, but Rubens expects that to increase. The firm has trained staff from the Energy and Defense departments and the National Security Agency, he said. He is counting on homeland security and infrastructure protection to send more federal business his way.

Intense School offers a variety of training courses (see box). The Bethesda, Md.-based SANS Institute is Intense School's strongest competitor, Rubens said.

About 20 percent of students at SANS courses come from the federal government, according to a SANS spokeswoman. "SANS has always worked closely with federal agencies and recently has been facilitating the enrollment and payment process, which should make it easier for federal employees to take SANS training and is likely to increase the percentage of federal students," she said.

Earlier this month, a D.C.-area security firm called TruSecure Corp. announced that Intense School is one of the partners approved to train students for the company's TruSecure ICSA (TICSA) Certified Security Associate certification.

Although most of the schools on the TICSA partner list don't use the boot camp approach, TruSecure chief technology officer Peter Tippett said the method is effective and increasingly common.

"I've been a pilot for 35 years, and in flying, these same two techniques are used. The data shows the training is just as good if it comes immersive as if it comes slow," he said.

TICSA covers basic IT security skills and therefore doesn't require detailed specialized training, Tippett said. "The idea of getting certified under TICSA is we want to make sure people who manage e-mail or Web sites or [local-area networks] know enough about security to do a good job," he said.

Many training courses offer daylong seminars or short conferences intended to help IT professionals learn more about specific aspects of their field, he said. Immersive training is more structured and comprehensive than most conferences, but the concepts are related.

"I think it is going to become more common," he said. "We've moved to a world of fast-food cooking. In terms of live training, these intense things are going to be the norm."

Immersive training is most suitable for IT professionals who already have some experience in the area they're training for, said Tom Madden, chief information security officer at the Centers for Disease Control and Prevention in Atlanta.

He has taken courses at both Intense School and the SANS Institute and recently sent 15 staff members to Intense School's six-day Certified Information Systems Security Professional (CISSP) training. The courses are good for refreshing students' knowledge but not for teaching them something new, he said.

"If you come to the table with the basic knowledge, it's an effective tool to get the basics drilled down," he said. "You get refreshed on the things you take the test on. On the other hand, I think there are people who use it as a sole source of knowledge, and I think that cheapens the certifications. I don't think the information is long-lasting."

Madden said that in the courses he has taken, he found that he retained more information than he realized, so that when that information came up later in a conversation or another training course, it was familiar.

"If you're not at least fundamentally rounded, it's the wrong way to get the knowledge," he said. "What I had to do was focus 15 years of knowledge into what the exam was going to cover. It was good for that. If you're trying to take Joe off the street and make him a security expert through an immersive training, I don't think that's smart."

Fourteen of the 15 staff members Madden sent to Intense School passed the CISSP exam, he said.

However, professionals who sign up for the boot camp shouldn't expect to enjoy the experience, he cautioned.

"It is not a fun way to spend a few days," he said. "I've never had a great time at a SANS course or at the Intense School. You go home with homework and a headache."

***

At a glance

Intense School's boot camps are more appropriate for experienced students. The school offers accelerated training courses, teaching subjects such as computer forensics in three days, Microsoft Certified Database Administrator in 14 days and Cisco Certified Security Professional in 12 days.

For students who can't attend classes in person, the school offers several virtual boot camps, including the Virtual Cisco Certified Network Associate program. This online program consists of eight hours of lecture Saturdays and Sundays for two weekends that students take from home. Students will have access to Cisco Systems Inc. routers and switches throughout the course.