Both Richard Bejtlich and Harlan Carvey have expressed their concerns with the recent SANS NewsBites issue in which the new Certified Malware Removal Expert certification is announced:

Does anyone on your staff do an excellent job of cleaning out PCs that have been infected by spyware and other malicious software. We are just starting development of a new certification (and related training) for Certified Malware Removal Experts and we are looking for a council of 30 people who have done a lot of it to help vet the skills and knowledge required for the certification exam and classes. Email cmre@sans.org if you have a lot of experience.

I understand their concerns with this certification but their comments did make me think of something: “If we don’t need training on this topic what topics do we need training on?”

So these are my questions to you, the security community:

• What security related topics have not been covered in formal training yet but you feel should be?
• What topics require revised or better content?
• How would these topics be best presented? (i.e. self-paced-training, instructor led online training, instructor led classroom training, etc.)

I would appreciate all of your comments and suggestions. If you do not wish to post your comments or suggestions to the blog then please feel free to email me directly at andrewsmhay@gmail.com. Perhaps we can even work together on getting these topics into some formal training.