Cisco Systems has some of the most widely respected and highly sought after IT certifications in the industry. Individuals who earn the Cisco Certified Internetwork Expert (CCIE) certification are consistently among the highest paid IT workers. To preserve the integrity of the certification process and the value of its certifications, Cisco has partnered with Pearson VUE to implement a tough new set of security measures.

“Employers rely on our certifications to validate that a potential employee or contractor has the level of knowledge and expertise to perform on the job,” said Fred Weiller, Director of Marketing for Learning@Cisco. “For an individual a certification represents an investment in time and money to present himself as an expert in the networking field. We are acting to defend the integrity of Cisco certifications.”

“I’ve been in testing since the 1980’s with Control Data’s first computer testing implementation,” said Randy Trask, Vice President of Market Development for Pearson VUE, “and I can tell you that cheating has always been around. What’s changed is the pervasiveness of the internet. In a half second, an individual can compromise intellectual property around the globe in forums that are highly categorized and easily accessible.”

Who are the Culprits?

Trask said that VUE and Cisco had identified three main categories of people who attempt to compromise certification exams: proxy test takers, item harvesters and cheaters. “When we began to devise counter measures, we developed techniques directed to each of the three groups,” said Trask.

Proxy test takers go to a test center and sit for an exam registered as another individual. “It’s an age old problem,” said Trask, “but it’s definitely a problem that we continue to see.”

An item harvester is someone who takes an exam under their real name, but their sole intention is to steal intellectual property. The worst offenders in this category are those in the employ of black market test vendors or other organizations who believe they can profit from stealing test questions. A less sinister item harvester is someone who used a brain dump site to prepare for the exam and returns to the site to post several items that he remembers to “give back” to the group.

Cheaters are individuals who are not trying to profit stealing intellectual property; they are just dishonest people willing to cheat to pass an exam. “It’s like when you were in school and somebody wrote the answers on the bottom of his shoe,” said Trask.

Candidate Authentication Program

The candidate authentication program is designed as a counter measure to the proxy test taker. Under this program, each Cisco exam candidate will have to sit for a digital photograph and provide a digital signature. The photo and signature will become a permanent part of the exam record. If a candidate refuses to provide the photo and signature, they will not be allowed to take the exam.

“In a proxy testing investigation, being able to review photographs associated with exams is a powerful investigative tool,” said Trask. “If we have the same photograph appearing under different names and signatures, it provides evidence that is difficult to refute.”

“This is really going to help deter proxy test takers directly, but I also think it is going to increase the overall level of awareness about our tightened security measures so some of the cheaters will not be so bold. The equipment and the process are highly visible at the testing centers,” said Trask.

All Pearson VUE testing centers worldwide are being equipped to implement the program and hundreds have already been outfitted with the technology. Pearson plans to rollout the program in three separate waves by region as they achieve critical mass with installed sites. Once the program is activated in a region, people who refuse to participate will not be allowed to test.

Exam Data Forensics

During a Cisco certification exam, each keystroke is logged and a record is created that includes the length of the test period, how much time was spent on each question, whether an answer was changed, how much time was spent on the second answer, etc. After the exam is completed, but before the results are processed, each exam session is analyzed by forensic software that analyzes the session against established behaviors and suspect exams are flagged for investigation.

“When you analyze a testing program the size of Cisco’s, you develop an extensive knowledge base of behaviors you expect to see at every level of the examination,” said Trask. “We’ve broken the population down by age, sex, education, country, etc., and we know what to expect in almost every instance. We’ve established norms for behavior for an individual taking an exam for the first time, for taking an exam a second time after failing initially. We know how the distractors should be performing. We’ve amassed a wealth of knowledge for every test question.”

When an exam is flagged, it is investigated by VUE psychologists and security teams. If they determine that there is a problem with the cisco certification test, the results are invalidated and the candidate is offered a free chance to retake the test. They are given a different form of the test and have the opportunity to validate that they understood the information and should have passed the test.

Program Data Forensics

Another layer of security examines a wide range of other program attributes to determine what is occurring within the program. “We’re comparing testing center to testing center, and within a center, we are comparing one administrator to another administrator to see if inconsistencies emerge,” Trask said. “We look at things like candidates who live in one country but test in another; we review financial information, credit card information; just a very wide range of information to see patterns and inconsistencies.”

Consequences

In the past when someone was caught cheating they would have their score invalidated and their credential could be revoked. The most serious consequence would be preventing the individual from participating in a certification program. But the stakes are going up.

“Our evidence collection is now done for evidentiary purposes,” said Trask. ‘We intend to pursue civil and criminal remedies against people who choose to profit from violating or infringing on our intellectual property. And I applaud Cisco for it. Previously people wanted to avoid any bad PR related to going after these groups, but both Pearson and Cisco are taking it very seriously and we will take action against them.”

“It is not just an intellectual property issue,” said Weiller. “Ultimately it’s about protecting the integrity and value of the certification. Since test development is very expensive process, we can establish direct and consequential damages for which we can pursue recovery. The laws governing intellectual property give us a legal basis to pursue these people, but the objective is to protect the brand and the equity in the certification.”

“Our program year after year is seen as having solid value in the marketplace,” said Erik Ullanderson, Manager of Global Certifications for Learning@Cisco, the group responsible for Cisco training and certification. “We recently awarded our one millionth certification and the majority of those people earned their credentials fairly. We are protecting their investment and the value that employers place on Cisco certifications.”

Awareness and Engagement

Cisco and Pearson are developing targeted messaging that will be delivered in email campaigns to certification holders and on posters in testing centers. One central theme will be appropriate vs. inappropriate study methods and behavior. “In many instances, candidates don’t see anything wrong about using or contributing to brain dump sites,” said Trask. “We are going to be educating people about the local and federal laws governing theft of intellectual property in the various regions around the world.”

Another effort will be to engage certification holders to alert program representatives in cases where people don’t seem to have the requisite skills for a certification. “People who have earned a certification honestly have a vested interest in protecting the integrity of the process and the value of their certification,” said Trask. “Anytime someone has a certification but doesn’t have the skills to do the job, it hurts the value of everyone’s certification.”

The coordinated program will only be used with Cisco certifications at present, but Trask thinks that other certification sponsors will follow. “The candidate authentication program is the first real security effort since we rolled out IT certification in the late 80’s, and we are glad that the leadership at Cisco was willing to take the brave first step,” he said. “Combined with the forensics and educational outreach we are confident that the program will have a major impact on exam security worldwide.”