Last April, I wrote about CompTIA's development of the Security+
certification, a concept long overdue in the IT realm. The Security+
certification was designed for the security "foot soldier," a front-line
IT security specialist who needs a broad foundation in general security
procedures and technology. At the time, CompTIA was still developing the
test when I last mentioned it, drawing on the experience of hundreds of
subject matter experts from around the world. The beta exam is now
available through the end of September. The beta is an opportunity to
save some money off the cost of the regular exam, while still earning
the certification ahead of the pack. As a beta participant, you also
have an opportunity to provide feedback to CompTIA.
The certification is aimed at those with two years of networking
experience and an understanding of TCP/IP. The information contained in
the exam is not related to any specific vendor products. Candidates
should have the skills equivalent to those tested for in the CompTIA A+
and Network+ certification exams as a prerequisite.
There are, of course, numerous certifications that pertain more
specifically to a given vendor, and these have value in themselves. Most
of them, in addition to covering the specifics of that vendor's product,
do address more generic security issues. However, the need for a fully
vendor-neutral security certification is evident. Security specialists
are in demand, and they need to know the foundations and principles of
IT security are more important now than ever.
The exam tests five separate areas: general security concepts,
communications security, infrastructure security, basics of
cryptography, and operational/organizational security. You can take the
125-question exam at any Prometric or VUE testing center.
Although the certification is not out of beta yet, LearnKey
(www.learnkey.com) already has a training program for CompTIA's new
Security+ certification. The five-session course is currently available
in VHS format, with CD-R and online formats scheduled for shipping in
early Q4.
Certification Hoax Alert: I received a strange message from someone
claiming to be the registrar of (ISC)2 recently, thanking me for
applying to sit in on (ISC)2's CISSP examination. The message gave me a
confirmation number and said my credit card had been charged $450. After
contacting (ISC)2, the real registrar apologized and assured me that the
email was a hoax, that (ISC)2 had recently been attacked and the message
did not originate from their organization. No money had been charged
against my credit card. (ISC)2 is a worthwhile and eminently credible
organization. Their CISSP Certification is a vendor-neutral program that
recognizes mastery and understanding of a Common Body of Knowledge in
information technology, and achieving this certification would be a
worthwhile pursuit for anybody in the IT field.
