- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
With all the security certifications available today, how is an IT manager to know which certifications should be required of applicants or even which might be helpful to pursue personally? To analyze this, begin by examining the need for certifications and what they offer.
The first question is: Do certifications mean anything at all? Some people consider them to be barely worth the paper on which they're printed. Nevertheless, many companies are beginning to require security certification either before or shortly after hire to validate an employee's skills.
Spectrum Health requires candidates for any IT security-related position to either have or obtain the Global Information Assurance Certification's GIAC Security Essentials Certification (GSEC) within six months of hire, says Darrin Wassom, a technical architect at the Grand Rapids, Mich., organization.
Next, the certification must test skills that prove more than "book-level" proficiency. I have always been good at testing on material I have recently read, but this doesn't prove that I will be able to apply that knowledge in complex networks.
Finally, security certification must be vendor-neutral. While certifications from market leaders such as Cisco and Microsoft are useful in a focused environment, security professionals must be able to demonstrate a range of skills and understand what is required to secure a heterogeneous network of products from different manufacturers.
Using these three criteria, three security certification programs merit a closer look: CompTIA Security+, International Information Systems Security (ISC²) Certified Information Systems Security Professional (CISSP) and the aforementioned GIAC GSEC.
Security+ is designed as an entry-level security certification for people with at least two years of network experience. The test consists of a proctored exam with 100 questions that must be completed in 90 minutes. There is no requirement to renew the certification or prove ongoing education.
Security+ is a good credential to require of general IT staff, according to Julie Baumler, a senior systems administrator with Multnomah County, Ore., who holds CISSP, Security+ and several GIAC certifications.
"I see Security+ as of more value to system and network administrators than security professionals. I think it shows a basic understanding of the security concepts necessary to be a good administrator," she says.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment