You get an alert and then find out that your audit logs are screaming at you! There is a renegade IP address on the loose and the person behind this breach of security is certainly up to no good. What do you do? How could this happen? Silly as it may sound in this example, system administrators can rest assured that security breaches can and do happen.
There are competitors who would love to get their hands on your mission-critical business plans and documents. There are disgruntled employees who would enjoy wreaking havoc on their former employer's systems. One must also find defenses for the casual hacker who is out just to find systems they can break into for fun or out of curiosity. As an IT professional, do you have the skill set to design, implement, configure, and monitor a security implementation that effectively guards your network infrastructure, Web sites, and even physical grounds? Do you have the necessary training to effectively respond when a security breach has occurred? Can you prove to prospective employers that you have the knowledge and ability to implement security infrastructures that will effectively guard their critical business data? Having at least one security certification to your credit will validate your abilities and knowledge levels for implementing and managing effective security plans.
What security certifications are available? Which certifications are right for your career? This area of certification is one of the fastest growing areas of IT certification, and you have choices between general security certification tracks and security certifications centered on specific products. In this article you will explore some of the most popular security certification tracks and exams, such as Security+, TICSA, CISSP, SANS, Check Point, Cisco Security, and Microsoft.
Vendor Neutral Certifications
The Security+ Exam
This exam is relatively new to the security certification scene, but it is seen as a possible leader in baseline security exams. This exam is intended to test you on fundamental security concepts and abilities. By passing this exam you can prove you have a solid fundamental foundation in general security concepts, communications security, infrastructure security, basics of cryptography, and operational/organizational security. CompTIA, who also offers other popular certifications like the A+ and Network+ Exams, offers this exam.
The recommended audience for this exam is an IT professional who has approximately two years of networking experience, a thorough knowledge of TCP/IP, and the knowledge and skill level required of those who pass the CompTIA A+ and Network+ exams. Essentially, this translates to an individual who has a solid understanding of computing systems and network/system administration. Since securing a network and monitoring the security infrastructure is regarded as mission-critical in nature, it is best to have a solid familiarity with systems and network infrastructures to avoid "rookie" errors. Someone who is unfamiliar with day-to-day fundamental tasks and duties is more likely to overlook important security details than one who has experience in such an environment. Also, someone who has solid system and network administration fundamentals will understand the types of topics covered in the Security+ exam better.
The following are some important Security+ Exam facts for those who may be interested in pursuing this exam:
- The exam has 100 questions that must be completed in 90 minutes.
- To pass you must achieve a score of 764 on a scale of 100-900 and your exam results will appear as soon as the exam is completed.
- The exam costs $225, but different pricing options are available for corporate purchases of exams at various quantities.
- Both Pearson VUE and Prometric testing centers offer this exam.
The group formerly known as the International Computer Security Association (ICSA), now known as the TruSecure Corporation, offers this security certification. The TruSecure Corporation is a well-respected and widely known computing security organization. TruSecure kept the ICSA lettering for this exam, thus the naming of the TICSA security certification.
As with the Security+ exam, this too is a foundational-level certification. TruSecure's aim is to offer a foundational-level set of credentials for IT professionals who are currently doing enterprise IT security, but they don't have verifiable training and certification to back up their skills. TruSecure has made this exam skills-based in its nature. This means that questions will center on hands-on application of knowledge rather than simple recall questions that can be answered correctly by simply reading a book. The exam itself covers 14 areas known as the "Essential Body of Knowledge". See www.trusecure.com for what topics are included in this body.
To take this exam the candidate has to provide verifiable proof of at least two years experience in network security. Also, one can substitute a verifiable 48 hours of approved security training that has been completed within a 24-month period. Secondly, the candidate must adhere and sign a code of ethics that essentially holds you to ethical behavior while practicing systems security. Also, candidates must complete an online practitioners profile and account along with successfully completing the exam.
The following are some important facts for the TICSA security exam:
- The exam is vendor neutral. The skills this exam tests on are applicable across vendors of all types of network hardware and software.
- The TICSA exam is endorsed by the (ISC)2 who offers the high-level and prestigious CISSP security exam. The (ISC)2 views the TICSA exam as the perfect practitioner level exam that effectively begins to prepare the candidate for the CISSP exam. (See more on the CISSP exam in the next section)
- The exam consists of around 70 multiple-choice questions with 90 minutes to complete the exam.
- The certification is good for two years then you will need to re-certify. To re-certify you will need to pay a renewal fee, show 48 hours of approved continuing education within a 24-month period, re-commit to the TruSecure code of ethics, or possibly take the test over if the examined content changes drastically.
- The exam costs $295 domestically and $395 internationally.
You may be curious as to which foundational-level exam you should take. As with any choices you have in deciding which certification path to follow, look at what the market is asking for. Look at job postings, call recruiters, or contact people you know in the industry. Whichever fundamental exam people are looking for is the one you should strongly consider pursuing. If you are employed, consult your employer as to which exam track will better prepare you for on-the-job benefit. If all other things are equal, look at what each exam covers and decide which exam gives you the preparation that best fits your career goals.
Unlike the Security+ and TICSA exams, the CISSP exam is an upper-level exam for hardcore security professionals. The CISSP exam is a prestigious certification sponsored by the International Information Systems Security Certification Consortium, Inc., (ISC)2 for short. CISSP stands for Certified Information Systems Security Professional, and this particular (ISC)2 exam has been around for a little over 10 years boasting over 7,000 certified individuals.
As just mentioned, this exam is for senior-level security professionals. The typical person who studies for and takes this exam is an upper-level security professional who designs, implements, and manages corporate-wide security implementations. The candidate must pass an exam that covers what (ISC)2 calls the 10 Common Body of Knowledge (CBK) domains. The CBK is rather large and arduous, but the content in these domains is widely considered to be part of the typical CISSP candidate's job duties. Thus, anything in these domains is fair game for the test. If you are interested in this exam and would like too see the full descriptions of the 10 CBK, checkout www.isc2.org.
The following are important facts related to the CISSP exam:
- Minimum requirements for sitting the exam are four verifiable years of systems security experience in 1 of the CBK domains or three years of verifiable experience in 1 of the CBK domains and a college degree or equivalent life experience. The (ISC)2 periodically audits some of those who achieve the CISSP exam to ensure that candidates are being honest in their reporting.
- The exam is 250 questions long with a maximum of 6 hours to complete the exam.
- CISSP candidates must agree to the (ISC)2 CISSP Code of Ethics as part of the certification process.
- After passing the exam the candidate must get their certification endorsed by an existing CISSP before the certification can be awarded.
- The CISSP certification has a three year life cycle. The certification can be renewed with 120 hours of continuing education with 80 hours of the 120 being in security classes. One may also elect to retake the exam instead of completing the continuing education in order to renew their certification.
Passing the CISSP exam demonstrates the high-level security knowledge a candidate possesses. Having this security certification can be a significant boost to a security administrator's career and, quite possibly, salary level. If you are looking to make security implementation and administration a career choice, taking and passing the CISSP exam is a very good goal to set and pursue within the scope of your career.
The SANS Global Information Assurance Certification (GIAC) program is another upper echelon, highly respected security certification program. The SANS Institute is a well-known and well-respected group who deals with information security. Unlike the CISSP program, which is one exam only, the GIAC program has multiple exams and levels one can take. SANS breaks down their exams into Foundational, Intermediate, and Advanced level exams, and one can complete as few as one GIAC exam all the way to completing a grueling program of multiple exams to achieve the GIAC Security Engineer (GSE) certification. Each GIAC certification is designed to stand on its own if that is what the candidate chooses.
Each of the GIAC certifications requires two steps for successful completion. First, candidates must complete a written "Practical Assignment". This assignment requires candidates to write out their solution to a given task. The end goal of this part of the examination is to prove the candidate's hands-on, real-world skills with information security. The second step is to pass a written exam. SANS desires this two-step process as a way for the candidate to show their "real-world" skills with the practical assignment and their knowledge levels with the written exam.
One of the more popular GIAC exams is the foundational GIAC Security Essentials Certification (GSEC). This certification is for current system and network administrators who want to develop their security skills and for the information security professionals who want to solidify their security knowledge. This test examines the essential knowledge that anyone performing information security duties should know.
The Intermediate level exams cover a multitude of topics. Items candidates can select from include, network operating systems security, firewalls, intrusion analysis, and incident handling, to name a few. Checkout www.giac.org/certifications for information on all the intermediate level certifications.
An advanced certification option is the previously mentioned GIAC Security Engineer certification (GSE). This requires candidates to pass a battery of 5 intermediate exams and receive an "honors" level in one of the Subject Area Modules before they can sit for the GSE exam. This certification is the mastery level of the SANS certification tracks.
The following are some important facts concerning the GIAC certification program:
- Exams typically cost $425. Some discounts may be offered with SANS training. Be sure to check in with the SANS certification Web site for offers.
- All GIAC certifications require renewal. Be sure to check the SANS certification Web site to find out what the life cycle of your GIAC certification is. Some are live for two years while others are live for up to 4 years. Most GIAC certifications can be renewed by taking a renewal exam currently for $120.
The SANS GIAC certifications are well-respected information security certifications. If security is a career option for you, this certification program is certainly worth checking out. SANS also offers a solid training program for those who wish to train for a GIAC certification. This training can be expensive, but all accounts rate the training from SANS to be of high quality.
Vendor Specific Security Certifications
The preceding security certifications centered on vendor neutrality in that they did not provide security certification credentials on any particular product. SANS GIAC security is primarily based on SANS training, but no products like firewalls or operating systems are involved. The following security certifications are centered on vendor products. In this section we will briefly touch on some of the more popular vendor specific security certifications. This includes Check Point, Cisco, and Microsoft.
Check Point Certified Security Administrator CCSA
Check Point Software Technologies, Ltd. is a well-known company that specializes in VPN and Firewall technologies. The CCSA certification offered by Check Point has been garnering some popularity of late. This certification is the baseline certification for Check Point's technologies. The following breaks down the CCSA program in further depth:
- The CCSA certification validates a candidate's ability to configure and manage fundamental implementations of Check Point's Firewall-1 product.
- This certification also validates the candidate's ability to define and configure security policies that will guard access to a business's critical information and to monitor network activity for security breaches.
- To get the CCSA credential candidates must pass Exam 156-210 "VPN-1/Firewall-1 Management I NG".
- This exam is proctored through VUE testing centers. Visit www.vue.com/checkpoint for registration information.
Check Point has a full certification program that allows the interested candidate to go beyond the CCSA to earn the Check Point Certified Security Expert (CCSE) credential. If you are unsure if this certification will be of value to you, contact technical recruiters, corporations you might be interested in working for, colleagues in the IT security realm, or another trusted advisor to see if achieving the CCSA or higher is worth your time. Check Point products are implemented in many places, so it is certainly worth your time to at least investigate achieving this vendor specific certification. To learn more about the remainder of Check Point's certification program visit www.checkpoint.com/services/education/certification.
Cisco Certified Security Professional (CCSP)
The CCSP credential offered by Cisco Systems is a relatively new credential. Cisco deemed it necessary to offer IT professionals working with Cisco technologies a professional level certification in planning, designing, and implementing secure networks with Cisco products and technologies. This is considered an upper level, professional certification and interested candidates must hold a CCNA before working on their CCSP credential. The following describe the CCSP program further:
- Exams cost $125 U.S. and up to $150 U.S. internationally, depending on local currency fluctuations.
- Training for all Cisco certifications are available. Check your local IT training centers, technical schools, or colleges to see if they offer classroom training. E-learning possibilities are also available, as well as a plethora of study guides from Cisco Press, Que Certification, Sybex, and a host of others.
- The CCSP credential is valid for 3 years, like all other professional level certifications from Cisco. To renew, you simply need to successfully complete a recertification exam.
- Pearson VUE and Prometric testing centers offer Cisco exams.
There is little doubt to the prominence that Cisco holds in the networking world. If you are interested in becoming a professional in information technology, holding any Cisco certification will be a great value-add to your resume. The CCSP will be no different. As a matter of fact, being able to implement well designed, secure networks with Cisco technologies may be in high demand in the very near future. The CCSP is definitely a credential you will want to explore and consider. For more information on the CCSP select the "Learning & Events" menu at www.cisco.com.
Surprisingly to some, Microsoft does not have a full security certification as of yet. This probably will not be the case for long, though. Microsoft has indicated that a full security certification is being heavily considered. Not having a full security credential does not mean that there are no security offerings from Microsoft. Microsoft offers security-related classes and exams as part of their 2000 and 2003 MCSE programs. If you will be working with Microsoft technologies as part of your IT career, then you will most likely add value to your credentials by passing at least one of the following exams as part of your certification path:
Windows 2000 MCSE
- Exam 70-214 — "Implementing and Administering Security in a Microsoft Windows 2000 Network".
- Exam 70-220 — "Designing Security for a Microsoft Windows 2000 Network"
- Exam 70-227 — "Installing, Configuring, and Administering Microsoft's Internet Security and Acceleration (ISA) Server, Enterprise Edition."
Windows Server 2003 MCSE
- Exam 70-298 — "Designing Security for a Microsoft Windows Server 2003 Network".
- Exam 70-227 — "Installing, Configuring, and Administering Microsoft's Internet Security and Acceleration (ISA) Server, Enterprise Edition."
Stay tuned to www.microsoft.com/mcse for news on a full Microsoft security certification. Having security knowledge for Microsoft products is sure to be a boost to your professional repertoire.
There is little doubt about the importance of information security. As of this writing, security certification is one of the hottest, if not the hottest, area of IT learning and certification. In a day and age where one must be certain that all avenues are explored and secured on their network infrastructure, the demand for qualified, well-trained people is only growing.
What is the right path for you? This question can be answered by honestly assessing your current skills and situation, your career aspirations, and your ability to pay for and successfully complete training for security exams. If you are relatively new to the IT world, it is advisable to study for and take one of the vendor neutral, baseline exams. This will allow you to build your knowledge and professional foundation so you can begin to work in information security at a junior level and amass the experience to tackle the upper-level exams and vendor specific certifications. Maybe you are a veteran IT professional who has worked in security. Check out what each of these certification tracks offers you. Get in touch with the market and see which track can get you the position you desire, the promotion or pay raise you want, or which track will help educate you to be a better IT professional if advancement is not necessarily your goal. Several security certifications exist, as do training opportunities to back them. Assess yourself and the direction you want to go in your career and launch yourself into one of the security tracks that will bolster your IT knowledge and skills.
# # #