Advertise Here!Call +234 (0) 8035007778
CompTIA speaks on Security+ certification - How to address security issues
An Interview with Carol Balkcom, the Security+ Certification Product Manager for CompTIA (the Computing Technology Industry Association)
The demand for Information security skills and knowledge is on the rise. Security+ was developed by CompTIA to validate technical security expertise. In the following interview, Carol Balkcom CompTIA's Security+ Certification Product Manager talks to Jidaw.com about the recent update and the essence of Security+.
According to her "the focus is on knowing how to address security issues, rather than just knowing what they are."
1. Let's start with questions on the latest release of Security+. What are the changes and what led to the changes?
Answer: The last version of Security+ was in 2002. In 2007, I had a conference call meeting with a group of seasoned security professionals, many of whom had been involved with Security+ for years. I had previously sent them the 2002 objectives, and asked that they review them in advance of the call. With advances in technology as well as increasing threats from the internet, it became clear that the exam needed to be revised.
As to the changes in the exam, every existing exam objective was affected, but these were the primary changes:
There are two new subject areas (what we call domains): "Access Control", and "Risks & Assessments".
There is a new emphasis on knowing "how to" rather than just recognizing concepts.
2. Since both exams are still available is there any advantage in taking the new exam? How will the validity and value of previously earned Security+ certifications be affected?
Answer: There are several answers to this question. For people who have purchased materials and have been studying for the previous exam, they may wish to go ahead and take that exam. If they pass, they will be Security+ certified. On the other hand, for people who have not yet chosen a method of study, I would recommend the new exam. It is current, and for those whose employers encourage or require certification, it will be best to certify on the latest objectives.
As to the question about those who have previously certified, and how their certification will be affected: CompTIA's policy has always been that if you take a CompTIA exam and become certified, you are certified for life. We do have employers such as the United States Department of Defense (DoD), who are requiring their employees to be current on their certifications every three years. This requirement also extends to information assurance employees of companies that do business under contract with the DoD. In cases like that, the requirement does not come from CompTIA, but can affect the validity and value of a previous certification in a particular employment environment.
3. What is the exam focus of CompTIA Security+? Several security certifications exist in the market so what led to the development of Security+ and who is the target audience? What capabilities should one expect of a CompTIA Security+ certified professional?
Answer: You are correct that there are several security certifications in the market. Each one of the more well known certifications has a particular niche. For example, the CISSP is aimed at security professionals at an executive (CIO, CISO) or management level who make policy decisions about organizational security. By contrast, CompTIA Security+ is squarely aimed at the experienced technical security professional, the hands-on professional with responsibility for day-to-day security for an organization. We continue to recommend two years of hands-on security experience before attempting the Security+ exam, just as we did for the original exam in 2002. Especially with the new exam (2008 edition), the focus is on knowing how to address security issues, rather than just knowing what they are.
4. Who benefits from, what is the relevance of, Security+? Can you give us tangible benefits and beneficiaries? What are the market prospects for Security+ candidates? What are the possible career opportunities?
Answer: Companies in every industry, government agencies, and companies that do government contract work benefit from Security+. Increasingly, government agencies and contractors in the U.S. are having to comply with new laws or directives that require them to demonstrate that they have policies and skilled workers in place to help counteract the risk of confidential information getting into criminal hands.
In the U.S., the Department of Defense requires certification, and Security+ is one of the certification options for personnel in "Technical Level II" or "Management Level I" jobs with the military. As government and military outside the U.S. adopt similar laws or mandates, we can expect the use of security certification, and Security+ specifically, to increase. Internationally, multiple divisions of Hitachi and Fujitsu use Security+ on a regular basis to validate the skills of their employees. In the Philippines as well as the U.S., the security company TrendMicro has new support staff take Security+.
A November 19, 2008 article in Forbes Magazine spoke of a "cybercrime boom" internationally because of the worldwide problems with the economy. It spoke of skilled technical workers who are turning to crime because they don't have jobs. Because of the higher incidence of identity theft and fraud, financial institutions are more interested than ever in employees who are trained and certified in security.
Finally, recent articles have pointed out that certifications generally have declined, but security certifications have not. The ongoing concern about security is causing an increase in the number of people and organizations who support Security+ certification.
5. What is your current estimate of number of people attempting the CompTIA Security+ every month? How many people have achieved the Security+ certification?
Answer: We have well over 2,000 people take Security+ every month. I must say that because of U.S. laws and military mandates, the majority of those are in the U.S. But the numbers in other countries are rising. Security+ exam deliveries are at an all-time high, with more than 60,000 people certified to date.
6. How should candidates prepare for the Security+ exam?
Answer: First let me say I highly recommend that candidates have hands-on security experience before attempting the exam, because it is a technical exam in which there are "scenario" based questions that require the candidate to know how to execute security, rather than just knowing what a term means. To prepare, candidates should look at the exam objectives, which are downloadable from the CompTIA website at http://certification.comptia.org/security/prepare.aspx .
Also on this page are links to study materials, as well as training companies authorized by CompTIA.
7. How will the global meltdown, the uncertain economic climate and rising unemployment numbers affect Security+ certification and candidates?
Answer: You might not expect it, but in times of economic uncertainty, more people get training and certification than in better times. In some situations it is paid for by the local unemployment offices or by employers that let people go. I think there are IT professionals who may not have been certified before, who look at certification as a way to differentiate themselves in a crowded market. And as I've said, Security+ is an excellent certification to get because organizations are more focused than ever on preventing criminal theft of their confidential data.
8. What relationship does Security+ certification have and how does it compare with other Security certification efforts such as CISSP, CISA, CEH, etc?
Answer: I mentioned the relationship of Security+ to the CISSP certification before. As for the CISA, this is intended specifically for professionals who are focused on security audits. The CEH is a niche type of certification that people often take after they have taken Security+. Security+ is typically taken as a technical benchmark, before specializing in a particular security area or moving on to management,.
9. What trends do you see in Security with regards to skills, products and services? And how does CompTIA Security+ fit in? What plans does CompTIA have for Security+?
Answer: The threats associated with wireless products certainly have changed Security+, in that there is more emphasis on wireless networking in the new exam. Unauthorized access to systems and the resulting losses has caused CompTIA subject matter experts to put more emphasis on access control in the new exam. Security+ will be updated every three years from now on, to make sure that the exam prepares candidates with skills and knowledge about the latest security issues and how to address them.
10. Last word: What other tips and advice would you have for candidates interested in or preparing for the CompTIA Security+ certification? What would you encourage them to do?
Answer: I would encourage them to find a way to get hands-on network security experience—either through their jobs, or by taking training or enrolling in local college classes that have hands-on labs. I also encourage them to read, and keep up on the latest issues in security.
Jidaw.com thanks Carol Balkcom, the Security+ Certification Product Manager for CompTIA (the Computing Technology Industry Association) for her time as well as for the great work she is doing with CompTIA certifications.
AISA Content is provided by Jidaw Systems on behalf of The African Information Security Association (AISA)
Jidaw Systems Limited (Jidaw) is an information technology solution provider that specializes in IT Consulting, e-business, Content provision, Web Publishing, Computer Networking and Training. Jidaw Systems Limited, developed and runs www.jidaw.com .
Jidaw Systems Limited is the originator of the IT Entrepreneurship Guide series - Success in IT Business programs and a Foremost Authority on IT Career development. Jidaw Systems is a NASITEA partner.
IT Career Development.
A major focus of Jidaw (Mastercomputers) is the promotion of IT Career Development. Jidaw presents
FREE IT Career Seminars
The IT Entrepreneur Guide - Best Job in Information Technology
Success in IT Business (SITB) training program is designed to help You Discover the Reality and Principles required to create your own Profitable and Sustainable IT Business. Being Your Own Boss is the best IT job because what you do and how you do it in your information technology business is all up to you.
With SITB You Gain from Helpful, Down-to-Earth Ideas and Real life Experiences of IT Entrepreneurs!
What Do you Have to Say? Post Your Comments about this Content Resource Here.
Mar 3, 2009
Temitope James of Kaduna, Nigeria says:
Thank you once again for shedding light on this important area. Security certifications are on the rise! Keep up the good work!
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.