Keeping Tabs on the CompTIA Security+ Certification
IT security is one of the most in demand areas of information technology and network management in the industry today. IT security offers numerous opportunities for growth and development and bestows a wide range of employment opportunities for IT professionals with the appropriate and up to date credentials.
As a result, it is no surprise that many systems and network professionals are interested in applying their background and experience toward a career switch to IT security. However, it is not enough to simply have worked in systems administration; it is necessary to have the right training to be competitive in the job market.
This article will provide suggestions regarding a training path for IT professionals who are interested in making the switch from general systems or network administration and support into IT security. Perhaps the most optimal training path involves a two step process beginning with Security+ certification and continuing with Certified Ethical Hacker certification. The article will also include some reasons why these certifications are recommended for this suggested training path for transitioning from systems and network management into IT security.
The first component of the suggested training path for transitioning from general systems and network support to IT security is the completion of the Security+ certification (ie. http://www.securityplusclasses.com/). The Security+ certification is an excellent first step because it focuses entirely on approaches to network and data security in a variety of network environments. The certification is not partial to any vendors, making it highly flexible and adaptable to a range of enterprise settings. Furthermore, it is a completely international certification that is valid and accepted around the globe.
Technicians who obtain Security+ certification will have evidence that they are well versed in network administration and security, protocols related to access control, system security at the individual level, and enterprise-level security that spans entire organizations with a broad, top-level approach. The Security+ certification is best suited for technicians with more seniority and experience who are ready to work in IT security environments. Upon completion of this certification, technicians will be well prepared to work in network support environments for the federal government as well as high end corporate environments.
The second component of the suggested training path for transitioning from general systems and network support to IT security is the completion of the Certified Ethical Hacker certification (http://www.trainace.com/courses/ceh/). The Certified Ethical Hacker certification prepares technicians and administrators to tackle a range of network intrusion attempts through some of the most sophisticated and up to date countermeasures available in the industry.
Administrators who hold the Certified Ethical Hacker certification will be well prepared to work in any IT security environment. Their certification is upheld and backed by the EC Council, or the International Council of Electronic Commerce Consultants. According to the EC Council’s guarantee, the administrators who have completed the Certified Ethical Hacker certification will have a firm foundation in defending networks, penetration testing through a variety of advanced methods, and how to use and defend networks against methods of intrusion that are commonly used by hackers and crackers.
Holders of this certification will demonstrate their IT security comprehension and aptitude through their ability to execute demonstration attacks against the security configurations of networks of any size. Through these demonstration attacks, they will be able to search for points of entry and point out any possible areas of weakness before the same penetrations are attempted by people with nefarious intentions.
Because the material taught to candidates for the Certified Ethical Hacker certification is sensitive and highly specialized, candidates must have a minimum of two years of work experience dealing with advanced network security before they can begin the certification program and complete the certification exam. The restrictions are put in place in order to keep people intending to use the information taught in Certified Ethical Hacker programs for nefarious purposes from gaining easy access to the information.
In conclusion, given the rich opportunities for growth that come with a background in IT security, it is no surprise that a number of IT professionals with a general background in systems administration and network support have begun to pursue the training and certification necessary to function effectively in IT security positions.
While there are a number of training paths IT professionals may take to prepare themselves for a career in IT security, the most thorough and effective training path is likely to be one that begins with the Security+ certification and proceeds into the completion of the Certified Ethical Hacker certification. Upon completion of these certification programs, technicians and administrators will be well prepared to enter the dynamic and challenging field of IT security.
Protecting U.S. military communication and data access systems is critical to ensuring national security. Defending the nation from modern threats, whether from terrorists, nations or hackers, increasingly involves in-depth knowledge of networked computer architecture. Accordingly, the U.S. Department of Defense (DoD) has mandated that military and civilian personnel who access these systems must demonstrate the solid technical proficiency and operational awareness to effectively maintain the integrity of its classified computer networks.
U.S. (Department of Defense) DoD Directive 8570.1, issued in 2004, requires IT professionals who work in certain defense-related technical and management capacities to obtain standardized credentials to validate their knowledge of proper use of classified systems. The 8570.1 Directive specifies that Information Assurance Technical (IAT) and Information Assurance Management (IAM) personnel, at IAT Level II or IAM Level I, respectively, must either currently hold or obtain a vendor-neutral security-related certification shortly after being hired. This mandate applies to military personnel and civilian contractors who handle privileged information through DoD networks. Although staff are not specifically required to hold the Security+ certification to work in IAT Level II or IAM Level I positions, it is one of several that Defense Department employees and contractors can earn to satisfy the 8570 requirements. For example, an IAT Level II Computer Network Defense Analyst must earn at least one of the following certifications:
* CompTIA Security+
* SCNP (Security Certified Network Professional)
* GSEC (GIAC Security Essentials Certification)
* SSCP (Systems Security Certified Practitioner)
The IAT-ranked engineer can hold one, several, or all of the above certifications. Similarly, a network manager classified as IAM Level I would be required to hold at least one of these certifications:
* CompTIA Security+
* GISF (GIAC Information Security Fundamentals)
* GSLC (GIAC Security Leadership Certification)
CompTIA’s Security+ certification is popular because it builds on the fundamental knowledge demonstrated through obtaining the A+ and Network+ certifications, both of which are common requirements for entry-level IT jobs. In fact, CompTIA lists either a Network+ certification or equivalent knowledge obtained from work experience as unofficial prerequisites for those who intend to take the Security+ exam. Most accredited training programs that teach Security+ concepts will also strongly suggest that students possess comprehensive knowledge of network architecture before enrolling in preparation courses.
The 90 minute Security+ exam consists of 100 multiple-choice questions that measure knowledge of general computer network security, cryptographic principles, intrusion defense, access management and other concepts and practices essential to securing classified military IT systems. Those who seek the Security+ credential should know that an updated version of the exam was released in May 2011. Any preparatory courses or study materials purchased should specifically refer to test SY0-301. Books or courses based on the old SY0-201 test, which was retired on December 31, 2011, may not provide adequate coverage of topics included in the most recent certification exam.
Because the knowledge required to effectively secure classified IT systems constantly changes, the Defense Department will soon require Information Assurance Program staff who qualify with Security+ certifications to regularly renew their credentials. Effective January 1, 2013, the only CompTIA certifications to be recognized as DoD 8570-compliant are those with a “CE” designation. These new certifications will be marked as “CE” to distinguish them as part of the continuing education track, where credentials must be renewed every three years to remain valid. Renewal can be achieved by taking the latest version of the certification exam or completing 50 continuing education units. These units can be earned through coursework, teaching, publishing or attending relevant IT conferences.
Welcome to the first post on SecurityPlus.Org At this site we plan to discuss the topics and trends happening in the arena that surrounds the CompTIA Security+ certification (information assurance) and of course discuss topics specifically about the Security+. Some of the the things we will cover include job and salary information and changes, content and exam changes and notifications, new content addition analysis, exam preparation tips and tricks and more.
For those of you who have not been paying attention to the Information Assurance (IA) industry, up until now anyways, the CompTIA Security+ (Security Plus) certification is the absolute most popular certification in the industry. If you work or plan to work in IA then achieving the Security+ is a must for you. More people in IA hold this cert than any other cert and for good reason.
The main reason is that Security+ covers a relatively wide but fundamental scope of information in the IA field. Best practices for any employee and manager are included and are typically implemented in to any secure environment in today’s workforce. Preventative topics like social engineering are covered as well, which help prevent most people from making small mistakes that can lead to data breaches.
The DoD8570 Directive also has much to do with the widespread popularity of the Security Plus cert. This Department of Defense directive makes it mandatory for most people working in an environment where they may come across or handle DoD classified information to hold the certification.
So as the popularity of the Security Plus certification grows, we will keep you posted on what you need to know. Changes are consistently being released and we will be there to keep you informed.
Blog at WordPress.com. Theme: Nishita by Brajeshwar.
