As harsh as it seems, experience isn't always enough. Author David Fells covers some of the more prominent vendor-neutral certifications available and shows which you might need to keep your career on track.
In the area of security certifications, there are several prominent programs available, the most notable of which is CompTIA Security+. The skills and knowledge measured by this exam, according to the Security+ Exam Objectives, was derived and validated through input from a committee and over 1,000 subject matter experts representative of industry.
The certification is intended to serve as validation of the technical knowledge required of foundation-level security practitioners, according to the objective sheet. Anyone holding the Security+ certification should know enough about fundamental security to perform basic security assessments and take measures to plan and implement security procedures in a business environment. The specific objective domains for this exam include general security concepts, communication security, infrastructure security, basics of cryptography and operational/organizational security.
In addition to the Security+ exam, professionals may pursue the Security Certified Network Professional certification. There are actually two flavors of this certification, the associate level and professional level, or SCNA and SCNP, respectively. SCNA tests the candidate's knowledge of building trusted networks and SCNP tests knowledge of defensive security strategy.
The program focuses on two key areas of security: Firewalls and Intrusion Detection Systems (IDS). Two exams must be passed to obtain the certification. The first is Hardening the Infrastructure exam, which covers contingency planning, tools and techniques, security on the web, router security and ACLs, TCP/IP packet structure and security, and operating system security. The second exam, Network Defense and Countermeasures, covers network defense fundamentals, security policy design and implementation, network traffic signatures, vpn concepts and implementation, IDS concepts and implementation, and firewall concepts and implementation. The exams are completely scenario based and require a truly in depth knowledge of the subject matter to pass, all but eliminating the possibility of "paper professionals" holding the certification.
The true value of security certifications is the trust of clients that goes along with them. Most business customers will not allow you to even enter their security space without seeing your security certifications; the technology is just too critical. Certifications help protect solution providers as well because if a mistake is made and a hole is opened up in a company's security system, the solution provider could be held legally liable. Employing certified security professionals is one major step in the way of preventing that situation from arising.
Security certifications are especially important to small businesses who are already struggling to establish a reputation and an identity in a crowded IT market. They allow the solution providers to approach a potential client with proof that they possess the skills needed to deliver a secure network infrastructure.
Security is the number one concern for everyone in today's computing environment and customers are understandably skeptical about the ability of solution providers to secure their networks. It is unusual for a week to pass without a relatively high profile security breach or Internet virus showing up in the news, and businesses are usually at the highest risk to these security threats. Solution providers who employ security professionals who hold vendor-neutral security certifications can work with confidence that all the key aspects of security will be evaluated and addressed appropriately, limiting liabilities in both reputation and money.