IT Certification: Security

Obtaining an IT Certification is a great way to boost your career by documenting your skill and knowledge level of past and current technologies. Nothing will replace a formal college education where one learn the important scientific methology as well as competences, but certifications are specific merits as an expert in a vendors product or vendor neutral expert knowledge in a topic or technology.

You basically need four things to prepare and pass a certification exam or test. First you need study material in form of either books, e-learning software or e-learning videos. Secondly, you need access to the internet so you can verify information by reading vendor whitepapers and get specific information on topics that are not covered well in the study material. Third, you need a testing software that resembles the real test in format and topic depth. This is an important tool to prepare you for the style of the exam and to ensure you have covered all bases. Some may neglect testing software due to cost issues, but this is a bad choice because should you fail a test just once, you could have afforded the testing software for that particular test. Finally, you need persistence, dedicated time and a good study plan to prepare for the test.

Why: Taking and choosing a Microsoft certification is a good choice as most organizations use Microsoft products in their infrastructure, especially on the clients as most users only are familiar with Microsoft Windows.

What: Microsoft has an extensive certification program in both technical skills as well as application skills. Tests can be taken in all countries at testing centers using either Prometric or Vue testing software. The tests are mostly 50-60 questions over approximate 2 hours in a variety of formats, e.g. multiple choice, select all that apply, scenario based and drag and drop questions. Microsoft tests are aiming to testing the applicants experience with as well as knowledge about products.

The Microsoft security certification on MCSE level is building on the core client, network, server and active directory exams by adding exams in Security Design (Defense in Depth, security technologies), Host Security (vulnerabilty and risk analysis, policy design and implementation, patch management) and Perimeter Security (ISA firewall), thereby taking a high level and decent technical look at securty on the Windows platform.

Where: You can read more about the certifications from Microsoft here:

• MCSA 2003 Security Requirements
• MCSE 2003 Security Requirements
• Upgrade to Server 2008 Certifications

Why: In the process of studying for a certification test you may need to look up information, to post questions to peers, to measure your skills and test the quality of the testing software beeing offered.

What: On the internet you can find many of the resources needed as many offers these services for free in the general interest or as samples for testing their products hoping for a sale.

Where: You can find many of these tools here:

• MCP Member Site
• MSMCSE Forum
• CertCities
• Transcender Testing Demos
• MeasureUp  Testing Demos
• Selftest Testing Demos
• UCertify Testing Demos
• Boson Testing Demos

Online: Some tools are online searchable dictionaries, definitions or glossaries:

• IANA Ports
• Tantalo Ports
• RFC Definitions
• Extention Search
• WepOpedia Extensions
• IT Glossary
• Keyboard Layouts

Why: Other security certifications are the hottest and most in-demand certifications in 2005. Due to the rapid development and spread of spyware, viruses and worms many companies are actively dedicating resources for patch management and other security initiatives including encryption and certificate services, where other areas often has budget cuts to reduce costs.

What: There are several security certifications offered. They are either vendor specific, broad vendor neutral or expert vendor neutral certifications and thereby serves different purposes. You can select the security certifications that applies to your current job requirements, your career path and future job requirements, so you must make choices based on your own individual situation and skills. A guide to the different certifications can be found here.

Where: You can read about some of the security certifications that are most recognized worldwide in the industry and by companies here:

Security Concepts

• SANS GSEC Certifications
• ISC² CISSP Certification
• CompTia Security+
• Planet3 CWSP Certifications
• Isaca CISM

Hacking and Penetration Testing

• Mile2 CPTS Certification
• PwC PCSA Certification
• SANS GCIH Certification
• SANS GPEN Certification
• EC-Council | CEH Certification
• Isecom OPST Certification

Auditing

• Isaca CISA

Product Specific

• Checkpoint CPCS Pointsec Certification (prev. PCSE)
• EnCase^® Certified Examiner (EnCE^®)

Online: There are many resources that covers the topics tested in the different security certifications:

• DefCon Conference 
• BlackHat Conference
• SANS Webcasts
• Microsoft Webcast Series
• Microsoft Security Webcasts
• INS Webcasts
• Microsoft Security Guidance Center
• Microsoft Technet Security
• SearchSecurity Webcasts
• CISSP Info
• CISSP Training
• MCP Magazine

Recommended Products: Here are a few commercial products that can be recommended when persuing a security certification:

• Career Acedemy CEH CBT kit
• Learnkey Hacking Revealed CBT Kit
• Learnkey CISSP CBT Kit
• CBTNuggets CISSP CBT Kit