The good news for those aiming to work in the information technology security profession is that there's an increasing need for greater security in the enterprise world and elsewhere. The two top factors driving demand for security professionals are potential threats, from sophisticated malware to data breaches and hacks, and the enterprise push to be mobile -- a business necessity making data and systems security more challenging than ever.
Every enterprise, from small supermarkets to federal agencies, are hiring on security gurus who can not only batten down system hatches, but figure out how to stay a few steps ahead of those striving to steal data, cripple networks and wreak havoc on operations.
So the good news is the increasing IT security job opportunities and expanding roles. The job title list now expands well beyond security specialist, with roles such as security engineer, security consultant, and IA technical manager filling the job listings.
The "bad" news is the challenge in determining which specific security role to choose as a career as many roles now demand skill certification. Choosing wisely is critical given the time and investment certification programs demand.
Certification options for security professionals are wide ranging for several reasons: the expansive nature of IT security needed today across the enterprise, the advancement of mobile tech and need to secure devices, and as mentioned, the ever-evolving security risks facing organizations. The growing options in security certification illustrate how important security staff is to everyone these days.
One of the most well-known and respected security certifications in the IT industry is the CompTIA Security+ certification. CompTIA is the acronym for the Computing Technology Industry Association, a non-profit trade association founded in 1982. The organization uses Pearson VUE testing centers for certification exams and its A+, Network + and Security+ certifications were accredited by the American National Standards Institute (ANSI) as of April, 2007.
CompTIA Security+ is approved by the U.S. Dept. of Defense to meet IA technical and management certification requirements and supported by a wide range of private companies such as Hitachi Information Systems as well as government contractors including CSC and Northrop Grumman.
Training for CompTIA Security+ can be done in the traditional classrooms in educational settings nationwide, or through online virtual classroom program.
CompTIA offers an online study program for all students seeking certification called CertMaster for training and getting prepared for the certification examination process. There is a free trial offer available.
The CompTIA Security+ training involves gaining an understanding of network security to cyber security threats and incident response. Training will traditionally cross into the network arena given security specialists are the ones focused on suspicious security-related issues such as malware, viruses and hacking intrusions.
These expansive skills are the prime reason CompTIA recommends, but does not require, attaining Network+ certification as well as a minimum of two years of experience in IT administration, with a focus on security.
Security+ certification exam
The 90-minute security certification exam, which costs $293 dollars, is multiple choice and performance based with a maximum of 90 questions. The CompTIA Security+ exam demonstrates that a certified professional has the skills and knowledge for identifying risk, can handle risk mitigation tasks and provide information, infrastructure, application and operational security. The certified professional can also apply security controls for protecting the confidentiality, availability and integrity of data while also troubleshooting security issues and is knowledgeable about applicable laws and regulations.
The Security+ examination has six objectives:
- Network security: 20 percent of exam
- Threats and vulnerabilities: 20 percent
- Operational security: 18 percent
- Application, data and host security: 15 percent
- Access control and identity management: 15 percent
- Cryptography: 12 percent
The Security+ examination is one of four CompTIA exams that incorporate performance-based questions (PBQs) in addition to multiple choice format questions. The PBQs, which are typically given at the start of the exam, assess an individual's capability in solving network problems in a simulated environment. Students are allocated a specific timeframe to answer PBQs but unlike the multiple-choice part students cannot see the exam clock and determine time remaining. CompTIA provides students with the ability to download examples of exam questions.
Initially certifications were lifetime certifications, but that changed as of 2010. Professionals certified after January 2011 now must renew every three years. One provision allows for a certain amount of documented hours certifications, geared toward use of the certification, to automatically renew the certification.
The industry organization also provides certified professionals continuing education courses and programs to help keep network skills updated given the ever-changing technologies and advancements in network systems.
"The cybersecurity skills gap," SC Magazine," December 8, 2014, http://www.scmagazine.com/the-cybersecurity-skills-gap/article/385079/
"CompTIA Certifications," CompTIA, December 2014, http://certification.comptia.org/getCertified/certifications.aspx
"Performance-Based Questions Explained," CompTIA, December 2014, http://certification.comptia.org/Training/testingcenters/performance-based-questions-explained
"Exam Prices," CompTIA, December 2014, http://certification.comptia.org/Training/testingcenters/examprices.aspx