CompTIA recently announced that more than 20,000 people had passed its Security+ credential by late October, about a year after the certification achieved the 10,000-certificants milestone. Growth in Security+, which covers topics like communication security, infrastructure security, cryptography, access control and authentication, shows no signs of slowing down, either, said Neill Hopkins, vice president of skills development at CompTIA.
Hopkins cited a Bureau of Labor Statistics prediction that information security occupations would be among the top five ‘hottest’ jobs in IT over the next several years—with 10 percent growth projected by 2012—as an indicator that Security+ would continue to be in demand. “We anticipate that organizations will continue to focus more resources on combating IT security threats through education, training, certification and investment in security products and solutions,” Hopkins said. “The reason is that the proliferation of worms, viruses, phishing, pharming and assorted other threats and scams seems to be growing, not lessening.”
Another important sign of the certification’s success is its adoption in the academic world. Hopkins said 50 colleges and career centers have added instruction in CompTIA Security+ to their IT programs in the past year. This provides incoming IT professionals with exposure to the program and the security principles it espouses early on, giving them a foundation for later success.
Many enterprises’ efforts thus far to meet the security challenges to their IT environment have been lacking, Hopkins said. “Organizations across all sectors of the economy say they have heightened their security preparedness. Yet our third annual security study from earlier this year found that nearly 40 percent of organizations surveyed experienced a major IT security breach—defined as one that causes real harm, results in the loss of confidential information or interrupts business—within the last six months. The number of serious IT security breaches has remained consistent between 2002 and 2004.
“Even more alarming, human error, either alone or in combination with a technical malfunction, was blamed for four out of every five IT security breaches (79.3 percent), the study found,” he added. “That figure is not statistically different from last year. Clearly there is recognition of the importance of IT security for organizations across all sectors of the economy. But security assurance continues to depend on human actions and knowledge as much, if not more so, than it does on technological advances.”
Thus, the need for qualified professionals: Hopkins said that CompTIA polling showed that 84 percent of respondents who invested in staff security training felt that their security had improved, up 18 percent from two years ago. “Training’s positive effect on IT security is most often described in terms of improved potential risk identification, increased awareness, improved security measures and a generalized ability to respond more rapidly to problems,” he explained. “Certification’s improvement to IT security is described in virtually identical terms. To be truly effective in preventing and combating security threats, organizations need to take further steps by spreading security awareness and knowledge from a select group of IT staff to larger portions of their employee base. Decision-makers and executive-level staff must become better informed about the real costs of security breaches; and the real return on investment (ROI) available with both security training and certification.”
For more information, see http://www.comptia.org.