Dear CertMag: Considering the Legitimacy of the Security Certified Program
I am looking into getting some security certifications, and the ones I am considering are those from the Security Certified Program (SCP). I wanted to see if they are a legitimate security certification provider before I spend my money. They offer three certifications: the Security Certified Network Specialist (SCNS), Security Certified Network Professional (SCNP) and Security Certified Network Architect (SCNA). The problem I am having with these certifications is that I don’t see them on any salary survey list, nor do I see companies requesting people have these certifications.
The SCNS, SCNP and the SCNA from the SCP are valid security certifications; after all, the SCNP and the SCNA meet U.S. Department of Defense Directive 8570 for Information Assurance Technical (IAT) Levels II and III, respectively.
You will not find the SCP range of certs on all surveys as it is more of a specialist certification than a more common mainstream certification like the Microsoft Certified Systems Administrator (MCSA) or Microsoft Certified Systems Engineer (MCSE).
Professional certifications are not there to take the place of experience but to reflect a personÃ¢â‚¬â„¢s experience and job responsibilities. With this in mind, for the companies that actually do their research and don’t just pull buzzwords out of thin air, such as asking for a MCSE for an entry-level position, there are two trains of thought:
- When a company lists a particular cert, they expect the candidate to have a certain amount of experience.
- When a company lists a certain amount of experience as a requirement, they desire that the candidate have a certificate that reflects that.
Can I guarantee that if you take and pass the SCP certifications that companies will be falling over to hire you for a new position? The answer is no; no one can guarantee you a job after completing anything unless you get it in iron-clad writing.
Security Certified credentials are a relatively new addition to the industry and as such have not seen the widespread adoption of more established offerings like the GIAC Security Essentials Certification (GSEC), the Certified Information Systems Security Professional (CISSP) from (ISC)2 or the Security+ from CompTIA. This is not, however, necessarily a reflection on the credential itself. As Ken notes, these credentials are accepted as part of the Department of Defense’s Directive 8570.
What the Department of Defense did was issue a mandate that individuals working as technical staff or management staff in an information capacity need to be held to an acceptable standard of security understanding to be able to maintain that role. It said that depending on the kind of environment the person works in and what they do, there are three levels of credentials that they might need to achieve. Offerings from Security Certified were accepted for Levels II and III, the latter being the most advanced of the current Defense Information Systems Agency (DISA) designated environment sensitivities.
What this means is that the federal government has decided that some of the Security Certified offerings are comprehensive enough to meet the security needs to protect highly secured environments, alongside more established credentials such as the CISSP. ”