Getting Hands-On With Your Security Training
The market for security certifications has exploded over the past 18 months as businesses seek to fill a void in their IT organizations, the “security doers.” What is a security doer? Why is this position so important? Why is there still so much confusion as to what is really needed? These questions are starting to be answered as businesses are given a clearer solution on what they need in the way of security skills and training to best protect and run their networks.
(ISC)2 has done a terrific job of giving the data networking industry a great security thinker/security professional certification. If you want to design an enterprise-wide security plan, call a CISSP; he will have the skills to develop your security solution and can plan how to incorporate the best security policies for your organization’s needs.
The real security training need in today’s marketplace is hands-on security training to empower network engineers and administrators with real-world security implementation skills. They have to understand policy, in addition to having the configuration, administration and management skills to complete the rollout. The more they know, the more efficient the security solutions will be because they will be built with the networks in mind. When you build the solution with the network in mind, you can reduce latency and costs. A security planner may feel that every remote data transmission needs encryption. But on closer inspection by one of the networking folks, it turns out that the majority of those transmissions consist of administrative e-mail between a branch location and the central office. It is not a corporate mandate to protect internal e-mail, so both cost and time are saved. Thus, the network engineers and administrators become “security doers.”
In order for e-business to be the total revolution predicted, every networking professional will need to have some competency around security doing. Security is no longer a network afterthought; it is now the basis for how the network is built. Proper security is a competitive advantage, as an e-commerce company with a solid security solution can execute on its business plan faster, more effectively and with fewer concerns. If that security is built correctly into the network, performance will be maintained, reliability will increase, and the company will have achieved a double win: strong security wrapped around consistent network performance and reliability. This happens when the network engineer, designer and administrator know enough about security to listen, understand and add value. In addition, this is possible when the security professional has confidence that the network team understands his perspective.
The certification industry has stepped up and is providing the business enterprise certifications for the “security doer.” The main theme of these certifications is an underlying understanding of data-networking principals, mainly TCP/IP, routing and LAN networking, as well as an understanding of practical design, configuration and administration of network security. A few examples are CompTIA’s Security+, The TruSecure ICSA Certified Security Associate (TICSA) and (ISC)2’s Systems Security Certified Practitioner (SSCP) certifications. These are great concepts and an essential part of being a security doer, but there is one piece that a business should demand, and that is hands-on skills.
The certification shows that the professional has both networking and security knowledge, but a true “security doer” must have real-world, hands-on skills. In order to ensure that your security doers are well rounded, you should demand they train for their certifications in a hands-on environment.
The certification industry has provided many new tools to certify that networking people have “security doer” skills. The certification industry should continue to tie these certifications to “doing” and not just to “thinking.” The need for CISSP will continue to increase, and as this need increases, the need for security doers will increase by three- to fourfold more. Businesses will want the security professionals to plan and design their security solution and will want their internal networking professionals to implement those plans within their current networking environment. In the past, businesses were wary of this solution because of the lack of security skills within their networking teams. Now they don’t have to be. Get your networking people properly trained in a hands-on environment, then send them out to prove their skills by getting one of the next “security doer” certifications. There will be no reason to be wary, as you will get the most efficient security solution for your business and networking needs.
David Mantica is the worldwide director of networking for Global Knowledge, a worldwide leader in IT education and training solutions.