More than 30,000 IT professionals have been certified for the Computing Technology Industry Association (CompTIA) Security+ certification program, and that figure is as of November 2006.
“Given our normal statistics, it’s probably around 33,000 by now,” Carol Balkcom, product manager, said. “That’s as much due to Department of Defense Directive 8570 as anything else.”
Security+ was introduced at the end of September 2001, and in the wake of 9/11, Congress moved to strengthen the protection of the nation’s computer networks. This eventually led to the Department of Defense (DoD) issuing Directive 8570 in August 2004.
“Directive 8570 says that if you work in a DoD job, and your job is primarily information technology, you have to get certified in the area in which you work,” Balkcom said. “There is a table in their directive that includes a number of certifications, and Security+ is one of them.”
Balkcom also said government contractors and employees for defense companies such as Northrop Grumman, EDS and General Dynamics also are being pointed toward Security+ by Directive 8570. But the defense industry isn’t the only one driving the numbers behind Security+.
“Security touches absolutely everything that has to do with information or the Internet at this point,” Balkcom said. “It’s a factor in information, regardless of industry, so companies in the health care industry are having their employees certified.”
Medical transcription service provider MedQuist has sent many of its employees for Security+ certification.
“In the banking industry, as well, information and the security of that information is critical, so we have Citicorp employees taking Security+,” she said.
The number of IT professionals certifying for Security+ has gone up every year since it was introduced, and CompTIA doesn’t expect these numbers to stagnate anytime soon.
“I would expect it to keep growing, particularly if we pay attention to what the market needs,” Balkcom said, identifying wireless and VoIP as two areas where demand is growing with respect to security.
Security+ addresses these areas to some extent, but CompTIA is considering whether they should be weighed more heavily.
Security+ might see another boost from collaboration with Microsoft. IT professionals can receive a specialization credit toward the Microsoft Certified Systems Engineer: Security certification via Security+. Balkcom said Microsoft soon will use Security+ as the entry-level exam toward MCSA: Security.
CompTIA intends for Security+ to be the go-to starting point in IT security.
“It’s the foundation-level exam that people should take first before they take any other kind of security certification,” Balkcom said.