Security Certifications: Boosting Business
Few technology integrators today can afford to commit their resources to projects that might fail to pay off. On the contrary, investments in products, partnerships and personnel must be carefully scrutinized and weighed to determine their viability in a business environment that is increasingly competitive.
For the past 20 years, Subject, Wills & Company has succeeded as a full-service IT integrator by anticipating customers’ needs and investing intelligently in solutions to meet those needs, then delivering the right products and services at the right price. This sound philosophy continues to drive the company and helps ensure its ongoing success and future profitability.
Subject Wills employs approximately 50 people. Today, one of Subject Wills’ most valued investments is the security training and certification its personnel receive. For years, Subject Wills has successfully integrated a broad range of proven security solutions into its customer offerings. Now, seven Subject Wills engineers have also earned a variety of security certifications. Why? Because it pays off.
According to the 2002 CRN Certification Study, solution providers typically see an ROI in the 60 percent to 70 percent range, depending on the type of certification and the size of the solution provider. In addition, the same study shows that security certifications offer some of the highest rates of return for both large and small solution providers—up to 97 percent, in some cases.
Selecting a Security Certification Program
There are currently more than 30 vendor-neutral security certifications and many more vendor-specific ones. Vendor-neutral offerings provide a solid foundation of security information; vendor-specific programs build on that foundation by covering the intricacies of particular products.
With the number of available security certification programs increasing rapidly to keep pace with today’s escalating information security needs, selecting the most appropriate program is a matter of matching needs with offerings. For Subject Wills, it was critical to select a program that covered general security technologies as well as product-specific details and business issues, such as deployment, management and ROI.
To that end, the company evaluated vendor-neutral offerings first. The three most widely recognized certifications are (ISC)2’s Certified Information Systems Security Professional (CISSP), the SANS Institute’s Global Information Assurance Certification (GIAC) and ISACA’s Certified Information Systems Auditor (CISA).
After careful assessment, Subject Wills chose to participate in the CISSP certification program because it requires a thorough understanding of the administrative and operational components of security. CISSP certification would provide evidence of the company’s ability to select and deploy security tools and to create the most effective security policies for each customer. To date, one Subject Wills engineer has completed CISSP certification, another is scheduled to take the test, and two more are actively working toward certification.
Subject Wills then evaluated vendor-specific offerings. Because the company had successfully worked with Symantec security solutions for years, it also gave Symantec certification courses careful consideration.
According to Subject Wills, the company invested in Symantec certification and training because it combines comprehensive and diverse training offerings and hands-on experience with performance-based testing on a variety of technologies, solutions and implementations. Symantec offers multiple certification courses to train partners on basic products as well as specific security technologies.
Each Symantec training and certification course can be used as a stepping-stone to achieve higher levels of knowledge and expertise. The program provides product-specific training that focuses on a single security product and its functionality in an overall security system. In addition, the program focuses on vendor-neutral security knowledge of how to design, plan, deploy and manage effective security solutions.
Subject Wills boasts one Symantec Certified Security Practitioner (SCSP), the highest level of certification in the program, with another engineer nearing course completion. An SCSP is a senior security consultant who demonstrates in-depth knowledge and expertise across the complete range of security disciplines by achieving certification in all security solutions categories, including intrusion detection, firewall and VPN, vulnerability management and virus protection and content filtering.
Symantec training and certification programs are notably broad and deep, covering a wide range of products, technologies and business issues—all from a centralized source. Further, few security training courses—whether vendor-specific or vendor-neutral—complement their technology training with the invaluable project management approach provided by Symantec.
How Does the Customer Benefit?
Security training and certification programs should be a critical priority among IT integrators, VARs and solution providers. At the most basic level, security certifications demonstrate to customers a very high level of competence in selecting, implementing and managing even the most complex security infrastructures. Security certifications significantly improve the marketability of integrators and resellers and serve as one of the most significant differentiators in an increasingly competitive marketplace. In fact, for a growing number of companies today, security certification is a prerequisite to doing business with any IT integrator or VAR.
Security training and certification does not replace hands-on experience but instead offers an invaluable complement to it. Without the academic knowledge provided through coursework, whether conducted in the classroom or online, experience is only useful when responding to repeat problems. Hands-on experience alone does not provide the depth and breadth to deal with new situations. Training enables security workers to bring a wider context to the security issues they face, even as the security landscape evolves and new threats emerge.
Subject Wills considers security certifications, together with real-world experience, an essential component for signing new customers and keeping existing ones. In fact, the company estimates that security certification was essential in more than half of the security business it won in 2002 and a factor in more than $100,000 of new business to date.
By combining vendor-neutral programs with vendor-specific courses such as those from Symantec, IT integrators and VARs can enjoy a complete, holistic point of view of security as it affects each area of their customers’ business operations. Customers, in turn, are assured of world-class protection made possible only through exceptional products, services and personnel.
According to Subject Wills, certified security expertise is the wisest of investments for integrators and VARs, especially in a time when many solutions providers are struggling to stay profitable. More customers than ever are turning the complex task of protecting their critical systems and data to integrators who can provide clear evidence of their security competence. And high-ROI-yielding security certifications—both vendor-neutral and vendor-specific—provide proof positive.
Stuart Nelsen is manager of Engineering Services at Subject, Wills & Company and is a Symantec Certified Security Practitioner.