News
UPDATE: Certifying Your Security Expertise
Check your transcript — you might already be a security specialist, according to Microsoft.
(Dallas) Today at Microsoft TechEd, Microsoft introduced
two new security specializations within its MCSA and MCSE certifications.
Lutz Ziob, director of Microsoft's certification group, made the announcement
during chief security strategist Scott Charney's keynote address.
The new titles will be indicated by the word "Security" appended
to the titles — MCSA: Security and MCSE: Security — once candidates
complete the requirements for each specialization. Requirements for both
specializations is based on currently available Microsoft exams, with
the option of substituting CompTIA's Security+ for one of the requirements.
"We put together these certification specializations to allow IT
professionals a way to demonstrate a specific technical focus in the area
of security within their job roles," said David Lowe, product manager
for security with Microsoft's Training and Certification group. "The
new specializations are directly analogous to the existing base credentials,
but with a 'prescribed path' of specialization exams rather than electives."
As far as the term "specialization," Lowe emphasized that the
new monikers are not separate certifications mandating additional exam
requirements.
The MCSA: Security requirements are based on the current MCSA on Windows
2000 requirements. Candidates will need to pass five exams, consiting
of one core client OS exam:
- 70-210, Windows 2000 Professional or 70-270, Windows XP
and two core networking exams:
- 70-215, Windows 2000 Server
- 70-218, Managing a Windows 2000 Network
Then, candidates must pass two more exams related to security specialization:
- 70-214, Implementing Windows 2000 Security
- 70-227, ISA Server 2000 or CompTIA's Security+
MCSA:
Security |
1 Client OS |
70-210, Windows 2000 Professional
or
70-270, Windows XP |
2 Networking |
70-215, Windows 2000 Server |
70-218, Managing a Windows 2000
Network |
2 Prescribed |
70-214, Implementing Windows
2000 Security
|
70-227, Internet and Security Acceleration (ISA)
Server 2000 or
CompTIA Security+ |
|
The MCSE: Security has similar core networking requirements but, instead
of requiring exam 70-218, specifies the following two exams:
- 70-216, Implementing, Administering a Windows 2000 Network
- 70-217, Implementing, Administering Windows 2000 Directory Services
The security specialization portion is the same as the MCSA: Security,
but with the addition of another prescribed exam, 70-220, Designing Windows
2000 Security.
MCSE:
Security |
1 Client OS |
70-210, Windows 2000 Professional
or
70-270, Windows XP |
3 Networking |
70-215, Windows 2000 Server |
70-216, Implementing, Administering
a Windows 2000 Network |
70-217, Implementing, Administering
Windows 2000 Directory Services |
3 Prescribed |
70-214, Implementing Windows
2000 Security |
70-220, Designing Windows 2000
Security |
70-227, Internet and Security
Acceleration (ISA) Server 2000
or
CompTIA Security+ |
|
If the requirements for the security specializations have an uncanny
familiarity, it's because all the exams are already available. "It's
not like we're trying to validate an entirely new set of skills,"
Lowe explained. "We're validating existing skills based on tasks
that IT professionals are performing today."
Specializations for Windows Server 2003 |
Security specializations for the MCSA/MCSE
on Windows Server 2003 track are likely to follow suit
with the Win2K track, said David Lowe, product manager
for security with Microsoft's Training and Certification
group, including upgrade paths for MCSA/MCSE Specialists
on Windows 2000. While he said that it's reasonable to
expect similar security exams under the Windows Server
2003 track, Lowe indicated that the track is still under
development and details would be forthcoming later this
year. |
|
|
With the addition of CompTIA's Security+ to the prescribed exam choices,
that exam joins the A+, Network+ and Server+ exams as options under the
MCSA title.
"We're very pleased," Kris Madura, Security+ Program Manager
for CompTIA commented. "What Security + will do for these distinctions
is allow candidates to leave the program...with additional, broad-based
knowledge of vendor-neutral security issues on a global basis." Madura
added that Security+ would be an additional MCSA elective in combination
with one of the other CompTIA exams, but Microsoft was unable to verify
this; at press time, the option wasn't reflected on the current MCSA on
Windows 2000 Requirements page.
[Microsoft has since confirmed that Security+ can now be counted toward the MCSA and MCSE on Windows 2000 tracks; see "Security+ Added as MCSA/MCSE Exam Options."—Ed.]
Unlike the approach it took with the MCP/MCSE+Internet certifications,
the creation of specializations based on job roles is unique in the company's
certification program. "We don't really think that the industry has
clearly defined security job roles yet," Lowe said. "We recognize
that in IT job roles, like systems administrator and systems engineer,
there are a number of individuals who have a very specific concentration
on a particular area and, obviously, in an important area as security.
So that's what these specializations will allow individuals to demonstrate;
they'll get to highlight their focus on platform-specific security and
design skills."
Lowe said that the impetus for the latest announcement came from feedback
from its customers. "There have been a number of studies that have
shown that human error [and] lack of training are [the top] reasons for
a broad range of security issues that companies and organizations are
facing today."
"We recognize that security certification not only provides a way
for individuals to measure and validate their skills on important security
issues, but it also provides a way for employers and IT managers to ensure
that their technical staff has obtained and validated the appropriate
security skills necessary for the creation of a secure computing environment
in their organizations. This is another way in which Microsoft is supporting
the 'Secure in Deployment' tenet of the Trustworthy Computing Framework,"
which Bill Gates announced amid fanfare last February 2002.
Lowe wasn't sure how many MCSAs and MCSEs would be automatically certified
as security specialists upon launch of the designation. Also, because
the specialist designations are being added to existing titles, Lowe said
that Microsoft would not issue Early Adopter or Charter Member cards.
However, the company will automatically update transcripts of MCSAs and
MCSEs who have already passed the exams and make new logos available shortly
via the MCP Secure Web site. The company is also in the process of creating
Welcome Kits for the new specializations.
Lowe added that the idea of specializations would probably surface later
in other areas of certification, but he declined to offer details.
For more about the security specialist designations, click here.
To read more about the Trustworthy Computing Initiative, click
here.
For earlier MCPmag.com news on security certifications, see "Microsoft
Considering Desktop, Security Certs" by Becky Nagel,
CertCities.com Editor, (May 9, 2002).
—Additional reporting by Dian L. Schaffhauser, Editorial Director (in Dallas)
and Becky Nagel, CertCities.com Editor.
NOTE: As of the original posting of this article on June 2, this article has been updated.