Want to break into the security industry? Or do you need some review of the basics?
TruSecure has introduced a new certification on the fundamentals of security, the TruSecure ICSA Certified Security Associate (TICSA). The certification is aimed at security practitioners, people who may not be involved exclusively in security, but are responsible for security while handling other duties.
"Security is part of the day-to-day duties of network and system administrators," said Ed Tittel, a certification expert who is writing a training guide for the TICSA exam due this fall. "They are already dealing with it."
Generally, those studying to be a TICSA won't have security in their titles and will likely be general IT staff, said Robert Flinton, TruSecure's director of product marketing. "Such people may staff a help desk for some of the time, then work on some network configurations and then do some work with the firewalls," he said.
One must pass an exam and have either two years of IT work experience or 48 hours of training to qualify for the certification. TruSecure would prefer applicants have both the experience and training. The cost of the certification is $295.
It's too early to say how the TICSA certification will translate into dollars for holders of it. However, it will tell employers that an applicant with a TICSA knows the basics about security. Clearly, the demand for security professionals and IT workers with security experience is on the rise, Tittel said.
The computer-based exam is administered by Baltimore, Md-based Prometric, a provider of technology-based testing and assessment services. TruSecure has two levels of authorized training. Global Knowledge is the exclusive "certified" provider of training but there are multiple "authorized" providers as well.
One isn't required to receive training through a TruSecure approved provider in order to qualify for the certification. "We purposely didn't make this too stringent. Other training is fine if it focuses on the fundamentals of security," Flinton said.
The focus of the TICSA certification is on practical things rather than abstract best practices. For example, applicants learn the five or 10 things they should do to a firewall that would cover 80% or 90% of exploits. "You may be able to get your firewall 100% secure by spending all day on it, but exploits will get through another way," Flinton said.
The TISCA certification answers a need in the market as Microsoft and other certifications don't provide enough security training, said Tittel, who advised TruSecure on TISCA. Certifications for Solaris and other Unix flavors are a little better than Windows training. For administrators, the TISCA certification "can't hurt but probably would help," he said.
The Certified Information Systems Security Professional (CISSP) certification, by contrast, is geared toward senior IT people, most of whom have more than eight years in IT and who tend to specialize in security, Tittel said.
In fact, the organization behind CISSP, the International Information Systems Security Certification Consortium (ISC)2, has recognized the TICSA as complimentary, Flinton said.
The TICSA certification is just the first step for security professionals (and for TruSecure). Late this year or early next, the company will introduce a higher level, TruSecure ICSA Certified Security Expert certification. Being a TICSE requires first being a TISCA and a couple more years of work experience. The exam will also be a little more hands-on. Applicants will also select specific modules for specializations such as wireless, NT and firewall management, Flinton said.
Currently, the TICSA is only available in North America. TruSecure hopes to certify 3,000 TICSAs by the end of this year, but the number should jump next year when the certification is available in other areas, Flinton said.
TICSA holders will have to undergo 48 hours of training to qualify for recertification after two years.