Problem solve Get help with specific problems with your technologies, process and projects.

Choosing the right vendor-specific security cert expert Ed Tittel sorts out the vendor-specific security certification landscape.

There are plenty of options for those seeking vendor-specific security certifications and with this update we see a few changes to the landscape. Identifying which is right for you or your employees remains a relatively simple matter.

When it comes to choosing vendor-specific security certifications, the process is much simpler than it is for vendor-neutral ones. When considering a vendor-neutral cert, we advise you to evaluate the pros and cons of various programs so as to be able to compare and contrast them and select a viable candidate. However, on the vendor side it's usually only necessary to consider the following:

  • Your security infrastructure -- Inventory your security infrastructure and identify which vendors' products or services play a role.
  • Availability of certifications -- Check to see if certification applies to products or services in your organization.
  • Return on Investment -- Decide if spending the money to obtain credentials (or to fund them for your employees) is worth the resulting benefits.

We'll help you out with the second consideration -- determining what's available -- with this semi-annual update of the vendor-specific certification landscape. There aren't a huge number of changes this time around. The IBM Solutions Expert, IBM Specialist and Tivoli SecureWay Public Key Infrastructure credentials are no longer available, and the Novell Security Specialist program was retired in August of 2003. We've added coverage of the Check Point Certified Security Principles Associate (CCSPA), IBM Certified Advanced Deployment Professional -- Tivoli Security Management Solutions 2003, SAINT certification and Symantec Technology Architect.

Now, let's dive into a big bowl of alphabet soup by exposing all the vendor-specific security-related certification programs -- and their inevitable acronyms -- that occupy this landscape.

  • CCSA -- Check Point Certified Security Administrator
    Check Point's foundation-level credential, this program prepares individuals to manage basic installations of Check Point's VPN-1/FireWall-1 product. Topics covered include working with security policy; deployment and management of security gateways; tuning VPN-1/FireWall-1 performance with security policy; log management; intruder blocking; working with user, client and session authentication; and managing network address translation.
    Source: Check Point Software Technologies
  • CCMSE -- Check Point Certified Managed Security Expert
    The CCMSE aims to identify individuals who work with Check Point's VPN-1/Firewall-1 and Provider-1 Internet security solutions. The credential covers implementing VPN-1/Firewall-1 as an enterprise security solution and working with Provider-1 in a network operating center environment to provide centralized security policy implementation and management.
    Source: Check Point Software Technologies
  • CCSE -- Check Point Certified Security Expert
    This is an intermediate-level credential aimed at VPN and firewall concepts, policies, strategies and the VPN-1/Firewall product. It covers installing and configuring VPNs; managing post-install procedures; working with the SMARTClient packaging tool; configuring and testing SecuRemote tools for remote access VPNs; creating VPN desktop policies; setting up NAT; installing CheckPoint NG with Application Intelligence software; managing context security to block Java and viruses or filter URLs; working with digital certificates and trusts on VPNs; and implementing gateway-to-gateway encryption. Prerequisite: CCSA.
    Source: Check Point Software Technologies
  • CCSE Plus -- Check Point Certified Security Expert Plus
    The CCSE Plus addresses advanced VPN-1/FireWall-1 technical topics and expertise. Topics covered include risk assessments, network diagramming and security policy design and development; placing security components in a network using VPN-1/FireWall-1, LDAP and CVP/UFP servers; configuring rule bases for traffic management and encryption; configuring multiple and single entry-point (MEP and SEP) VPNs with ClusterXL; installing an LDAP server and integrating UserAuthority; using Malicious Activity Detection on suspicious network traffic; working with debugging tools and protocol analyzers; and troubleshooting various VPN-1/FireWall-1 issues.
    Source: Check Point Software Technologies
  • CCSP -- Cisco Certified Security Professional
    An intermediate-level Cisco professional certification (requires CCNA or CCIP as a prerequisite), the CCSP must understand key aspects, components and systems relevant to Cisco's security products and platforms. Required topics among the five exams include securing IOS networks, working with the Cisco Secure PIX Firewall, the Cisco Secure Intrusion Detection System and the Cisco Secure VPN. Candidate must also take an exam on Cisco's SAFE implementation (a general security framework for small- and mid-size operations or infrastructures).
    Source: Cisco Systems
  • CCSPA -- Check Point Certified Security Principles Associate
    An entry-level certification, the CCSPA focuses on security fundamentals, concepts and best practices, and incorporating network and systems security with business needs. This credential covers the Information Security Triad, threat and vulnerability assessments, security policies, business continuity plans, safeguards and countermeasures, security and network architecture, encryption algorithms and access control technologies.
    Source: Check Point Software Technologies
  • Cisco Qualified Specialist Program
    Cisco Qualified Specialists can pursue mid-level certification across a broad array of subjects and technologies. This program includes several credentials with strong -- if not exclusive -- security components, including the following:
  • EnCE -- EnCase Certified Examiner
    Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase computer forensics tools and software. Prerequisites include a combination of software licenses, training and field experience and a formal application process, as well as passing a related certification exam.
    Source: EnCase Certified Examiner
  • FCSS -- Field Certified Security Specialist
    Still under development, this set of performance-based certifications permits individuals to specialize in Cisco, Check Point or cross-platform topics (which is why we list it in both the vendor-specific -- although the parent organization points out that these certs are "vendor-independent" -- and vendor-neutral surveys). Check the Web site for more information on this emerging program, which is scheduled for release in 2004.
    Source: Field Certified Security Specialist (FCSS) Certification Information
  • IBM Certified Advanced Deployment Professional -- Tivoli Security Management Solutions 2003
    One of IBM's Advanced Deployment Professional credentials, this certification covers a broad range of higher-level security topics. Advanced deployment professionals must have a strong background in and knowledge of the following topics as they relate to security: communications, infrastructure, cryptography, access control, authentication, external attacks and organizational issues. Four exams are required to obtain this certification, including CompTIA's Security+.
    Source: IBM, Inc.
  • RSA SecurID CA -- RSA SecurID Certified Administrator
    This certification is designed for professionals who manage and maintain enterprise security systems based on RSA SecurID products. Recipients can operate and maintain RSA SecurID components within the context of their operational systems and environments, troubleshoot security and implementation problems, and deal with updates, patches and fixes.
    Source: RSA SecurID Certified Administrator
  • RSA/CI -- RSA Certified Instructor
    This is designed for security professionals who wish to teach others how to design, deploy and maintain solutions built around RSA SecurID products. Candidates must attend RSA SecurID courses they wish to teach, attain RSA/CSE and RSA/CA certification, attend an RSA/CI workshop and demonstrate their ability to teach the material in a classroom.
    Source: RSA SecurID Certified Instructor
  • RSA/CSE -- RSA Certified Systems Engineer
    The RSA/CSE is designed for security professionals who install and configure enterprise security solutions built around RSA SecurID, ClearTrust and KEO PKI Core products (three separate credentials, one for each product family). Candidates must be able to design client solutions based on analysis of business needs, match implementations to client environments and infrastructures, and carry a solution from design, through prototyping, pilot and full-scale deployment phases.
    Source: RSA Certified Systems Engineer
    SAINT certification requires attendance at a two-day course geared toward information security professionals and system administrators, and passing one exam. The course focuses on TCP/IP and security fundamentals, and installing, configuring and using SAINT and SAINTwriter.
    Source: SAINT Corporation
  • SCSE -- Symantec Certified Security Engineer
    The SCSE requires passing all technology exams within a specific technology focus, as well as a security solutions exam for that same focus. Three or four exams are required in total, depending on the chosen technology focus. Security solutions topics are: virus protection and content filtering, intrusion detection, vulnerability management, and firewall and VPN technologies.
    Source: Symantec Corp.
  • Symantec Certified Security Practitioner
    This is a cumulative certification that requires individuals to pass all of Symantec's nine technology exams and its four security solutions exams. Security solutions topics include: virus protection and content filtering, intrusion detection, vulnerability management, and firewall and VPN technologies.
    Source: Symantec Corp.
  • Symantec Product Specialist
    A single-product focused credential, Symantec Product Specialists must pass any one of a number of technology exams to attain this entry-level credential. Topics and products covered include Symantec AntiVirus, WebSecurity, Intruder Alert, NetProwler, Enterprise Security Manager, NetRecon, Symantec Enterprise Firewall and Firewall Advanced Concepts.
    Source: Symantec Corp.
  • Symantec Technology Architect
    A single-product focused and entry-level credential, recipients must pass any one of the security solutions exams. Security solutions topics include: virus protection and content filtering, intrusion detection, vulnerability management, and firewall and VPN technologies. Source: Symantec Corp.
  • Tivoli Certified Consultant
    Part of the IBM family of companies, one of Tivoli's Certified Consultant credentials covers security topics -- the IBM Tivoli Access Manager for e-Business (formerly Tivoli Policy Directory). Certified consultants must have a strong working knowledge of infosec concepts, tools and technologies, and understand how to design, deploy, manage, maintain and troubleshoot Access Manager environments.
    Source: Tivoli Systems Inc.
  • Tivoli Certified Solutions Expert
    Several of Tivoli's Certified Solutions Expert credentials cover security topics. These include the IBM SecureWay Firewall for Windows NT and the IBM SecureWay Firewall for AIX. For each area of focus, certified solutions experts must have a strong understanding of general infosec concepts, tools and technologies, and understand how to manage and maintain solutions around the products specific to each specialty.
    Source: IBM, Inc.

    Remember, when it comes to selecting vendor-specific security certifications, your product choices will probably dictate your options. If your security infrastructure includes products from vendors not mentioned here, be sure to check with them to determine if training or certification on such products is available. Please let us know if our revised survey of this landscape has missed anything. We can't claim to know, see or be able to find everything, so all feedback -- especially if it adds to this list -- will be gratefully acknowledged. As always, feel free to e-mail us with comments or questions at [email protected].

    About the authors
    Ed Tittel is the president of LANWrights, Inc., a wholly owned subsidiary of Ed has been working in the computing industry for more than 20 years and has worked as a software developer, manager, writer and trainer. As an expert on, he answers your infosec training and certification questions in our Ask the Expert feature.

    Kim Lindros has more than 10 years of experience in the computer industry, from technical support specialist to network administrator to project editor of IT-related book at LANWrights. She has edited more than 25 books, and co-authored two certification books and numerous online articles with Ed.

    For more information on this topic, visit these resources:
This was last published in December 2003

Dig Deeper on Security industry certifications