Security Certifications

A new reality of the highly interconnected world is that we must deal with people who want to steal our information or disrupt the operation of our networks. The broad category of security includes defending our data and our networks—tasks that no one can afford to ignore. Securing a network requires not only a tremendous breadth of technical knowledge but also an almost constant effort to keep up with new security exploits. Companies are beginning to realize that they need more than network administrators, who might know only some of what they should know to keep company data safe. Thus, some companies have created a new job: security administrator.

Certifications that focus on security typically teach you the skills you need to secure a particular vendor's software or hardware. However, few of us use just one vendor's products to secure our networks, so a vendor-specific security certification demonstrates that you can secure just a subset of your network's resources. Perhaps if you achieve multiple vendor-specific certifications, you could demonstrate your ability to protect an entire network, but attaining—and maintaining—multiple certifications is time-consuming and costly. Given that new security threats arise almost daily, your first certification likely will have become at least partially obsolete by the time you earn your second certification. Therefore, earning a vendor-specific certification before you have a broad understanding of all the pieces that make up a secure network is like putting the proverbial cart before the horse.

The Global Information Assurance Certification (GIAC) brand of certifications takes the approach that you must start with a broad foundation that includes multiple vendors and OSs before you can add certifications from individual vendors. The SANS Institute provides the training for GIAC certifications.

The GIAC Security Engineer (GSE) certification, like the MCSE, is actually a set of certifications. As with the Cisco Certified Network Associate (CCNA) and the Microsoft Certified Systems Administrator (MCSA), the GSE starts with a certification that demonstrates an understanding of the basic methodologies for securing a network—in this case, the GIAC Security Essentials Certification (GSEC). The GSEC shows that you know the common forms of attack, the damage these attacks can do, and the common-sense procedures for defending against them. If you've earned the GSEC, you know the difference between a buffer overrun exploit and a Denial of Service (DoS) attack and the common techniques for securing a machine against each attack.

The full GSE requires six certifications that cover securing Windows, intrusion detection, firewall setup, and securing UNIX systems. Unlike the MCSE, the GSE requires not only that you have a great many skills but that you can apply those skills to a broad range of vendor products. The GSE's ultimate goal is to provide a certification for a senior-level security administrator whose job is to manage a heterogeneous network. This professional will set security policies, educate users about safe practices, monitor networks for attacks or breaches, harden servers, and design more secure networks.

Next week, we'll look at what makes the process of earning and maintaining a GIAC certification significantly different from the process for Microsoft and Cisco certifications. In the meantime, have a look at the GIAC Web site and begin to evaluate whether GIAC certifications might be a fit for you or your company.