Security is to IT as location is to real estate. Just as location is the most important factor in a real estate transaction for most buyers, security is of utmost importance in IT transactions. This is true with file sharing, database access, credit card transactions, and remote access and administration, among other things.

The IT departments at most organizations exist solely to enable the secure sharing of data between employees, customers, and other business partners. In January, Microsoft announced a broad new security initiative. Thus, it should come as no surprise that the Computer Technology Industry Association (CompTIA) is preparing its next certification to target network and software security. Much as IT professionals can demonstrate their PC hardware expertise with an A+ accreditation or their networking skills with the Network+ exam, candidates will soon be able to prove their command of security with CompTIA’s Security+ certification.

Demand for a security certification is increasing
Security is more than a catchy IT trend. Since networks have been transferring data between systems, providing secure transactions and restricting access to resources have been important functions of network operating systems. World events, competitive pressures, hacker and virus proliferation, and other factors have all conspired to increase the number of security threats an organization must defeat.

According to the results of the “Computer Crime and Security Survey,” conducted by the Computer Security Institute (CSI) and the Federal Bureau of Investigation’s (FBI’s) Computer Intrusion Squad, 90 percent of respondents detected security breaches within the last year. Further, 80 percent of the respondents suffered financial losses as a result. Some 85 percent battled viruses, while 78 percent experienced trouble with employees misusing e-mail and Internet access.

Those numbers are recent too. The survey was released just a month ago.

As the survey percentages demonstrate, most organizations experience security troubles. The time, energy, and expertise required to overcome security issues could easily overwhelm an IT department. Having spent an increasing amount of time fighting breaches, viruses, and abuses, it’s a sure bet IT professionals will be seeking to improve their security skills. The knowledge and expertise they gain will help them respond more effectively, identify threats more quickly, and better prepare systems and software from malicious use and intrusion risks.

Security+ certification to be balanced
However, measuring someone’s ability to secure systems and software has been difficult in the past. Organizations not suffering breaches or viruses haven’t known for sure whether their IT professionals have hardened systems appropriately or whether they’ve just been lucky. Certifications that target security specifically have been few and far between (although the CIW Security Analyst is making some strides). Now, CompTIA will release its vendor-neutral security exam later this year and shine more of the spotlight on security. The organization hopes to release the beta version of the Security+ exam in the third quarter. The final release is scheduled for the fourth quarter.

You can’t begin studying for it yet, though, as the exam objectives haven’t been finalized. CompTIA worked last month to complete its job task analysis workshop. The job task analysis step is taken to help map the final exam objectives to real-world issues. CompTIA’s goal is to create an exam that’s “truly reflective of security as defined by the industry.”

As I mentioned, Security+ (like all CompTIA exams) will be vendor-neutral. CompTIA ensures that its exams are neutral by working with an assortment of audiences. In the case of the Security+ exam, the certification is being prepared using input from 18 to 20 organizations, including software and hardware manufacturers, academic institutions, government agencies, and even consulting firms.

You could become an SME
Real-world IT professionals also play a major role in helping develop the Security+ exam. CompTIA relies upon subject matter experts (SMEs) to build and maintain its exams by writing questions, participating in the job task analysis workshop, reviewing questions, and more.

I recommend that you take a closer look at participating as an SME if you qualify as an IT security expert. Security+ SMEs are required to have:

  • Expertise in one or more subject areas covered by the certification.
  • Advanced networking skills.
  • More than three years of job experience in a technical or security position.
  • Other security training and certification.

IT professionals interested in participating can find more information on CompTIA’s Web site.

Eckel’s take
There’s no doubt that the time is right for an independent security certification. CompTIA will fill an important hole with the Security+ exam. Those IT professionals who work in a security-related field should consider participating in the SME process. You can learn more about the industry, the certification process, and security, build your resume, and find out how other organizations approach security concerns, all at the same time. That’s a great opportunity.

How important is an IT security certification to your organization? Will you be pursuing the Security+ accreditation when it’s released later this year? Post your comments below. Your feedback will help me determine whether I should create a study guide for the Security+ exam once it’s released.