CompTIA "Advanced" Security Certification ?

GeeLo

Any of you guys heard of this? Supposedly CompTIA is coming out with this "advance" security certification to complete with CISSP and try to get CISSP "equivalent" ISO approval in regards to the DoD 8750 "CISSP level".

Two things about this.

1) This is a slap in the face to everyone who took the Security+ exam, especially those who needed this in there current jobs as a "requirement".

2) CISSP has been out as the "defacto" Industrial IT security along with a few others.. I don't think CompTIA is thinking to smart on this one, that they can move more into this area over the other security certifications.

SephStorm

It was mentioned in another thread (EDIT: Here- http://www.techexams.net/forums/security/57515-security-new-certification.html ). personally I am tired of any cert in the CISSP arena. I am tired of seeing CISSP on any security posting, and I don't want another security management cert added to the list. Instead, they should be looking at a more hands on examination, maybe try making a computer/network defense certification. That would be a breath of fresh air with all of the new CN Attack certs.

tbgree00

I agree with SephStorm. I have applied to a couple of entry level security related jobs that require 1 year security experience and CISSP. I was under the impression you needed 5 years security experience to get the CISSP. The job also paid like 30k - 60k and if I actually had the experience and expertise to get that high level of cert I would expect more money than that.

I'm getting frustrated with the cert bloat I'm seeing in job listings. Luckily I have an MCSA because I applied for a Tech support assistant role that required a high school degree, 2 years experience, and the MCSA or MCSE with CCNA preferred. The job revolves around teaching people how to use MS office and sharepoint. It's really a little crazy.

tpatt100

I really don't see how its a slap in the face for anybody who took the Security+ since the Security+ would be below what their new cert is.

I wish they would make something mid range and more hands on security related instead of the CISSP "high level management" stuff.

Maybe something more mid level Windows/Linux domain with some how to for policy writing, documentation for medium sized businesses.

Really the basics of security are not that bad its actually following the polices after you implement them.

UnixGuy

+1

sephstorm wrote: »

it was mentioned in another thread (edit: Here- http://www.techexams.net/forums/security/57515-security-new-certification.html ). Personally i am tired of any cert in the cissp arena. I am tired of seeing cissp on any security posting, and i don't want another security management cert added to the list. Instead, they should be looking at a more hands on examination, maybe try making a computer/network defense certification. That would be a breath of fresh air with all of the new cn attack certs..

.

ajmatson

+2, too many certs out there for each category makes for a mess of un-qualified people. CompTIA needs to just focus on what they offer now instead of coming up with new money schemes.

RobertKaucher

tpatt100 wrote: »

I really don't see how its a slap in the face for anybody who took the Security+ since the Security+ would be below what their new cert is.

I wish they would make something mid range and more hands on security related instead of the CISSP "high level management" stuff.

Maybe something more mid level Windows/Linux domain with some how to for policy writing, documentation for medium sized businesses.

Really the basics of security are not that bad its actually following the polices after you implement them.

I think that if CompTIA's other certs are any guage here this will be considered midrange and CISSP will still be considered advanced. The issue with making any certification "hands on" is always the same. How do you procter the exam? This always increases the cost. Look at the MCA and MCM exams.

NetworkingStudent

GeeLo wrote: »

Any of you guys heard of this? Supposedly CompTIA is coming out with this "advance" security certification to complete with CISSP and try to get CISSP "equivalent" ISO approval in regards to the DoD 8750 "CISSP level".

Two things about this.

1) This is a slap in the face to everyone who took the Security+ exam, especially those who needed this in there current jobs as a "requirement".

2) CISSP has been out as the "defacto" Industrial IT security along with a few others.. I don't think CompTIA is thinking to smart on this one, that they can move more into this area over the other security certifications.

CompTIA Creating Advanced Security Certification
Plus: MS MCDST Cert. being phased out, four Oracle exams exiting beta, book of the week.
by Emmett Dulaney
9/20/2010 -- In addition to the widely recognized Security+ certification they already have, CompTIA is adding to their offerings an advanced security certification for those with 10 years IT experience, with at least five of those years dealing hands-on with security. This enterprise security administrator certification will differ from the entry-level Security+ in depth of objectives and critical thinking skills needed.

To become certified, candidates will pass one exam on the following domains:

Enterprise Security
Risk Management, Policy/Procedure and Legal
Research and Analysis
Integration of Computing, Communications and Business Disciplines
CertCities.com | Column: CompTIA Creating Advanced Security Certification

Looks like this certification requires at least ten years of IT security experience.

Doesn't the CISSP require 5 years of security experience?

Devilsbane

As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.

Asif Dasl

Oh why bother? I would rather go with SSCP over a CompTIA advance security cert any day.

DoubleD

i certainly wont bother with CompTIA now they expire no point in doing them

erpadmin

Devilsbane wrote: »

As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.

Actually, if you want to be technical.....

http://www.techexams.net/forums/444200-post3.html

But, yes, this new one will be out next year, Security+ will be retired, and this will be the one that DoD will want in place of Security+ and has to get done every three years.

I just hope that even though it gets "retired", I am sure enough folks who took the exam will cry foul. I only took this exam because it was required for WGU and of course I wanted it to be "lifetime" like the other CompTIA certs. But I still want my all of my certs to remain valid, Security+ especially.

Hopefully there will be clarification on that though.

Devilsbane

Retiring a test doesn't invalidate it. We would still be Security+ certified for life. Just nobody else would be able to take the test and eventually it would no longer be recognized. Just like those that already have the i-net+ certification. They still have it, but 20 years from now nobody will give a $*** about it.

Bl8ckr0uter

Can someone point me to where they said security plus is getting retired?

tbgree00

I feel like I missed something. The Security+ is being retired but not invalidated? I haven't seen anything about that. It's a little discouraging since I hadn't taken it yet. I wonder if it being retired will have any impact on the MCSE:S using it as an elective.

erpadmin

Devilsbane wrote: »

Retiring a test doesn't invalidate it. We would still be Security+ certified for life. Just nobody else would be able to take the test and eventually it would no longer be recognized. Just like those that already have the i-net+ certification. They still have it, but 20 years from now nobody will give a $*** about it.

20 years?....I remembered i-net+ as being ridiculously easy even when it was out then....(not dissing folks who did get it or anything, but seriously....I'd rather be proud of the CIW Associates cert.....lol). AFAIK, it was a cert that wasn't exactly taken seriously...

Devilsbane

Bl8ckr0uter wrote: »

Can someone point me to where they said security plus is getting retired?

I haven't seen it. I'm just saying that if they did retire it, that doesn't mean that you never obtained it.

And the 20 years was an exaggeration.

RobertKaucher

Devilsbane wrote: »

They still have it, but 20 years from now nobody will give a $*** about it.

You mean people do now?

SephStorm

lol, if Security+ goes away, what will people do before their 5 and 10 years of security experience?

(BTW, if you really have 10 years of security knowledge, nearly any cert should be a walk in the park, your resume is going to destroy this cert, this cert is truly worthless.)

RobertKaucher

Devilsbane wrote: »

As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.

I really doubt this is the case now that I see the experience requirements. The Security+ is not just intended for IT. Remember that it also a requirement for other profesions in DoD as well. Let's face it, the Sec+ is actually pretty easy and consists mostly of knowing facts.

The Sec+ serves an entirely different purpose than this exam. Sec+ is perfect for Jr. admins and other IT pros. It is *not* a certification that a security analyst would brag about having. Since the advanced cert is going to have to comply with the ANSI rules, it will certainly need to be renewed as well.

I would also add that for a security certification to have value, it *must* have a renewal policy. So to those who are complaining about CompTIA's new policy - just stop. A 15 year old A+ is totally worthless. A 10 year old security+ is nearly as bad. I urge people to consider this new policy as actually adding value to these certifications. It's the same with Cisco and ,ost of the high level security certs.

Devilsbane

RobertKaucher wrote: »

I really doubt this is the case now that I see the experience requirements. The Security+ is not just intended for IT. Remember that it also a requirement for other profesions in DoD as well. Let's face it, the Sec+ is actually pretty easy and consists mostly of knowing facts.

Maybe it is something they were planning all along. I just find it a little convenient that we hear about it not too long after CompTIA decided to honor previous Security+ certifications for life (because initially even existing certifications would have to comply with re-certifying)

erpadmin

RobertKaucher wrote: »

I would also add that for a security certification to have value, it *must* have a renewal policy. So to those who are complaining about CompTIA's new policy - just stop. A 15 year old A+ is totally worthless. A 10 year old security+ is nearly as bad. I urge people to consider this new policy as actually adding value to these certifications. It's the same with Cisco and ,ost of the high level security certs.

I agree with everything about this post, including mostly this.

My whole thing with the A+, Network+ and Security+ is that these certs were NEVER intended to be the only certifications a IT pro would have (if they were going to even go the certification route). These certs, Security+ included, were intended to validate what you knew so that you can perform what was validated by taking these certs. In truth, I NEVER needed any of these certs, but only wanted them because I thought that I was going to take my MCSA and that A+/Net+ would be an easy elective. Then I got hired into this new job as a ERP, so the MCSA 2K3 bit kind of died. Sec+ of course was just so that I'd have a lifetime cert AND for 6 WGU Credit Units. However, am I going to apply for a InfoSec job solely on my Sec+? No f'ing way....in fact that's not even the track I want to pursue. Having said that, it has always been my opinion that every IT professional needs to know at least the basics of IT security, since security has ALWAYS been a mainstay in our profession. I could have proved I had this knowledge before I even took the exam.

I guess what I'm trying to say, is even though my A+ is going to be 5 years old, along with Network+, I'm not going to renew them just because they're old [I did briefly consider it, but then thought better of it...lol]! Because of my everyday duties, I should be able to prove what has changed between now and 5 years prior. For A+, a perfect example would be SATA vs. IDE/(P)ATA/whatever [it will always be IDE to me... ]. Network+ would be TCP/IP vs every other protocol. CompTIA isn't exactly something I'm going to keep throwing money at, though because of my studies, I need to take Project+...but that's the last CompTIA exam I'm ever going to take, as it stands now. Now, I'm not the DoD or any other agency/company that demands to take these exams every three years, but to me, it is completely a waste of time to recertify (unless of course you have to to keep your DoD job, again....my opinion still stands).

But there are things that are going on in Security that aren't even included in the Sec+ exam, like EV certificates. (Something I am VERY familiar with....I had to install 12 of them. ). EV certs need a minimum of 2048 bits (used to be 1024, but that's going to change if it hasn't already, so I made my requests with 2048-bit keys anyway). Point is there are other things going on in infosec that admins, security professionals, PC technicians, etc., etc., need to keep current on. A cert by itself won't do that...you have to constantly keep up with what's what.

That is the beautiful nature of IT...

erpadmin

Devilsbane wrote: »

(because initially even existing certifications would have to comply with re-certifying)

CompTIA member companies and other members (having a cert does not make you a member, btw) made a HUGE stink about that and were threatening some sort of action, because the whole draw of CompTIA exams were that the certs were for life. CompTIA had no choice but to make it's current compromise: All certs you earned are yours for life, until 12/31/2010. Then 1/1/2011, any certs earned (A+, Network+ and Security+ will need to be revalidated every three years).

But that was why we don't have to re-certify.

RobertKaucher

Devilsbane wrote: »

Maybe it is something they were planning all along. I just find it a little convenient that we hear about it not too long after CompTIA decided to honor previous Security+ certifications for life (because initially even existing certifications would have to comply with re-certifying)

I don't understand your reasoning. It's a new cert, it does not replace the Sec+, Sec+ does not go away. I will have my Sec+ for life and never take this exam because it offers no value to me. Sec+ did at the time. If I had the expiring Sec+ and worked for a place that required it be kept up-to-date, I would keep it up-to-date. That really has nothing to do with CompTIA creating a new cert.

This is a professional level exam. Security+ is an entry level exam. It's like suggesting that the creation of the MCITP: Enterprise Admin was to force you to upgrade your MCP on Windows XP.

If Security+ were being replaced, I might agree. But this exam is to follow it, not replace it. With a 10 year requirement of IT experience, I think this is a little harder than even the CISSP to attain. Sec+ to this is like CCENT to CCNP.

Bl8ckr0uter

RobertKaucher wrote: »

If Security+ were being replaced, I might agree. But this exam is to follow it, not replace it. With a 10 year requirement of IT experience, I think this is a little harder than even the CISSP to attain. Sec+ to this is like CCENT to CCNP.

I don't think that they meant that it was going to require 10 years experience, I just thought that they were aiming at the more experienced crowd. I want to do the beta of the exam (I kind of like the name). I wonder how the cpe system will work or if they will have any sims.

RobertKaucher

Bl8ckr0uter wrote: »

I don't think that they meant that it was going to require 10 years experience, I just thought that they were aiming at the more experienced crowd. I want to do the beta of the exam (I kind of like the name). I wonder how the cpe system will work or if they will have any sims.

Details, details... But they are requiring 5 years of direct security experience which does put it on a similar level to the CISSP.

My point is just that you guys who are going for the Sec+ should not be bothered by this. What I see is Devilsbane getting frustrated that there is yet another flipin' security related cert out there that he is going to have to consider. I'd be frustrated, too. But I don't think it will devalue the Sec+ any. I'm just saying try to view this in a better light, because it doesn't really cause any problems with the value of the Sec+ at all. Sec+ is a good way to show fundamental knowledge. This cert will not change that.

Devilsbane

erpadmin wrote: »

CompTIA member companies and other members (having a cert does not make you a member, btw) made a HUGE stink about that and were threatening some sort of action, because the whole draw of CompTIA exams were that the certs were for life. CompTIA had no choice but to make it's current compromise: All certs you earned are yours for life, until 12/31/2010.

I think that happened in like March, and then in September there is this new Security exam? Just seems fishy to me.

And RK, no not everyone will get it. But if CompTIA can get half or even a quarter of Security+ holders to get locked in their loop it will equate to lots of money in their pockets.

I'm actually not frustrated, I don't mind a new Security cert. I just wish it was at a lower level. As others have mentioned, there is Security+ which is fairly basic and then the next step up is a large leap. It would be nice to have a step somewhere in between. I just think that motive for this new Cert was money rather than providing a new certification.

RobertKaucher

Devilsbane wrote: »

I think that happened in like March, and then in September there is this new Security exam? Just seems fishy to me.

And RK, no not everyone will get it. But if CompTIA can get half or even a quarter of Security+ holders to get locked in their loop it will equate to lots of money in their pockets.

I'm actually not frustrated, I don't mind a new Security cert. I just wish it was at a lower level. As others have mentioned, there is Security+ which is fairly basic and then the next step up is a large leap. It would be nice to have a step somewhere in between. I just think that motive for this new Cert was money rather than providing a new certification.

Into whose pockets? They are a non-profit. So its not like they are paying anyone dividends. You have to remember they have bills to pay (rent, salaries, electricity, water, etc) and certification and the education/training material they provide is what keeps them in business. I do believe that CompTIA makes dumb mistakes like any large company, but I don't see this as a grab for cash. It's a grab to stay relivent in the current market. These entry level certs are becoming less and less relevant in the market, IMO. Remember when A+ used to be the shizzle?

CompTIA must do these things or they are going to be relegated to meaninglessness and eventually just be desolved. Their corporate members will see no reason to support them. If they don't break inot higher level exams, they will forever be the cert provider of the helpdesk.

But I totally agree with you about the mid-level market. Where the hell is it? The entry level certs are having less and less value (how many times have you seen help desk jobs asking for an MCSE?) and the have requirements I cannot reach and may never be able to. :-/

erpadmin

RobertKaucher wrote: »

Into whose pockets? They are a non-profit. So its not like they are paying anyone dividends. You have to remember they have bills to pay (rent, salaries, electricity, water, etc) and certification and the education/training material they provide is what keeps them in business. I do believe that CompTIA makes dumb mistakes like any large company, but I don't see this as a grab for cash. It's a grab to stay relivent in the current market. These entry level certs are becoming less and less relevant in the market, IMO. Remember when A+ used to be the shizzle?

Just because they are "non-profit" doesn't mean they aren't looking to make money. All that means is that instead of taking the profit they do get (and they're gonna get a lot of it) to put into their pocket, they instead reinvest it back into CompTIA. But it's not like because they're non-profit, they do it out of the kindness of their heart....

Having said all of that, I agree with you that it's more to stay relevant with the "big boys"....and get out of the entry-level schtick that CompTIA is known for.

RobertKaucher

erpadmin wrote: »

Just because they are "non-profit" doesn't mean they aren't looking to make money. All that means is that instead of taking the profit they do get (and they're gonna get a lot of it) to put into their pocket, they instead reinvest it back into CompTIA. But it's not like because they're non-profit, they do it out of the kindness of their heart....

Having said all of that, I agree with you that it's more to stay relevant with the "big boys"....and get out of the entry-level schtick that CompTIA is known for.

Agree 100%. But I think that is a good thing. If CompTIA does not continue to offer new, more relevant certs they will go out of business. What good will my Sec+ and Linux+ to me be if CompTIA is gone? I think this is a good step. And I agree with Devilsbane that they need some midlevel certs as well.

GeeLo

LOL... now back to the creator of the thread..

A few things..

First, Security+ is not a entry level cert.. never has been and never will be, if you need Security+ for your job, your not in a entry level IT position.

Second, I do agree that CISSP (and a few other security certs) are way harder to obtain then Security+. But Security+ is not a walk in the park like some of you tend to say.

Third, CompTIA has always been a company that has provided long lasting "value" versus other certifications. Not just the over all cost of the certification, but the longevity or life-span of the certifications itself.

I had mixed reactions when I heard about the "Re-certify every 3 years" plan that CompTIA was doing in regards to ISO and the DoD, but learning now about a possibility of phasing out certifications like Security+, is really very disappointing. If CompTIA keeps putting $$$money$$ before their customers / members, they will lose money in the long run. I think I'll contact the a few high level CompTIA executives that I have corresponded with in the past, to see what they have to say.