CompTIA "Advanced" Security Certification ?

GeeLoGeeLo Member Posts: 112 ■■■■□□□□□□
Any of you guys heard of this? Supposedly CompTIA is coming out with this "advance" security certification to complete with CISSP and try to get CISSP "equivalent" ISO approval in regards to the DoD 8750 "CISSP level".

Two things about this. icon_rolleyes.gif

1) This is a slap in the face to everyone who took the Security+ exam, especially those who needed this in there current jobs as a "requirement".

2) CISSP has been out as the "defacto" Industrial IT security along with a few others.. I don't think CompTIA is thinking to smart on this one, that they can move more into this area over the other security certifications.
Vendor Neutral Certified in IT Project Management, Security, Servers, Workstations, Software, Networking, Windows, Unix and Linux and.. Cloud. :-)
«1

Comments

  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    It was mentioned in another thread (EDIT: Here- http://www.techexams.net/forums/security/57515-security-new-certification.html ). personally I am tired of any cert in the CISSP arena. I am tired of seeing CISSP on any security posting, and I don't want another security management cert added to the list. Instead, they should be looking at a more hands on examination, maybe try making a computer/network defense certification. That would be a breath of fresh air with all of the new CN Attack certs.
  • tbgree00tbgree00 Member Posts: 553 ■■■■□□□□□□
    I agree with SephStorm. I have applied to a couple of entry level security related jobs that require 1 year security experience and CISSP. I was under the impression you needed 5 years security experience to get the CISSP. The job also paid like 30k - 60k and if I actually had the experience and expertise to get that high level of cert I would expect more money than that.

    I'm getting frustrated with the cert bloat I'm seeing in job listings. Luckily I have an MCSA because I applied for a Tech support assistant role that required a high school degree, 2 years experience, and the MCSA or MCSE with CCNA preferred. The job revolves around teaching people how to use MS office and sharepoint. It's really a little crazy.
    I finally started that blog - www.thomgreene.com
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I really don't see how its a slap in the face for anybody who took the Security+ since the Security+ would be below what their new cert is.

    I wish they would make something mid range and more hands on security related instead of the CISSP "high level management" stuff.

    Maybe something more mid level Windows/Linux domain with some how to for policy writing, documentation for medium sized businesses.

    Really the basics of security are not that bad its actually following the polices after you implement them.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    +1
    sephstorm wrote: »
    it was mentioned in another thread (edit: Here- http://www.techexams.net/forums/security/57515-security-new-certification.html ). Personally i am tired of any cert in the cissp arena. I am tired of seeing cissp on any security posting, and i don't want another security management cert added to the list. Instead, they should be looking at a more hands on examination, maybe try making a computer/network defense certification. That would be a breath of fresh air with all of the new cn attack certs..

    .
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • ajmatsonajmatson Member Posts: 289
    +2, too many certs out there for each category makes for a mess of un-qualified people. CompTIA needs to just focus on what they offer now instead of coming up with new money schemes.
    Working on currently:
    Masters Degree Information Security and Assurance (WGU) / Estimated 06/01/2016
    Next Up: CCNP Routing Exam | Certified Ethical Hacker Exam
    Cisco Lab: ASA 5506-X, GNS3, 1x 2801 Router, 1x 2650XM, 1x 3750-48TS-E switch, 2x 3550 EMI Switches and 1x 2950T swtich.
    Juniper Lab: 1x SRX100H2, 1x J2320 (1GB Flash/1GB RAM, JunOS 11.4R7.5), and 4 JunOS Firefly vSRX Routers in VMWare ESXi 5.1
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    tpatt100 wrote: »
    I really don't see how its a slap in the face for anybody who took the Security+ since the Security+ would be below what their new cert is.

    I wish they would make something mid range and more hands on security related instead of the CISSP "high level management" stuff.

    Maybe something more mid level Windows/Linux domain with some how to for policy writing, documentation for medium sized businesses.

    Really the basics of security are not that bad its actually following the polices after you implement them.

    I think that if CompTIA's other certs are any guage here this will be considered midrange and CISSP will still be considered advanced. The issue with making any certification "hands on" is always the same. How do you procter the exam? This always increases the cost. Look at the MCA and MCM exams.
  • NetworkingStudentNetworkingStudent Member Posts: 1,407 ■■■■■■■■□□
    GeeLo wrote: »
    Any of you guys heard of this? Supposedly CompTIA is coming out with this "advance" security certification to complete with CISSP and try to get CISSP "equivalent" ISO approval in regards to the DoD 8750 "CISSP level".

    Two things about this. icon_rolleyes.gif

    1) This is a slap in the face to everyone who took the Security+ exam, especially those who needed this in there current jobs as a "requirement".

    2) CISSP has been out as the "defacto" Industrial IT security along with a few others.. I don't think CompTIA is thinking to smart on this one, that they can move more into this area over the other security certifications.

    CompTIA Creating Advanced Security Certification
    Plus: MS MCDST Cert. being phased out, four Oracle exams exiting beta, book of the week.
    by Emmett Dulaney
    9/20/2010 -- In addition to the widely recognized Security+ certification they already have, CompTIA is adding to their offerings an advanced security certification for those with 10 years IT experience, with at least five of those years dealing hands-on with security. This enterprise security administrator certification will differ from the entry-level Security+ in depth of objectives and critical thinking skills needed.

    To become certified, candidates will pass one exam on the following domains:

    Enterprise Security
    Risk Management, Policy/Procedure and Legal
    Research and Analysis
    Integration of Computing, Communications and Business Disciplines
    CertCities.com | Column: CompTIA Creating Advanced Security Certification

    Looks like this certification requires at least ten years of IT security experience.

    Doesn't the CISSP require 5 years of security experience?
    When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened."

    --Alexander Graham Bell,
    American inventor
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.
    Decide what to be and go be it.
  • DoubleDDoubleD Member Posts: 273 ■□□□□□□□□□
    i certainly wont bother with CompTIA now they expire no point in doing them
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Devilsbane wrote: »
    As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.


    Actually, if you want to be technical..... icon_cool.gif

    http://www.techexams.net/forums/444200-post3.html

    But, yes, this new one will be out next year, Security+ will be retired, and this will be the one that DoD will want in place of Security+ and has to get done every three years.

    I just hope that even though it gets "retired", I am sure enough folks who took the exam will cry foul. I only took this exam because it was required for WGU and of course I wanted it to be "lifetime" like the other CompTIA certs. But I still want my all of my certs to remain valid, Security+ especially.

    Hopefully there will be clarification on that though.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Retiring a test doesn't invalidate it. We would still be Security+ certified for life. Just nobody else would be able to take the test and eventually it would no longer be recognized. Just like those that already have the i-net+ certification. They still have it, but 20 years from now nobody will give a $*** about it.
    Decide what to be and go be it.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Can someone point me to where they said security plus is getting retired?
  • tbgree00tbgree00 Member Posts: 553 ■■■■□□□□□□
    I feel like I missed something. The Security+ is being retired but not invalidated? I haven't seen anything about that. It's a little discouraging since I hadn't taken it yet. I wonder if it being retired will have any impact on the MCSE:S using it as an elective.
    I finally started that blog - www.thomgreene.com
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Devilsbane wrote: »
    Retiring a test doesn't invalidate it. We would still be Security+ certified for life. Just nobody else would be able to take the test and eventually it would no longer be recognized. Just like those that already have the i-net+ certification. They still have it, but 20 years from now nobody will give a $*** about it.

    20 years?....I remembered i-net+ as being ridiculously easy even when it was out then....(not dissing folks who did get it or anything, but seriously....I'd rather be proud of the CIW Associates cert.....lol). AFAIK, it was a cert that wasn't exactly taken seriously...
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Can someone point me to where they said security plus is getting retired?

    I haven't seen it. I'm just saying that if they did retire it, that doesn't mean that you never obtained it.

    And the 20 years was an exaggeration.
    Decide what to be and go be it.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Devilsbane wrote: »
    They still have it, but 20 years from now nobody will give a $*** about it.

    You mean people do now?
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    lol, if Security+ goes away, what will people do before their 5 and 10 years of security experience?

    (BTW, if you really have 10 years of security knowledge, nearly any cert should be a walk in the park, your resume is going to destroy this cert, this cert is truly worthless.)
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Devilsbane wrote: »
    As was said in the original post (that sephstorm beat me to linking), the new CompTIA certification is likely just there so that those of us who have locked in Security+ for life will still need to take this new test and renew it every 3 years.

    I really doubt this is the case now that I see the experience requirements. The Security+ is not just intended for IT. Remember that it also a requirement for other profesions in DoD as well. Let's face it, the Sec+ is actually pretty easy and consists mostly of knowing facts.

    The Sec+ serves an entirely different purpose than this exam. Sec+ is perfect for Jr. admins and other IT pros. It is *not* a certification that a security analyst would brag about having. Since the advanced cert is going to have to comply with the ANSI rules, it will certainly need to be renewed as well.

    I would also add that for a security certification to have value, it *must* have a renewal policy. So to those who are complaining about CompTIA's new policy - just stop. A 15 year old A+ is totally worthless. A 10 year old security+ is nearly as bad. I urge people to consider this new policy as actually adding value to these certifications. It's the same with Cisco and ,ost of the high level security certs.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    I really doubt this is the case now that I see the experience requirements. The Security+ is not just intended for IT. Remember that it also a requirement for other profesions in DoD as well. Let's face it, the Sec+ is actually pretty easy and consists mostly of knowing facts.

    Maybe it is something they were planning all along. I just find it a little convenient that we hear about it not too long after CompTIA decided to honor previous Security+ certifications for life (because initially even existing certifications would have to comply with re-certifying)
    Decide what to be and go be it.
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    I would also add that for a security certification to have value, it *must* have a renewal policy. So to those who are complaining about CompTIA's new policy - just stop. A 15 year old A+ is totally worthless. A 10 year old security+ is nearly as bad. I urge people to consider this new policy as actually adding value to these certifications. It's the same with Cisco and ,ost of the high level security certs.

    I agree with everything about this post, including mostly this.

    My whole thing with the A+, Network+ and Security+ is that these certs were NEVER intended to be the only certifications a IT pro would have (if they were going to even go the certification route). These certs, Security+ included, were intended to validate what you knew so that you can perform what was validated by taking these certs. In truth, I NEVER needed any of these certs, but only wanted them because I thought that I was going to take my MCSA and that A+/Net+ would be an easy elective. Then I got hired into this new job as a ERP, so the MCSA 2K3 bit kind of died. Sec+ of course was just so that I'd have a lifetime cert AND for 6 WGU Credit Units. However, am I going to apply for a InfoSec job solely on my Sec+? No f'ing way....in fact that's not even the track I want to pursue. Having said that, it has always been my opinion that every IT professional needs to know at least the basics of IT security, since security has ALWAYS been a mainstay in our profession. I could have proved I had this knowledge before I even took the exam.

    I guess what I'm trying to say, is even though my A+ is going to be 5 years old, along with Network+, I'm not going to renew them just because they're old [I did briefly consider it, but then thought better of it...lol]! Because of my everyday duties, I should be able to prove what has changed between now and 5 years prior. For A+, a perfect example would be SATA vs. IDE/(P)ATA/whatever [it will always be IDE to me... :D ]. Network+ would be TCP/IP vs every other protocol. CompTIA isn't exactly something I'm going to keep throwing money at, though because of my studies, I need to take Project+...but that's the last CompTIA exam I'm ever going to take, as it stands now. Now, I'm not the DoD or any other agency/company that demands to take these exams every three years, but to me, it is completely a waste of time to recertify (unless of course you have to to keep your DoD job, again....my opinion still stands).

    But there are things that are going on in Security that aren't even included in the Sec+ exam, like EV certificates. (Something I am VERY familiar with....I had to install 12 of them. :D ). EV certs need a minimum of 2048 bits (used to be 1024, but that's going to change if it hasn't already, so I made my requests with 2048-bit keys anyway). Point is there are other things going on in infosec that admins, security professionals, PC technicians, etc., etc., need to keep current on. A cert by itself won't do that...you have to constantly keep up with what's what.

    That is the beautiful nature of IT... :D
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Devilsbane wrote: »
    (because initially even existing certifications would have to comply with re-certifying)

    CompTIA member companies and other members (having a cert does not make you a member, btw) made a HUGE stink about that and were threatening some sort of action, because the whole draw of CompTIA exams were that the certs were for life. CompTIA had no choice but to make it's current compromise: All certs you earned are yours for life, until 12/31/2010. Then 1/1/2011, any certs earned (A+, Network+ and Security+ will need to be revalidated every three years).

    But that was why we don't have to re-certify. :)
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Devilsbane wrote: »
    Maybe it is something they were planning all along. I just find it a little convenient that we hear about it not too long after CompTIA decided to honor previous Security+ certifications for life (because initially even existing certifications would have to comply with re-certifying)

    I don't understand your reasoning. It's a new cert, it does not replace the Sec+, Sec+ does not go away. I will have my Sec+ for life and never take this exam because it offers no value to me. Sec+ did at the time. If I had the expiring Sec+ and worked for a place that required it be kept up-to-date, I would keep it up-to-date. That really has nothing to do with CompTIA creating a new cert.

    This is a professional level exam. Security+ is an entry level exam. It's like suggesting that the creation of the MCITP: Enterprise Admin was to force you to upgrade your MCP on Windows XP.

    If Security+ were being replaced, I might agree. But this exam is to follow it, not replace it. With a 10 year requirement of IT experience, I think this is a little harder than even the CISSP to attain. Sec+ to this is like CCENT to CCNP.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    If Security+ were being replaced, I might agree. But this exam is to follow it, not replace it. With a 10 year requirement of IT experience, I think this is a little harder than even the CISSP to attain. Sec+ to this is like CCENT to CCNP.


    I don't think that they meant that it was going to require 10 years experience, I just thought that they were aiming at the more experienced crowd. I want to do the beta of the exam (I kind of like the name). I wonder how the cpe system will work or if they will have any sims.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    I don't think that they meant that it was going to require 10 years experience, I just thought that they were aiming at the more experienced crowd. I want to do the beta of the exam (I kind of like the name). I wonder how the cpe system will work or if they will have any sims.

    Details, details... icon_wink.gif But they are requiring 5 years of direct security experience which does put it on a similar level to the CISSP.

    My point is just that you guys who are going for the Sec+ should not be bothered by this. What I see is Devilsbane getting frustrated that there is yet another flipin' security related cert out there that he is going to have to consider. I'd be frustrated, too. But I don't think it will devalue the Sec+ any. I'm just saying try to view this in a better light, because it doesn't really cause any problems with the value of the Sec+ at all. Sec+ is a good way to show fundamental knowledge. This cert will not change that.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    erpadmin wrote: »
    CompTIA member companies and other members (having a cert does not make you a member, btw) made a HUGE stink about that and were threatening some sort of action, because the whole draw of CompTIA exams were that the certs were for life. CompTIA had no choice but to make it's current compromise: All certs you earned are yours for life, until 12/31/2010.

    I think that happened in like March, and then in September there is this new Security exam? Just seems fishy to me.

    And RK, no not everyone will get it. But if CompTIA can get half or even a quarter of Security+ holders to get locked in their loop it will equate to lots of money in their pockets.

    I'm actually not frustrated, I don't mind a new Security cert. I just wish it was at a lower level. As others have mentioned, there is Security+ which is fairly basic and then the next step up is a large leap. It would be nice to have a step somewhere in between. I just think that motive for this new Cert was money rather than providing a new certification.
    Decide what to be and go be it.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Devilsbane wrote: »
    I think that happened in like March, and then in September there is this new Security exam? Just seems fishy to me.

    And RK, no not everyone will get it. But if CompTIA can get half or even a quarter of Security+ holders to get locked in their loop it will equate to lots of money in their pockets.

    I'm actually not frustrated, I don't mind a new Security cert. I just wish it was at a lower level. As others have mentioned, there is Security+ which is fairly basic and then the next step up is a large leap. It would be nice to have a step somewhere in between. I just think that motive for this new Cert was money rather than providing a new certification.

    Into whose pockets? They are a non-profit. So its not like they are paying anyone dividends. You have to remember they have bills to pay (rent, salaries, electricity, water, etc) and certification and the education/training material they provide is what keeps them in business. I do believe that CompTIA makes dumb mistakes like any large company, but I don't see this as a grab for cash. It's a grab to stay relivent in the current market. These entry level certs are becoming less and less relevant in the market, IMO. Remember when A+ used to be the shizzle?

    CompTIA must do these things or they are going to be relegated to meaninglessness and eventually just be desolved. Their corporate members will see no reason to support them. If they don't break inot higher level exams, they will forever be the cert provider of the helpdesk.

    But I totally agree with you about the mid-level market. Where the hell is it? The entry level certs are having less and less value (how many times have you seen help desk jobs asking for an MCSE?) and the have requirements I cannot reach and may never be able to. :-/
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Into whose pockets? They are a non-profit. So its not like they are paying anyone dividends. You have to remember they have bills to pay (rent, salaries, electricity, water, etc) and certification and the education/training material they provide is what keeps them in business. I do believe that CompTIA makes dumb mistakes like any large company, but I don't see this as a grab for cash. It's a grab to stay relivent in the current market. These entry level certs are becoming less and less relevant in the market, IMO. Remember when A+ used to be the shizzle?

    Just because they are "non-profit" doesn't mean they aren't looking to make money. All that means is that instead of taking the profit they do get (and they're gonna get a lot of it) to put into their pocket, they instead reinvest it back into CompTIA. But it's not like because they're non-profit, they do it out of the kindness of their heart....

    Having said all of that, I agree with you that it's more to stay relevant with the "big boys"....and get out of the entry-level schtick that CompTIA is known for.
  • RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    erpadmin wrote: »
    Just because they are "non-profit" doesn't mean they aren't looking to make money. All that means is that instead of taking the profit they do get (and they're gonna get a lot of it) to put into their pocket, they instead reinvest it back into CompTIA. But it's not like because they're non-profit, they do it out of the kindness of their heart....

    Having said all of that, I agree with you that it's more to stay relevant with the "big boys"....and get out of the entry-level schtick that CompTIA is known for.

    Agree 100%. But I think that is a good thing. If CompTIA does not continue to offer new, more relevant certs they will go out of business. What good will my Sec+ and Linux+ to me be if CompTIA is gone? I think this is a good step. And I agree with Devilsbane that they need some midlevel certs as well.
  • GeeLoGeeLo Member Posts: 112 ■■■■□□□□□□
    LOL... now back to the creator of the thread.. icon_lol.gif

    A few things..

    First, Security+ is not a entry level cert.. never has been and never will be, if you need Security+ for your job, your not in a entry level IT position.

    Second, I do agree that CISSP (and a few other security certs) are way harder to obtain then Security+. But Security+ is not a walk in the park like some of you tend to say.

    Third, CompTIA has always been a company that has provided long lasting "value" versus other certifications. Not just the over all cost of the certification, but the longevity or life-span of the certifications itself.

    I had mixed reactions when I heard about the "Re-certify every 3 years" plan that CompTIA was doing in regards to ISO and the DoD, but learning now about a possibility of phasing out certifications like Security+, is really very disappointing. If CompTIA keeps putting $$$money$$ before their customers / members, they will lose money in the long run. I think I'll contact the a few high level CompTIA executives that I have corresponded with in the past, to see what they have to say.
    Vendor Neutral Certified in IT Project Management, Security, Servers, Workstations, Software, Networking, Windows, Unix and Linux and.. Cloud. :-)
Sign In or Register to comment.