Research Paper: How to Enter the IT Security Field

Pages: 6 (1809 words)  ·  Bibliography Sources: 3  ·  Level: Master's  ·  Topic: Education - Computers  ·  Buy This Paper

Information Technology Security Certifications

IT Security Certifications

As made clear by the recent Target and Home Depot retail breaches, information security is very important and it can literally affect millions of people at once when it is not done correctly. Given that, information technology certifications are seen as a way to established whether someone truly knows what they need to know about an information technology security protocol or standard. This is seen as true by many because of the third-party nature and completeness of many tests. Sure, there is a lot of simple memorization that can be done and the process is not perfect. However, knowing the "what" is at least a prerequisite of knowing the "why" and "how" and most people cannot fake their way into an information security job. What follows in this report is a listing of the most popular information technology security certifications as defined by IT job listing service Dice and the websites of a few of the industry heavyweights that sponsor IT certifications. While certifications are not a fix-all when it comes to finding qualified and experienced talent, it is certainly a tool in the toolbox.

The Different Certifications

Dice defines the top information technology certifications as being Amazon Web Services Solutions Architect, Cisco Certified Architect, EC-Council Computer Hacking Forensic Investigator, Microsoft Certified Solutions Expert, Red Hat Certified Architect and VMWare Certified Professional 5. Indeed, those certifications cover the largest online retailing giant (Amazon), the largest networking infrastructure giant (Cisco), a certification that focuses on hacking (the EC-Council one), probably the two largest operating system solutions out there (Linux/Red Hat and Microsoft Windows) and VMWare, the increasingly pervasive practice of computers and software being used remotely rather than having to build complete workstations with local-only software on them (Dice, 2015).

One thing about at least some of these certifications is that one has to have experience before the certification can even be tested for or realized rather than getting the certification first and then using it. For example, Amazon Web Services is a certification that involved the knowledge of building web service structures for Amazon and it requires one year or experience before one should really even try to test for it (Dice, 2014). The Cisco Certified Architect is even more robust in this regard. Indeed, CCAr (the acronym used for the architect certification) is one of many that Cisco has and it is at the very top echelon of what they offer. The CCENT and CCT are the entry level certifications, the CCDP, CCNp and CCIE are among the midel and CCAr is for very top-end professionals (Cisco, 2015). The EC-Council hacking certification is a true third-party certification that is meant for security professionals and law enforcement personnel. Microsoft's offerings are actually broken down into the particular software or product being protected and those options include private cloud, SharePoint and Microsoft server infrastructures. The Red Hat architect certification is much like the Cisco certification in that it is the top end of their certification structure, not the beginning. Lastly, the VMWare certification is pretty basic in what it covers but getting the certification is far from easy or quick to do (Dice, 2014).

In terms of ultimate certifications that are fairly or very hard to get, the biggest of the pack that is not vendor-specific would be the CISSP, which is short for Certified Information Systems Security Professional. The job functions that CISSP holders would have would include Security Consultant, Security Manager, IT Director, IT Manager, Security Auditor, Security Architect, Security Analyst, Security Systems Engineer, Chief Information Security Officer, Director of Security and Network Architect. The certification is very comprehensive and overs a total of ten different realms of information security. These realms are access control, telecommunications/network security, information security governance/risk management, software development security, cryptography, security architecture and design, operations security, business continuity/disaster recovery, legal/compliance and physical/environmental security. As with several certifications mentioned before, this is not a certification that any amateur IT professional can get. However, more nascent professionals can start with things like the Associate of ISC designation. This latter certification is meant to serve as a pathway to reach certifications such as the CAP, CCFP, the CISSP, the CSSLP, the HCISPP and the SSCP. Lastly, the CISSP has subclasses that are called concentrations. These concentrations include architecture, engineering and mangaement (ISC2, 2015).

Another very popular information technology security certification out there is the Security+ certification. This certification was created and is regulated by CompTIA. This is the same organization that does the same for the Network+ (networking) and A+ (basic computer hardware/software) certifications. There are some prerequisites to taking this exam but the bar is much lower for this certification than for other ones. The certification is just a single test and only recommends two years of experience in information technology administration and a completed Network+ certificaitn prior to taking this one. Job titles relevant to this certification include security engineer, security consultant, network administrator and IA technician/manager. The certification is approved by the United States Department of Defense (DoD) and is the chosen certification of information technology heavyweights such as Hitachi, Prestariang Systems and United States government contractors such as CSC, General Dynamics and Northrop Grumman (CompTIA, 2015).

When it comes to truly learning and knowing information security, one has to know precisely how hackers do what they do and that means learning their tactics. Rather than starting as an actual hacker (black hat) and then going clean, there is now a more established pathway to learn hacking from a legal and ethical standpoint and there are certifications to match. Once such certification is the Certified Ethical Hacker certification that is ran and administered by the EC Council, the same organization mentioned in the list given by Dice. The requirements are very similar to the Security+ certification in that there is only one exam, it is designed to be preceded by two years of work experience it is administered by a company that is not a for-profit IT company. Self-study materials that can be used include instructor-led courses, computer-based training and online courses. The CEH framework includes a skills assessment that helps CEH candidates measure where they currently are from a knowledge standpoint (EC-Council).

The final entry-level certification that will be mentioned is the GIAC. The exam is a bit pricier than most of the other exams mentioned ($1,000 USD) but the requirements are pretty basic. Indeed, it is just a proctored exam that is open book but is not open computer, has 180 questions, a time limit of five hours and a passing score of seventy-three percent. It has to be renewed every four years and has a fairly basic yet broad knowledge set required. These knowledge points include 802.11 (wireless) protocols, access control theory, alternate network mapping techniques, authentication and password management, common types of attacks, contingency planning, crypto concepts, defense-in-depth, DNS, firewall subversion, firewalls, HIDS, honeypots, ICMP, IDS overview, incident handling fundamentals, information warfare, OPSEC introduction, IP packets, IPS overview, IPv6 addressing/protocol, and legal aspects of incident handling. The list continues with some broad Linux/Unix knowledge, information about famous hackers and their methods, network addressing/design/hardware, and so on (GIAC, 2015).

Reaction & Analysis

In looking at the different certifications that exist, there are a few things that become obvious. First, just as there are many different types of operating systems, software solutions and so forth, there are just as many certifications to match. When it comes to robust subjects and companies, there are many sub-certifications and levels. For example, Cisco has many different certifications and many different levels. The same thing exists with other companies such as Microsoft, Oracle and so forth. Of course, different companies are going to be using different technology. Further, the actual position within a company may have a bearing on what it is used. For example, front-line end user computers may be Windows-based but the servers may be Linux based. On the other hand, supporting the networking and settings on local machines would be a different proposition than managing Cisco Routers or Oracle databases that underpin the higher-level systems.

Something else that becomes clear is that people do not casually or accidentally enter the information technology security field. It is a field where the certifications really have to come after the field has been entered and worked in rather than the other way around. Further, the barriers to entering the information technology security field is not one that is easy to enter. Indeed, it would seem that the more basic certifications like Network+ and A+ (both CompTIA offerings) are the baseline and then people have to work up from there. Lower-level Microsoft or other certifications would also be entry points but to suggest that one can start off at the higher-level or top-end certifications like CCIE, CCAr and so forth is laughable because there is no way to pass those without getting the proper experience first and that takes time. In other words, the information technology field, with information technology… [END OF PREVIEW]

Internet Technology, Marketing, and Security Aer Lingus Essay

Security - Agip Kazakhstan North Caspian Operating Term Paper

Security Issues of Online Communities Term Paper

Security and Online Privacy Regulations: An Analytical Research Proposal

Private Security Versus Law Enforcement Essay

View 1,000+ other related papers  >>

Cite This Research Paper:

APA Format

How to Enter the IT Security Field.  (2015, January 18).  Retrieved October 16, 2019, from

MLA Format

"How to Enter the IT Security Field."  18 January 2015.  Web.  16 October 2019. <>.

Chicago Format

"How to Enter the IT Security Field."  January 18, 2015.  Accessed October 16, 2019.