REDMOND, Wash., June 3, 2003 — Today Microsoft unveiled a new milestone in its commitment to Trustworthy Computing, a security specialization program for both the Microsoft Certified Systems Administrator (MCSA) and Microsoft Certified Systems Engineer (MCSE) credentials.
The new security certifications will provide a way for IT professionals to develop and validate their skills in designing and managing a secure computing environment, and will give companies a consistent way to evaluate the skill sets of IT staffers when it comes to security. In addition, the Computing Technology Industry Association’s (CompTIA)
certification is included in the program, allowing IT professionals to obtain platform-neutral security expertise.
To learn what the program means for companies and IT professionals, PressPass spoke with Lutz Ziob , general manager for Microsoft’s Training and Certification group, to discuss the new MCSA: Security and MCSE: Security designations.
PressPass: Why is Microsoft offering new security specializations in its MCSA and MCSE programs?
Ziob: By introducing these new certifications, we’re supporting the
“Secure in Deployment”
tenet of the company’s Trustworthy Computing initiative. This tenet speaks to an organization’s ability to apply recognized and established best practices around security, so that Microsoft products and technologies are rolled out in the most secure way possible. We’ve taken those best practices and developed prescriptive certification tracks to help IT professionals demonstrate their acumen in designing and implementing a secure computing environment. We’ve also included CompTIA’s Security+ credential in these tracks to extend the certifications to include cross-platform skills as well.
PressPass: How do the new security specializations differ from the traditional MCSA and MCSE credentials?
Ziob: While the core MCSA and MCSE certifications validate the ability to implement baseline security measures, the new MCSA: Security and MCSE: Security designations go beyond that baseline and look specifically at things like managing and troubleshooting service packs and security updates, and being able to implement and troubleshoot secure communications channels. This might include the implementation of IPSec or the wireless encryption protocol, or the configuration of remote access security, so that people can engage remotely using a virtual private network, or VPN. It might also include Smart Card or biometric authentication methods, as well as advanced security procedures, such as implementing a public key infrastructure, or PKI.
PressPass: Why has Microsoft included the CompTIA Security+ certification in the program?
Ziob: Security+ is a certification created by the Computing Technology Industry Association, which is an industry body with more than 15,000 members, including hardware and software manufacturers, solution providers, distributors and educational organizations. Microsoft has been a CompTIA member for many years, and we played a key role on the committee that planned and developed the Security+ certification, which was released in December. Security+ has been adopted by a number of certification providers as a component of their certification programs, and Microsoft is pleased to support the broader adoption of this credential by the industry.
CompTIA certifications also have a very high standard of quality, as they are developed by experts from all sectors of the IT industry. The objectives are generated from a comprehensive job-task analysis of specific IT professional job roles, and the questions undergo an intensive review process including psychometric and statistical analyses to ensure they are an accurate measure of the skills being tested.
One of the things that we’re also doing with CompTIA Security+ is adding it to the set of elective options for our existing MCSA and MCSE credentials, both on Windows 2000 and on Windows Server 2003. This is because Microsoft recognizes that broad, cross-platform security skills are important to all IT professionals, not just security specialists.
PressPass: How will this cross-platform approach benefit IT professionals?
Ziob: There are a number of different reasons why individuals seek certification. They seek it to validate their knowledge and skills, to satisfy the requirements for a new job or new position within a company, to increase their compensation, or to get up-to-date on new products or technologies. With security such an important aspect of IT today, our new MCSA: Security and MCSE: Security credentials will allow individuals to distinguish themselves from other IT professionals by highlighting their focus on security in their job role.
Also, when an individual achieves CompTIA Security+ certification, he or she is demonstrating a broad range of security skills and knowledge beyond the Microsoft platform in a number of different areas. This knowledge, when combined with core platform-specific skills, makes those individuals more attuned to the general security needs of their environment. So it’s a big benefit to any IT professional to apply the CompTIA Security+ certification to our MCSA:Security or MCSE: Security programs.
PressPass: How can these new certifications benefit companies and the industry as a whole?
Ziob: For IT managers, certification is particularly important because it allows them to more easily identify the skills that an individual possesses. When a company has employees that possess certain skills, it can garner a competitive advantage when seeking to attract customers. Certification can also contribute to increased productivity, because studies have shown that certified individuals are generally quicker to implement and design new technologies. And of course by knowing that their employees are certified, IT managers can feel more confident about their ability to implement and support a network infrastructure.
Looking at security in particular, recent surveys from CompTIA and others show that human error, rather than technical malfunction, is the most significant cause of IT security breaches in both the public and private sectors. When asked, an overwhelming majority of companies agree that employee training and certification programs improve network security and help protect against cyber threats. In fact, most companies identify a lack of IT security knowledge and training, or failure to follow security procedures, as the root causes of many of their security issues.
Also, the U.S. Department of Homeland Security, in its National Strategy to Secure Cyberspace, has said that the two major barriers to improving cyber-security are a lack of familiarity, knowledge and understanding of security issues, and an inability to find sufficient numbers of adequately trained or appropriately certified personnel to create and manage secure systems. So there are real benefits in organizations ensuring that their IT professionals have the right skills to reduce the effects of human error on information security.
PressPass: When will the new certification programs become available?
Ziob: The Windows 2000 versions of both MCSA: Security and MCSE: Security are available today — individuals can achieve these certifications right away. Also, we’ve already announced the core MCSA and MCSE programs for Windows Server 2003, and these certifications will form the basis for corresponding security specializations on that platform. We will announce the details for those specializations later this year, and there will be a clear, efficient upgrade path for those professionals already security certified on Windows 2000.