|
|
Is The Security+ Still Worth It?
Added by Papergrl
By: Michelle RowtonThe Facts
The Security+ Certification was released in December 2002. The objectives were derived through input from industry, government and academia, a job task analysis, a survey of more than 1,100 subject matter experts and a beta exam with responses from subject matter experts around the world. The test questions were written by IT security professionals, so you can be assured of their relevance. It turns out to be a structured certification program that attempts to fill the gap for trained information security professionals. Since 2002 there have been approximately 10,000 CompTIA Security+ certified professionals in 112 Countries.
The Security+ Certification is a vendor-neutral certification. It covers topics such as firewalls, viruses, user authentication, encryption, communication security, infrastructure security, cryptography, access control, external attack, and operational/organization security. Successful completion of the Security+ program certifies that an individual will possess the minimum set of skills necessary to practice information security.
Individuals taking the Security+ exam should have two years on-the-job networking experience and preferably a thorough knowledge of TCP/IP. This certification is great for the everyday security administrator who will be responsible for maintaining systems and information on computer systems and foundation-level IT security workers.
What is a Vendor Neutral Certification?
A vendor neutral certification does not subscribe to a specific vendors technology solution such as Microsoft, IBM and Cisco, but rather test for the skills and knowledge required in a specific industry role as a whole. A few popular vendor neutral certifications similar to Security+ are SSCP, TICSA, and the GSEC. See the comparison below
| |
Security+ |
TICSA |
SSCP |
GSEC |
| Cost |
$175 - 225 |
$295 |
$369 |
$800 |
| Time |
90 Min |
90 Min |
3 Hrs |
90 Min-3 hours |
| Passing Score |
764 On 100-900 Scale |
67% |
700 |
70 or higher on the research paper 70% or better on the test |
| Number Certified |
10,000 |
unknown |
543 |
4269 |
| Type of Exam |
Conventional, linear format, Multiple Choice |
Form-Based Multiple Choice |
Form-Based Multiple Choice |
Research paper and 2 open book, multiple choice exams
Update: Research paper no longer a requirement |
| Renewal |
never |
every 2 years |
credits earned or retake after 3 years |
every 2 years |
Why the Security+?
Security+ can be used as an elective or prerequisite to advanced security certifications. CompTIA now lists several companies that require or recommend the Security+ certification, although, in my research I have found only one of the listed companies to actually "require" the Security+ certification. This certification helps IT individuals and consultants to conform to industry standards and helps to give basic understandings to all IT professionals. Some certifications allow the SY0-101 to be included as an acceptable elective. The MCSE and the MCSA list SY0-101 as a third-party elective test. Tivoli has also approved the SY0-101 as a test option for the Tivoli Security Management 2004 and 2005 certifications.
Negative aspects
In a sampling that I have completed of 100 available jobs on Dice, I only found 1 job that actually listed the Security+ as a requirement. Several jobs list the skills learned through the Security+ as "experience preferred" such as infrastructure security and cryptography, but only 1 job actually required it. Out of the 100 jobs, 4 required the GSEC, 2 required TICSA, 1 required the SSCP and 67 preferred the CISSP.
The SY0-101 examination
The SY0-101 Exam is a 90 minute, one-part exam with 100 questions. The exam can be used for college credits and can be taken in either English or Japanese versions. The minimum passing score is 764 on a scale of 100 - 900. The cost for the exam is $175 for corporate members and $225 for non-members. If for some reason you fail the exam you will have to pay the full cost again. The exam covers the following domains; General Security Concepts which is 30% of the exam, Communication Security which is 20% of the exam, Infrastructure Security which is 20% of the exam, Basics of Cryptography at 15%, and Operational/Organizational Security at 15%. Examinees need to pass the one exam and will never need to renew their certification, CompTIA provides lifetime certifications. A full outline of the exam objectives can be found at: http://www.comptia.org/certification/Security/Security_Objectives.pdf. Sometimes SY0-101 includes questions that cover technologies or concepts not included in the objectives, these questions allow for the collection of preliminary psychometric data and do not count toward exam results. Since the questions are not scored, they have no impact on whether a candidate passes or fails the exam.
Skills Acquired
Convergent Network Technologies,
Ethernet,
Network Administration,
Network Device Back-Up and Recovery, Fault Tolerance,
Network Devices - Connectivity Components,
Network Infrastructure Monitoring and Restoration,
Network Security,
Operating System Maintenance,
OSI Model Basics,
Other Network Protocols,
Personal Computer Components,
Personal Computer Peripherals,
Physical Layer - Network Topologies,
Server Network Devices and Services,
Servers,
Software,
Software Testing,
TCP/IP Protocols,
Testing and Documentation,
Transport Layer,
Wireless, and
xDSL
Careers
Below are some of the career tracks that can follow a Security+ certification.
Computer Operator,
Customer Service Technician,
Data Analyst,
Data Architect,
Database Administrator,
Database Analyst,
Database Technician,
Digital Media Designer,
e-Learning Designer,
Field Support Technician,
Hardware Installation Coordinator,
Help Desk Technician,
Information Security Specialist,
Internet Application Developer,
Internet Database Specialist,
Internet e-Commerce Specialist,
Internet Network Specialist,
Internet Site Designer,
Internet Systems Administrator,
Knowledge Architect,
Multimedia Specialist,
Network Administrator,
Network Analyst,
Network Engineer,
Network Support Technician,
Operating Systems Specialist,
PC Technician,
Programmer,
Project Manager,
Service Center Technician,
Software Application Support,
Software Architect,
Software Quality Assurance Specialist,
Systems Analyst,
Technical Writer, and
Web Designer.
Security+ Salary Estimates
A 2004 Salary Survey conducted by Certification Magazine revealed that the average salary of Security+ professionals was upwards of $60,000.
| |
25th %tile |
Median |
75th %tile |
Median Salary with
Bonuses and Benefits |
| Data Analyst |
$71,335 |
$80,063 |
$92,880 |
$117,869 |
| Database Administrator |
$70,681 |
$81,416 |
$94,416 |
$112,713 |
| Network Administrator V |
$71,789 |
$79,582 |
$89,962 |
$109,167 |
| Project Manager |
$65,765 |
$79,417 |
$94,213 |
$109,061 |
| Network Administrator IV |
$61,671 |
$68,774 |
$79,139 |
$95,280 |
| Information Security Administrator |
$55,382 |
$64,623 |
$77,947 |
$90,982 |
| Network Administrator III |
$54,704 |
$62,003 |
$70,834 |
$86,257 |
| Web Designer |
$50,896 |
$58,449 |
$69,193 |
$82,636 |
| Data Architect |
$43,537 |
$47,668 |
$53,479 |
$77,378 |
| Network Administrator II |
$47,009 |
$52,493 |
$59,385 |
$73,721 |
| Programmer |
$44,303 |
$49,304 |
$56,171 |
$69,864 |
| Application Systems Analyst |
$43,606 |
$48,334 |
$53,843 |
$68,446 |
| Database Analyst I |
$41,683 |
$46,925 |
$54,759 |
$66,318 |
| Technical Writer |
$39,704 |
$44,121 |
$49,036 |
$62,694 |
| Network Administrator I |
$38,854 |
$43,866 |
$49,188 |
$62,617 |
| Help Desk |
$36,759 |
$41,582 |
$47,408 |
$59,348 |
| PC Maintenance Technician |
$33,812 |
$38,473 |
$43,649 |
$55,076 |
| Computer Operator |
$27,427 |
$31,090 |
$36,105 |
$45,658 |
Summary
In my opinion the Security+ certification is over-rated and is no more than another logo and a cert on the wall. Several people probably take the test as a stepping stone to the CISSP; which is great to get the basic knowlege before you go in with guns a blazing, or they take it for the simple fact that it's a cheap certification that they never have to renew. Truthfully, employers aren't really looking for the Security+ certification, just the basic knowledge that goes along with it, that you can get with any security certification. The best analogy I can think of is "why bother getting your diploma, when you can get your degree?"
Resources
http://www.comptia.org/
http://goexam.com/
http://www.cramsession.com/
http://tcc.comptia.org/
http://www.trusecure.com/
http://www.salary.com/
http://www.giac.org/
https://www.isc2.org/
You don't have permission to post replies.
Please login or register.
|
