HomeBlogsjames's blog

We need a security essentials cert

james's picture
Mon, 03/02/2009 - 04:17 — james

Yes, I know about CompTIA Security+, ISC2 CISSP, ISACA and all the usual suspects in security training. But when it comes right down to it, the industry really doesn't care about those certs once the training and hiring is over.

Yep, I'm serious. When was the last time any security professional - no matter what training background - heard the phrase "I need you to secure this network to ISC2/CompTIA standards."

Trust me, they haven't. They never will. Why? Because the security standards that matter are things such as ISO 27001, HIPPA, Sarbanes Oxley, and others. Sure, ISC2 and the others may help prepare someone to implement standards, but only indirectly.

There's a dangerous disconnect between our hiring practices and our security practices in the IT world. This is because many certifications are more interested in their own brand than making companies more secure.

It's kind of funny, in a scary sort of way. All these certification companies busy themselves creating their own objectives and marketing themselves to anyone who listens (ansd there are fewer and fewer of these potential customers around), when they should focus on something else.

What is this something else? A security essentials curriculum, accompanied by a relevant continuing education program.

That's why we're working on a security essentials program based on some standards called ISO 27001/27002.

Obscure standard? Sure, to those who've never worked to create a security management system that has to be insured and verified by a third-party industry expert. But not obscure to those who know how to work at a professional level.

I'm excited to be working on this project, because instead of trying to build a better security mousetrap like so many others, we're building an education program based on a real standard created by true security experts. It's our job to make the education fun. And I think we do that very well.

So keep in touch with us and ask us about our security plans. They're exciting, or so our partners are telling us.

--Tangent