Certifications Are Just A Starting Point When It Comes To Effective Security


As both a journalist and a world citizen, I've been thinking a lot lately about the upcoming anniversary we all wish it wasn't necessary to remember.

All around the United States, we've settled into a new state of normalcy since the human and economic devastation of Sept. 11, 2001. We now use encoded I.D. cards to get in and out of our places of work, we subject ourselves routinely to pat-downs at airport security check points, and our government seriously considers legislating policies that would, in effect, turn people,including your local mail carrier and other delivery personnel,into civilian spies for the federal government. This last scenario hasn't yet begun to play itself out, but give it time.

Here at CRN, some of the most dramatic, industry-specific evidence of our nation's new state of being will be published next week in the form of our latest annual report on the hottest vendor-specific technical certifications.


HEATHER CLANCY Can be reached at (516) 562-7446 or via e-mail at hclancy@cmp.com.

This marks the second edition of this research, and to fall back on a cliche, what a difference a year makes. One of the most startling changes in this latest survey concerns security specializations. When asked to name their most important certifications, both large solution providers with more than $10 million in annual revenue and small ones logging less than $10 million in sales included the Check Point CCSA and Check Point CCSE designations and the RSA security professional title on their lists. These certifications, plus Symantec SCSE, also figured prominently in the rankings of those certifications that are growing fastest in importance when looking out six months into the future. Security skills were a factor when we fielded the first survey late last summer, but not to this extent.

Perhaps even more compelling was our exploration of the return on investment (ROI) for these certifications. The two Check Point titles mentioned above topped the list among larger solution providers, and they were preceded only by Cisco and Microsoft certifications among the smaller solution providers. For the purposes of our research, ROI was calculated by dividing the annual revenue generated by a certified technician by the average annual cost to a solution provider of keeping that employee on the payroll.

You'll have to wait until our special report publishes next week to find out more details, but I can say this: The surge in security interest certainly is opportunistic and completely justifiable given the events of last September. But it's important to remember that any certification should be viewed only as a baseline measure of skills.

This is particularly true of security technology. There are new viruses and new vulnerabilities disclosed almost daily, and then there's the human

factor,some people derive some sort of sadistic pleasure from poking holes in the most ironclad security plan. Real-world experience is where it's at, and some knowledge of psychology and human nature doesn't hurt.

 
>> 'We now use encoded I.D. cards to get in and out of our places of work, and we subject ourselves routinely to pat-downs at airport security check points.'

 

It would help, of course, if solution providers banded together to share best practices. At the very least, they should talk about how companies should respond when the previously unthinkable happens and the system fails. Mostly, though, everyone is pretty secretive, for fear that they'll put their solutions and clients at risk. It's a vicious cycle.

Nonetheless, I believe a more open dialogue on security solutions is critical, especially as we approach Sept. 11, 2002. Could there be a more fitting way to mark this tragic anniversary than working as hard as we can to make sure an attack of this nature,or its cyberequivalent,never happens again?

ROBERT FALETRA is on vacation and will return Aug. 19. Meanwhile, HEATHER CLANCY, editor of CRN, is looking for your tips at (516) 562-7446

or hclancy@cmp.com.