Microsoft Announces Security Specializations
6/3/2003 -- (Dallas) -- Today at Microsoft TechEd Microsoft introduced two new security specializations within its MCSA and MCSE certifications. Scott Charney, chief security strategist at Microsoft, made the announcement as part of his keynote address.
The new titles will be indicated by the word "Security" appended to the titles — MCSA: Security and MCSE: Security — once candidates complete the requirements for each specialization. Requirements for both specializations is based on currently available Microsoft exams, with the option of substituting CompTIA's Security+ for one of the requirements.
-- advertisement (story continued below) -- |
|
"We put together these certification specializations to allow IT professionals a way to demonstrate a specific technical focus in the area of security within their job roles," said David Lowe, product manager for security with Microsoft's Training and Certification group. "The new specializations are directly analogous to the existing base credentials, but with a 'prescribed path' of specialization exams rather than electives."
As far as the term "specialization," Lowe emphasized that the new monikers are not separate certifications mandating additional exam requirements.
The MCSA: Security requirements are based on the current MCSA on Windows 2000 requirements. Candidates will need to pass five exams, consiting of one core client OS exam:
- 70-210, Windows 2000 Professional or 70-270, Windows XP
and two core networking exams:
- 70-215, Windows 2000 Server
- 70-218, Managing a Windows 2000 Network
Then, candidates must pass two more exams related to security specialization:
- 70-214, Implementing Windows 2000 Security
- 70-227, ISA Server 2000 or CompTIA's Security+
MCSA: Security |
1 Client OS
|
70-210, Windows 2000 Professional
or
70-270, Windows XP
|
2 Networking
|
70-215, Windows 2000 Server
|
70-218, Managing a Windows 2000 Network
|
2 Prescribed
|
70-214, Implementing Windows 2000 Security
|
70-227, Internet and Security Acceleration (ISA) Server 2000
or
CompTIA Security+ |
|
The MCSE: Security has similar core networking requirements but, instead of requiring exam 70-218, specifies the following two exams:
- 70-216, Implementing, Administering a Windows 2000 Network
- 70-217, Implementing, Administering Windows 2000 Directory Services
The security specialization portion is the same as the MCSA: Security, but with the addition of another prescribed exam, 70-220, Designing Windows 2000 Security.
MCSE: Security |
1 Client OS
|
70-210, Windows 2000 Professional
or
70-270, Windows XP
|
3 Networking
|
70-215, Windows 2000 Server
|
70-216, Implementing, Administering a Windows 2000 Network
|
70-217, Implementing, Administering Windows 2000 Directory Services
|
3 Prescribed
|
70-214, Implementing Windows 2000 Security
|
70-220, Designing Windows 2000 Security
|
70-227, Internet and Security Acceleration (ISA) Server 2000
or
CompTIA Security+
|
|
If the requirements for the security specializations have an uncanny familiarity, it's because all the exams are already available. "It's not like we're trying to validate an entirely new set of skills," Lowe explained. "We're validating existing skills based on tasks that IT professionals are performing today."
Specializations for Windows Server 2003 |
Security specializations for the MCSA/MCSE on Windows Server 2003 track are likely to follow suit with the Win2K track, said David Lowe, product manager for security with Microsoft's Training and Certification group, including upgrade paths for MCSA/MCSE Specialists on Windows 2000. While he said that it's reasonable to expect similar security exams under the Windows Server 2003 track, Lowe indicated that the track is still under development and details would be forthcoming later this year. |
|
|
|
With the addition of CompTIA's Security+ to the prescribed exam choices, that exam joins the A+, Network+ and Server+ exams as options under the MCSA title.
"We're very pleased," Kris Madura, Security+ Program Manager for CompTIA commented. "What Security + will do for these distinctions is allow candidates to leave the program...with additional, broad-based knowledge of vendor-neutral security issues on a global basis." Madura added that Security+ would be an additional MCSA elective in combination with one of the other CompTIA exams, but Microsoft was unable to verify this; at press time, the option wasn't reflected on the current MCSA on Windows 2000 Requirements page.
Unlike the approach it took with the MCP/MCSE+Internet certifications, the creation of specializations based on job roles is unique in the company's certification program. "We don't really think that the industry has clearly defined security job roles yet," Lowe said. "We recognize that in IT job roles, like systems administrator and systems engineer, there are a number of individuals who have a very specific concentration on a particular area and, obviously, in an important area as security. So that's what these specializations will allow individuals to demonstrate; they'll get to highlight their focus on platform-specific security and design skills."
Lowe said that the impetus for the latest announcement came from feedback from its customers. "There have been a number of studies that have shown that human error [and] lack of training are [the top] reasons for a broad range of security issues that companies and organizations are facing today."
"We recognize that security certification not only provides a way for individuals to measure and validate their skills on important security issues, but it also provides a way for employers and IT managers to ensure that their technical staff has obtained and validated the appropriate security skills necessary for the creation of a secure computing environment in their organizations. This is another way in which Microsoft is supporting the 'Secure in Deployment' tenet of the Trustworthy Computing Framework," which Bill Gates announced amid fanfare last February 2002.
Lowe wasn't sure how many MCSAs and MCSEs would be automatically certified as security specialists upon launch of the designation. Also, because the specialist designations are being added to existing titles, Lowe said that Microsoft would not issue Early Adopter or Charter Member cards. However, the company will automatically update transcripts of MCSAs and MCSEs who have already passed the exams and make new logos available shortly via the MCP Secure Web site. The company is also in the process of creating Welcome Kits for the new specializations.
Lowe added that the idea of specializations would probably surface later in other areas of certification, but he declined to offer details.
For more about the security specialist designations, click here. -Michael Domingo, courtesy of MCPmag.com. Additional reporting by Dian L. Schaffhauser and Becky Nagel.
|