Why should you, a security professional, be concerned about IT certifications? That question can be answered several ways, and each answer is a good enough reason, but when looked at as a whole, the reasons to get certified or to have an IT-certified staff are very compelling.

Physical security is IT-centric. Every new product that comes out lives on the network, uses IT technology to operate, and requires at some point someone who has IT skills to make the product operate correctly. For some products, it has been that way for years.

Many access control products were built on a client-server architecture, and the only way to maximize the potential of these products was to have someone with IT skills configure them. Now, with the myriad of devices that are in use on the network, the only way to make them work is to have as many people as possible in your organization well-versed in the underlying technologies. The only way to stay relevant is at least to keep up.

Many security dealers and systems integrators are selling the same products or similar ones to customers all across the country. When the customer is considering your company over others, one of the factors will be whether or not you are able to fulfill their needs and complete the job in a satisfactory manner.

The certifications that the people in your company have will go a long way toward demonstrating the abilities of your staff. Because many of the large projects will invariably involve the customer’s IT staff at some point, anything that can be done to prove in advance that your people will not cause IT headaches will make a difference in the selection process.

Certifying does not mean that a person is well-versed in only one technology, but will have a better understanding of all of the related technologies as well. This makes them more efficient, able to handle more complex issues with greater ease, and allows them to perform more tasks in less time than their uncertified peers. Many people who are very skilled in IT are uncertified, but for linear thinking that gets jobs done more quickly and efficiently, someone who is certified will save money.

Your competition is certifying. If they aren’t doing it in-house with their own people, they are hiring skilled IT workers to learn the security industry.

Marie Gaffney, MCSE, a network administrator in the Eatontown, N.J., office of Security Services and Technologies, sets up an access control server with antivirus protection for use on a customer’s network.

CHOOSE CAREFULLY

As important as IT certification is, it is important to choose certifications carefully. Hundreds are available, and some serve a greater purpose than others.

Although one customer may require your technicians to have a Novell certification to work anywhere near their network, many fewer Novell networks are in use than there used to be, so a Novell certification may not be the most cost-effective one to obtain.

Also, like the top Novell certifications, some certifications require a person to have strong UNIX or LINUX skills, and that may be a barrier to entry for the beginner.

Although it is by no means comprehensive, I have compiled a list of some good starting points for general knowledge of networks and technology, and also some specific certifications for technology that is very widely accepted.

If your company has a major Novell integration coming up, the Novell certifications are just as relevant as they once were, but if not, these certifications are a good place to start your company’s IT certification efforts.

CompTIA has several entry certifications that are of merit, most specifically A+ and Network+. These are very good at ensuring that technicians can install, configure and troubleshoot PCs and networks effectively.

A great deal of time on jobs can be wasted troubleshooting device or software conflicts and communication issues, and these tracks of study can alleviate those issues. For general knowledge at the technician level, these are probably the best tests to ensure that the technician is more than capable of dealing with the most common technology.

Microsoft certification is still very valuable, most notably the highest level of certification that they offer, the Microsoft Certified Systems Engineer (MCSE). An overwhelming amount of security software runs on the Microsoft platform, and setting up, configuring and securing the operating system (OS) is every bit as important as the software that runs on the server.

Cisco has several levels and tracks of certification, but the entry-level certification of Cisco Certified Network Associate (CCNA) is one of the best and most thorough starting points for a manufacturer’s accreditation.

Much of the study track deals with the basics of TCP/IP and subnetting for a network, which are vital to making anything communicate on a network. The basic setup of a Cisco network is common to all networks, and aside from nuances of commands in that configuration, the CCNA should be able to work with almost any router and get it functioning.

Beyond the CCNA, several paths can be followed to the highest Cisco certification, the CCIE, but for starters, those with CCNA certification are more than capable of establishing network solutions.

Linux Professional Institute has a Linux certification that is very useful. It starts at LPIC-1 for entry level and goes to an advanced classification of LPIC-3. These certifications allow someone who is working with Linux to become rock-solid in their understanding of an important server platform.

The use of Linux for a server OS is sometimes an obvious choice, but without the professionals to configure the base system, integrators can get in over their heads very quickly. These newer certifications are catching on as integrators market the talent in their shop to a much more diversified customer base than before.

Certified Wireless Network Associate (CWNA) certification has value now that probably will grow in the future. A person with this certification not only knows networks but does not feel constrained by wires. This is a good certification run by CWNP, a consortium of wireless networking technology companies, and designed to be vendor-neutral.

Kevin Piantanida, senior engineer in the northern Mid-Atlantic region of Security Services and Technologies, integrates a video solution into the network of a large pharmaceutical company. He is an MCSE and halfway to his MCDBA.

PRICE IS NOT THE ONLY FACTOR

The costs of certification can vary widely, but much more should be considered than simply the price of an exam. For example, the price of taking the two CCNA exams is $125 each, but by the time a person has purchased the books, materials and taken the classes, the actual cost could easily be more than $1,500. That also does not take into account the time preparing for the test, which can be substantial.

When I took my MCSE tests, I spent almost every waking hour that I was not at work preparing for the tests. Additionally, when someone has completed one or more of these certifications, they probably will expect a raise in pay commensurate with their skill level. So varying costs are associated with certifying the work force, but there are benefits as well.

To win a bid on a large job, the skill of the vendor may come into question. Certifications can change the outcome of winning new business.

To keep a customer and service their account for many years, competence will be required. Certification ensures that your people are the best possible on paper and in fact.

Increasingly, physical security is inside the domain of IT department specialists, who can easily be won over by what some people call the “alphabet soup” after your name. Certifications remove the skepticism of some very key players on the other side of the table.

Several methods for success can be used in achieving certifications. Remember, certifying is not easy. The determination and willpower of the person studying are the key elements to successfully completing any certification track anywhere.

It will take much of their valuable free time to come anywhere close to passing these tests, which is why the certifications themselves are so highly sought after and prized. If they were easy, then everybody would have them already, and the rare level of competency the acronym stands for would be meaningless.

A combination of methods has proven to be the most widely accepted way to be successful in the quest for certification.

Self-Study: Buy several books on the certifications and follow their instructions. This method is the easiest to start but the hardest to finish. Make sure that the book that you are reading is highly reviewed, complete with sample tests and labs, and also up-to-date — certification tests change all the time. Also, block off study time in advance and keep to the schedule.

Chris Gainey, senior technician in the Jacksonville, Fla., office of Security Services and Technologies,  works on a server for a client. He holds 2 A+ certifications, Security+ and MCP, is an MCSA and at press time had one more test remaining for MCSE.

Classes: Online and in-person tests really can propel a person who does not have much exposure to the material or is broadening their horizons about something with which they already are familiar. Many classes not only will teach you how to pass the test but also to use the skills in the real world.

Make sure that whoever is offering the training is rated highly. The cost of classes can be thousands of dollars, so determine whether better programs or schools for the same or less money may be available to you even if it means traveling a little farther to them.

Online resources: Once the certification path has been decided, many sites on the Internet can aid your success with dynamic practice tests, tutoring and information that can prove invaluable as the test day gets nearer.

Physical security will never go away. It is an essential service to the survival of almost any institution. The market has shifted some time ago towards IT, and the scramble to get business has become more difficult as a result.

Proactive effort can help to ensure your relevance and marketability to this changing world, so that security professionals are not watching their unique and valuable service be taken over by IT security companies that add on physical security as their next logical step.

For example, one of the 10 domains of Certified Information Systems Security Professional (CISSP) is physical security and is designed to be a difficult part of the test to pass.

Seasoned security professionals are the best at securing an enterprise, and with the right kind of effort, that can continue to be the case for many years to come.