CompTIA Launches New Vendor-Neutral Security Certification

Security+ program looks to meet demand for base-level IT security skills

CompTIA, a global trade association and provider of the popular A+ certification for computer technicians, launched a new security-centric certification program called Security+. The offering is being touted as a hands-on program to validate base-level security knowledge for individuals with at least two years computer networking experience.

According to CompTIA, the certification was developed at the urging of several technology companies, including Microsoft Corp. and Entrust Inc., which voiced concerns about their inability to fill entry-level positions that require some basic security know-how.

Bryant Tow, executive vice president of Olympus Security Group, a founding member of Security+, says the new certification is a good fit for network administrators, as well as other titles related to security in a more peripheral way, including application developers and Web developers.

“What you’re going to see is a real high level of adoption for Security+ because of its ability to cross-pollinate across a number of technology professions,” says Tow.

Fran Linhart, director of certifications for CompTIA, says the program will likely also benefit from the heightened concentration on information security in the post-September 11 world. In fact, Linhart says the certification, which was already under development prior to September 11, was ramped up on a short schedule after the terrorist attacks because of the spike in demand for certified security knowledge.

“The entire spectrum [of information security-related organizations] are looking for people with security knowledge and skills for hands-on jobs that have been validated against industry standards,” says Tow, who believes the hands-on nature of Security+ is what differentiates it from other security certifications currently on the market.

Adding Security+ to the mix, Tow feels there are now three different types of security certifications: product-oriented, such as the Common Criteria certification offered by Check Point Software Technologies LTD; conceptual, such as the CISSP certification offered by the International Information Systems Security Certification Consortium; and hands-on, which is the spot Security+ fills. “[Security+] really is going to require somebody to at least have a moderate level of actually touching these boxes to be able to answer the questions that are in the test,” says Tow.

As a vendor-neutral certification, Security+ does have some overlap with CISSP. Tow says the overlap isn’t that significant because Security+ is an entry-level certification that requires two years of experience, whereas CISSP is a higher-level certification that requires a minimum of four years of networking experience. Tow envisions Security+ as a foundation certification for CISSP, not a competitive one.

Specifically, the Security+ certification test covers access control, authentication, external attacks, operational and organizational security, and the basics of cryptography.

The program’s founding members include representatives from the United States government, the corporate world, security associations, and academic institutions.

The certification examination is now available at testing centers around the world. For examination registration information, visit

About the Author

Matt Migliore is regular contributor to He focuses particularly on Microsoft .NET and other Web services technologies. Matt was the editor of several technology-related Web publications and electronic newsletters, including Web Services Report, ASP insights and MIDRANGE Systems.