July 5, 2013 1:45 PM
Posted by: Ed Tittel
I’ve been thinking over the old Greek myth about Charybdis (a monster who created a whirlpool) and Scylla (a large, dangerous rock, both of whom sat opposite one another in a narrow strait on the Aegean sea) in thinking about the employment situation lately. As the old story goes, to avoid one of these hazards was to crash straight into the other. Our modern-day equivalent is that we really do need unemployment to keep dipping lower to provide opportunities for economic growth and improvement, but at the same time Mr. Bernanke has announced that the Fed will reduced its buying of mortgage and treasury securities (currently running at $85B per month) as and when unemployment starts to dip. And when the magic unemployment number gets to 6.5 percent, the quantitative easing will cease.
Thus our current Scylla is the unemployment rate, which continues to move downward at a snail’s pace, while Charybdis is the promised (or threatened) end to economic stimulus from the Fed. If we don’t continue to see improvements in unemployment, we’re stuck in a stagnant economy. But as quantitative easing is itself eased off, the markets will suffer from a lack of the liquidity that has kept them humming along for the past few years despite only slow and fitful improvement to the underlying economic fundamentals.
Is there a shipwreck of some kind in our future? Navigating between the two monsters is notoriously difficult, but it has been done before. Hopefully, between the Fed and fiscal policy on the one side, and overall global economic improvement on the other side, the powers that be can steer a course between Scylla and Charybdis that will see us make it through that hazardous channel. Cross your fingers!
Oh, and about those numbers: overall jobs grew in June by 195,000, with information largely unchanged, and boosts in professional and business services (plus growth in health care) showing a slight upward trend across those areas for IT workers. Find the June report in its usual online location for more details.
July 1, 2013 2:49 PM
Posted by: Ed Tittel
A quick snapshot of the Cisco Professional Certs
In the past month, a new voice has popped up in the Cisco Learning Network blogs. The poster is identified only as Danielle (user name DLisius), and the name of the blog is “Certifications for Success.” A little spelunking via LinkedIn tells me that Danielle is a Marketing Intern at Cisco, and I’m guessing she’s been tasked with provided a “gentle introduction” to Cisco certification for those who might be curious, or just starting out, with the California networking giant’s certification programs and offerings. Her latest post is dated June 27, and entitled “Know Your Certification Options.” It does a nice job of presenting the current Cisco certs outside the specialist arena in tabular form. I’ve reproduced the bulk of that table in even more abbreviated form below, omitting the Cisco Pinnacle certification — the Cisco Certified Architect (CCAr) which would show up as the sole occupant of a sixth column labeled “Architect” with a single occupied cell under the Design heading (the only category for which the CCAr is currently available; I skipped this table elaboration — Ms. Lisius presents it as a single two-row entry before the four column layout for the other non-specialist certs show below in the original).
It’s a nice compact roadmap to the bulk of the Cisco Professional Certifications, and worth consulting and using for that reason. Nice job, Ms. Lisius! Enjoy!
June 28, 2013 2:16 PM
Posted by: Ed Tittel
GRC is shorthand for IT Governance, Risk Management, and Compliance — an important and increasingly necessary area for IT specialization, particularly for those who aspire to climb into management ranks in the field. France-based multinational MEGA is a leading company in this field, which often goes by the shorthand name of “operational governance,” and has named Patrick Wells (its Director of Business Development) to head a committee now being formed at the Open Compliance and Ethics Group (OCEG, a self-professed “global nonprofit think thank and community”) to develop an architect level certification organized around the its GRC capability model.
Interestingly, OCEG certifications currently fall under the umbrella of an organization named GRC Certify another nonprofit that specializes in helping professionals “demonstrate [their] understanding of GRC standards and methodologies through professional certification.” The group already has a pretty full slate of certifications, as shown in this graphic snipped from their “Get Certified” page:
The GRC Certify offerings already mention professional, auditor, enterprise architect and master-level credentials.
Further exploration of the GRC Enterprise Architect Certification (GRCE) reveals that this credential is “coming in 2013,” so I suspect that the committee that Mr. Wells has been named to head is the same group that will be responsible for defining and promulgating this credential. Since that appears to be the case – I spoke to MEGA’s USA PR person, Daniel Hebda, who confirmed that Mr. Wells is indeed heading this committee, and also left Mr. Wells a message asking for more information about what’s going on here — I’m guessing that this schedule may be challenging enough that a slip into 2014 for the complete program to be defined and an examination to become available wouldn’t be a huge surprise.
Nevertheless, the program and its offerings look very interesting, and are probably worth looking into further for those already toiling in, or interested in moving over into, the governance, risk management, and compliance part of IT operations. As and when I learn more about what’s up with GRC Certify, OCEG, and the GRCE in particular, I’ll report back with more details and information.
[Shout out to Anne Martinez at GoCertify.com, whose 6/26/2013 press release introduced me to this emerging architect-level credential, its parent organizations (OCEG and GRC Certify), and the other credentials in their GRC program.]
June 26, 2013 2:26 PM
Posted by: Ed Tittel
The Born to Learn blog is Microsoft Learning’s official mouthpiece for all kinds of interesting and useful updates and information about its certification credentials and exams. Just yesterday Erika Cravens posted an item entitled “Windows 8.1, Server 2012 R2, System Center 2012 R2 and Certification Updates” that answers lots of questions that I and other cert people have raised about the impact of impending updates to those software products and platforms.
Born to Learn provides some details where only speculation and educated guesses had been available.
Here’s the skinny on what’s going on with exams and certifications related to Windows 8, Windows Server 2012, and System Center 2013, reworded from the blog post’s content:
1. Exams you take now on current versions (Windows 8, Windows Server 2012 R1, and System Center 2012 R1) continue to count toward existing MS certifications (MCSA and MCSE mostly) even as exams change to accommodate the upcoming versions later this year.
2. Born to Learn will continue to provide information about certification and exam changes, including more information about changeover dates and details about planned adds, changes, and deletions for exam content and coverage.
3. Exam numbers will not change, so candidates must take responsibility to keep up with changes themselves (check the blog, and compare current objectives to the ones you started working from to keep yourself apprised).
4. Microsoft will make training content available to candidates to help them prepare for changing exam content; current training will still help, but some new content will be necessary to get ready for changes and new introductions in the revised exams.
5. JumpStart courses for Windows Server 2012 R2 and System Center 2012 R2 are already open for registration: see the links for more information about dates, times, and sign-up: What’s New in Windows Server 2012 R2 Jump Start and What’s New in System Center 2012 R2 Jump Start.
June 25, 2013 6:49 PM
Posted by: Ed Tittel
I’m bemused. A long, long time ago in another life, I studied anthropology at Princeton and the University of Texas at Austin: at the latter school, I had a “near-PhD experience” in that subject, in fact. After talking with some principals at TeleCommunication Systems (TCS) in Maryland last week, I found myself recalling a long-forgotten encounter with Chairman Mao’s Little Red Book in the context of the relationship between theory and practice in understanding and evaluating human behavior and cultural beliefs. In particular, I was reminded of this statement of his: “Knowledge begins with practice, and theoretical knowledge which is acquired through practice must then return to practice. The active function of knowledge manifests itself not only in the active leap from perceptual to rational knowledge, but – and this is more important – it must manifest itself in the leap from rational knowledge to revolutionary practice.” Don’t get me wrong: I’m neither a closet Marxist-Leninist, nor am I am proponent of dialectical materialism. What draws me to the Chairman’s aphorism is the strange situation in the field of information security certification nowadays, where the vast majority of credentials – including highly-regarded certs like the CISSP and the CISM, for example – tend to focus on theory and to treat practice at arm’s length, particularly in their examinations of their certification candidates. And even those credentials which do include a performance-based component tend to do so more in the framework of specific scenarios (what you might called “canned security situations”) rather than more open-ended diagnosis and mitigation situations (like what CCIEs routinely encounter when taking that infamous and notoriously difficult lab exam, or the strenuous performance-based exams typical for more senior Red Hat credentials like the RHCE and RHCA).
Little Red Book to the left; TCS PerformanScore “symbolic gauge” to the right.
That’s why I was both intrigued and impressed to hear from TCS about their trademarked PerformanScore toolset to help address increasing needs – especially amongst those elements in our armed forces charged with engaging in cyber warfare – for qualified cybersecurity professionals who are prepared to engage in real-time information security encounters where lives, property, and critical infrastructure elements may hang in the balance of the resulting outcomes from those encounters. As I understand it, the PerformanScore approach is designed specifically to measure and assess critical information security skills and knowledge in a live environment. This approach takes candidates through three phases of measurement, in fact:
- Assessment: Provides metrics to enable the assessment of individuals or teams based on industry standards and specific organizational requirements (often characterized in the military as “missions”). The result is a competency benchmark that identifies strengths and weaknesses, with specific recommendations for training and mitigation when areas fall below certain thresholds. According to TCS, this testing instrument can even recommend specific training and/or additional performance-based testing to make sure that candidates reach or exceed required skills and knowledge thresholds to meet mission requirements.
- Learning: PerformanScore delivers specific and tailored feedback to both candidates and their instructors on a candidate’s strengths, and detailed feedback on areas where candidates need improvement. This approach lets instructors offer remediation or repetition where warranted, and gives them the opportunity to refocus and restructure training materials and exercises to meet a candidate’s or team’s specific needs.
- Testing: The testing facilities integrated into the PerformanScore environment provides managers in both technical and non-technical areas in-depth analyses of candidates’ skills and abilities. This offers ongoing insight into candidates’ suitability for inclusion in specific teams or on certain missions, and helps managers ensure the best fit between the individuals available to them and the missions that must be accomplished by them.
Because the PerformanScore methodology is vendor-neutral TCS can customize its coverage to match that provided by existing knowledge-based exams (including all the major and well-recognized information security certifications). In addition, however, PerformanScore is flexible enough to incorporate and accommodate additional mission-specific performance-based knowledge and skills requirements as well. In fact, TCS informs me that their approach is open-ended enough to also be applied outside the somewhat narrow (if extremely important) area of information security/information assurance, particularly in areas well-suited for training and testing based on use of learning labs or simulated environments based on both vendor-neutral and vendor-specific technologies.
Anybody who’s read my blog for more than a little while knows that I’m a strong proponent of and believer in performance-based testing as the strongest foundation for meaningful IT certifications. I’m incredibly intrigued by what TCS might have to offer here – enough so that I’ve begged my way into one of their classes in Maryland later this summer to experience their approach, implementation, and testing tools for myself. If their methodology and automation tools can deliver even half of what’s described in their product literature and information (see the PerformanScore pages for more info), it has the potential to remake the IT certification business as it currently stands. In particular – getting back to the Chairman and his Little Red Book– it has the potential to see that theory and practice are trained and tested in the right kind of balance to ensure that certified professionals not only “know their stuff” but that they can “do the job” or “handle the mission.” In the final analysis those latter qualifications are what really matters most, particularly in matters of war and commerce.
June 24, 2013 2:03 PM
Posted by: Ed Tittel
The International Information Systems Security Certification Consortium is usually known as (ISC)2, pronounced “ISC-squared.” They are pretty well-known as the source for the ever-popular Certified Information Systems Security Professional (CISSP) credential, and offer a whole slew of other credentials besides that, including the Certified Authorization Professional (CAP), the Systems Security Certified Practitioner (SSCP, a kind of CISSP precursor cert), various CISSP concentrations, and the Certified Secure Software Lifecycle Professional (CSSLP). The organization is now working on a September, 2013, release of a new credential called the Certified Cyber Forensics Professional (CCFP), which aims to identify qualified computer professionals who are proficient in topics that include “established forensics disciplines” plus “mobile forensics, cloud forensics, antiforensics, and more.”
Increasing global appetite for certified forensics professionals no doubt prompted ISC-squared’s entry into this market space.
As of our most recent 2013 Information Security Survey for TechTarget’s site, SearchSecurity.com, we counted 23 vendor-neutral forensics certifications, and as many as five (or as few as two, depending on how you want to count such things) vendor-specific forensics credentials, not including forensics-related certs like those for the Wireshark protocol analyzer (this is tool often used in forensics examinations of network traffic, and sports its own Wireshark Certified Network Analysts, or WCNA, credential). Thus, the CCFP comes into an already-crowded but also highly-fragmented part of the certification landscape.
I have to believe that the ISC-squared is seeking to trade on the high name recognition that its CISSP has achieved, along with that certification’s nearly constant spot in the “Top 10 Lists” for IT certification in general, and information security certification in particular, for the past decade or longer. And certainly, the CCFP is targeting exactly the right audience including law enforcement professionals, private and public cyber forensics investigators, corporate information security professionals, litigation support professionals, and so on. Examination of the CCFP home page and the content and composition of its Common Body of Knowledge (or CBK, for which term ISC-squared claims a registered trademark!) show that the organization has done its homework in addressing the key subject matters relevant to computer forensics. Here’s a quick list of the CBK elements:
- Legal and Ethical Principles
- Forensic Science
- Digital Forensics
- Application Forensics
- Hybrid and emerging technologies (mobile, cloud, virtualization, …)
Background and experience requirements for the CCFP include a four year-college degree (Bachelor’s or “regional equivalent”), plus three years of full-time digital forensics or IT security experience in three out of six of the CBK domains just recited above. Candidates who lack a four-year degree need six years of digital forensics or IT security experience in three out of six of those domains, but may be granted a one-year “professional experience waiver” if they’ve earned an alternate forensics certification from the (ISC)2 list of approved certs. That list includes a Hanggul (Korean) cert name I can’t read, plus the EnCase EnCE and EnCEP, AccessData’s ACE, the IACIS CFCE, the SANS GIAC GCFA, EC-Council’s CHFI, and ISFCE’s CCE, which clearly positions the CCFP as a senior-level forensics certification with some interesting vendor-specific (EnCase and AccessData) as well as vendor-neutral (GIAC, IACIS, EC-Council, and ISFCE) antecedents. In keeping with the CISSP program, the CCFP also offers the “Associate in CCFE” to those who can pass the exam, but who don’t yet have the requisite years of experience and/or degree to qualify for the full-blown certification.
Can the (ISC)2 step in an grab a choice spot at the top of the computer forensics certification food chain? Maybe so: this fragmented cert niche has lacked a global credential until now, and there’s an interesting combination of strong appetite and lack of a clear market leader that has obviously led (ISC)2 to make a foray into the forensics game. Can (ISC)2 succeed where others have not yet prevailed? Again: maybe so. But I will also observe that if the CISSP has one weakness, it’s in the lack of a practical, hands-on, lab-based component to complement its excellent coverage of information security theory with an equally demanding test of hands-on and practical skills and knowledge. This has not hampered CISSP’s success or standing, but in an arena like cyber forensics where practical skills and knowledge are perhaps even more important than a knowledge of theory and CBK domains, it may not be enough to leapfrog the CCFP into the market-leading position that this credential obviously aims to occupy. It should be interesting to see how this all turns out…
June 22, 2013 9:57 PM
Posted by: Ed Tittel
I just got through writing a couple of articles about Microsoft Certifications and higher education — one will show up on TechTarget soon, and the other one on Tom’s IT Pro when its turn for release comes up — and came to some very interesting realizations. First, let me give credit where credit is due, and say that MS does a bang-up job in making its certification training materials available to academia in high schools, trade and technical schools, community colleges, and at four-year colleges (Bachelor’s level) and universities. They also offer killer deals to those same institutions to train up their staff, purchase OSes, applications, and other software, and provide lots of great support for students and educators to dig into and get up to speed on a whole host of Microsoft platforms and tools, and related Microsoft certifications.
The IT Academy Locator lets you find schools, training companies, colleges (both 2- and 4-year)
and universities that belong to the program by city and state.
There’s even a pretty nifty IT Academy Locator that enables interested site visitors to find community and regular colleges and universities that belong to the program. What the locator lacks, however — and what makes up the basis for the “modest request” mentioned in the title of this blog post — is the ability to search directly or explicitly for online programs that also belong to the MS ITA. I was able to find quite a few by using the locator tool in major metro areas like NYC, LA, Dallas, Houston, and so forth. But it would be really, really helpful if they added an “Online” option to their search capability, too.
I’m going to send a link to this blog post to my contacts at Microsoft’s PR firm, and in MS Learning. With a little luck, it will at least garner some kind of response. Frankly, it seems so very obvious to me that this should be a search option that I’m having difficulty understanding why it’s not already in there. I’m more than curious to see what, if anything, might happen next! And if MS Learning is feeling especially ambitious, I’d also really like to see them create a section in the IT Academy for those institutions that offer what I call “degree+certification” programs where, in addition to taking students through a typical two- or four-year degree program in computer science, information technology, or other departments whose graduates are likely to toil in the IT patch upon earning their sheepskins, those same students also get prepped for (and may even be required to earn) a certification like the MCSA or MCSE as part of their overall academic experience. As I’m learning by trial and lots of error, it’s difficult to run down all of the no-doubt numerous institutions that do offer such plans. Wouldn’t it be nice if Microsoft Learning lent a helping hand here? Yes it would!
June 21, 2013 1:19 PM
Posted by: Ed Tittel
I just read an interesting interview with Robb Tracy, author of the LPI Linux Essentials Certification All-in-One Exam Guide (McGraw-Hill, 2013, ISBN: 9780071811019, $31.01 Amazon). It appears at GoCertify in a June 19, 2013, story entitled “Linux Essentials – What is this new credential?” Tracy makes some very interesting points about why LPI (which already offers the LPIC-1 Linux credential, and cooperated with CompTIA in the design and creation of the Linux+ certification as well) decided to offer yet another entry-level Linux certification above and beyond what’s already available.
First, he explains that Linux Essentials was originally launched as a pilot program in the part of the world often known as EMEA (Europe, the Middle East, and Africa) by LPI, and later expanded into North America in 2012. The content was created for students in high schools, or trade and technical schools (something like our community college system here in the USA), and intended to teach and test for basic Linux literacy, skills, and knowledge. In North America, Linux Essentials has also gained traction in four-year college and university programs, especially for lower-division undergraduates just getting started with computing topics, tools, and technologies. In this vein, Tracy says “The goal of Linux Essentials is to expose students to the Linux operating system and the concept of Open Source software. As such, it is the ideal entry-level Linux program.”
Next, Tracy points out that the LPIC-1/Linux+ credentials aim mostly at IT professionals (though often entry-level or junior IT workers) and have the “reputation of being quite difficult.” Tracy reports further that he has often fielded complaints from LPIC-1/Linux+ candidates that these exams are “too difficult” (emphasis his) and that they “can scare away Linux newcomers” as a consequence — a phenomenon Tracy likens to the “‘Linux all of fear.’” He then follows up with this telling observation: “I think Linux Essentials provides a fantastic avenue for those new to Linux to get their feet wet with the operating system and gain some confidence before tackling the more advanced LPIC-1/Linux+ certification.” All of this goes to explain why I can’t help but seeing this new offering as a kind of Linux certification with training wheels myself.
Some additional points from the interview worth noting include:
- Though it’s elementary, the Linux Essentials cert still covers considerable ground: newbie candidates should give themselves no less than two months to prepare for the exam, and even those with some Linux exposure and knowledge will need a month to get ready. If covered in the classroom, preparation usually involves a semester-long course.
- Candidates must get familiar and comfortable with the Linux command line, and really dig into the wide array of commands and their many switches, parameters, and options. This involves what Tracy aptly describes as “practice, practice, practice!”
- Tracy provides useful tips on gaining access to a live Linux system on which to implement his previous admonition (practice!): repurpose an older system, or installing VMware player and running Linux in a virtual machine.
- Tracy also advises candidates to visit any of the many Websites that provide access to Linux man pages (the per-command help files so well-known and loved/hated by experienced Linux/Unix users), and recommends Linux.die.net in particular.
The interview concludes with Tracy’s recitation of a number of useful study tips that he routinely shares with his students. Be sure to read the interview, and check them out, if you decide to pursue Linux Essentials yourself (or pass the link along to more junior colleagues, co-workers, offspring, or whatever who might benefit from a little Linux know-how).
June 19, 2013 1:25 PM
Posted by: Ed Tittel
For over a decade, one of my favorite sources of IT certification news and info has been Anne Martinez’ excellent GoCertify.com website. In addition, she has published a great monthly newsletter called “IT Certification Watch” over most of that interval as well. But last fall, I noticed that the newsletter ceased delivery after September 18, 2012. Upon my return to the office after a 10-day business trip this morning, I discovered that her newsletter is back online, as shown in this screen capture:
After an 8-month hiatus, IT Certification Watch is back.
In case you can’t read the micro-type that shows the publication date for Volume 15 #8, it’s September 18, 2012. The most recent issue (Volume 16 #1) shows a publication date of June 12, 2013. Be sure to check out this newly-revived IT certification newsletter. You won’t be sorry you did.