March 15, 2013 3:30 PM
Posted by: Ed Tittel
Over the past few weeks, I’ve watched Prometric roll out its first-ever IT certification: it’s called Cyber Security Essentials. Granted, information security (or information assurance, cyber security, or whatever you’d like to call it yourself) is both an important topic for IT professionals, and an increasingly vital concern for companies and organizations seeking to limit liability and exposure to financial risk through loss, theft, or damage to their information assets and proprietary or confidential data. But what else might be driving Prometric to start producing its own IT certifications, given that their core business is to provide testing services for a broad range of global certification sponsors, professional societies and organizations, and vendors with products, platforms, and frameworks to promulgate and support?
- Why might Prometric decide to promote its own house-made IT certs?
I’ve been pretty curious about this cert since it first saw the light of day a few weeks ago, and was also quite interested to see that Prometric is running a $50 discount off the normal $200 price tag through April 30, 2013 (use discount promo code PROCYBER to get the knock-off). I’ve contacted a PR contact for Prometric at Ogilvy with a longish list of questions about this credential that have yet to be answered, and I hope to learn (and report) more about Cyber Security Essentials in the near future.
But as I got to thinking about what might prompt Prometric to introduce its own credentials into the IT certification mix, I also pondered the following recommendation bullet from the Cyber Security Essentials landing page. The lead-in text for all bullets there reads “Who Should Take This Exam? Cyber Security Essentials is recommended to:…” The bullet that caught my eye reads “Anyone who may have taken CompTIA exams (A+, Network+) and/or who plans to take or recently failed CompTIA Security + Exam, or similar certification exams.” As I read over press releases and promotional prose about this certification (see StepForward Creative’s page about the credential, which that company helped brand and promote at Prometric’s behest), I found these phrases:
- “It will rival the well established CompTIA certification.” (StepForward Creative)
- “Prometric recommends Cyber Security Essentials as a replacement for CompTIA exams…” (GoCertify.com)
I asked myself “Why would Prometric target CompTIA so explicitly?” After a while, I remembered seeing this press release from Pearson VUE last summer entitled “All CompTIA Certification with Pearson VUE,” which leads off as follows “Effective July 9, 2012, CompTIA exams are exclusively with Pearson VUE.” Who knows what kind of deal Pearson VUE had to cut with CompTIA to get them to cut off relations with Prometric and make an exlusive arrangement with them alone? But one thing is for sure: Prometric couldn’t have been too happy about it, what with hundreds of thousands of CompTIA exams being taken annually, and somewhere around half that business prior to the cutoff date likely to have been an important component of Prometric’s bottom line.
Could simple pique be behind the emergence of Cyber Security Essentials? It’s probably not the only motivator that drove Prometric to launch this certification, and it’s probably more motivated by an effort to recapture lost revenue foregone when CompTIA’s test business moved over to Pearson VUE alone. Right or wrong, I can’t help but wonder if Prometric’s move is something of a shot across CompTIA’s bow, and perhaps also a warning to cert sponsors everywhere that yanking their business might draw the test development and delivery giant into direct competition? If we start seeing other certifications from Prometric that address PC troubleshooting, configuration and repair (A+) and networking tools and technologies (Network+), I guess we’ll know for sure!
March 13, 2013 2:29 PM
Posted by: Ed Tittel
Over the past half year, I’ve corresponded with a young man who sensed the handwriting on the wall in his academic job: a post-doctoral position doing data analytics and statistical modeling at a major mid-western university. His intuition was pretty good, as it turns out, and he thanked me for some career advice I bestowed upon him as he cast about for ways and means of reinventing himself, and finding a new job. Last month, he wrote me to say that his position had indeed fallen victim to a loss of the grant money that supported it, and he found himself cast onto the job market.
His story has a happy ending, because he wound up going to work for a Cary, North Carolina company known as the SAS Institute, maker of a venerable and widely-used set of integrated software tools for statistical modeling and analysis (the original expansion for SAS was “Statistical Analysis System,” but like so many organizations that proudly serve an acronym, the company has since taken legal steps to enshrine SAS as its official name, no expansion needed or wanted). It was his knowledge, training, and interest in the technologies that underlay the SAS environment — including data analytics and mining, business intelligence, and big data operations of all kinds — that led him to SAS, where he is now happily ensconced, working on projects for various SAS tools and utilities.
SAS Certs Cover a Lot of Interesting Ground
Why am I telling you all this? Because his adventures reminded me that SAS operates a pretty peachy certification program that’s comprised of 8 different certifications in the areas of basic SAS programming, advanced analytics, information and data management, and business intelligence. Here’s a quick set of links to the various elements that make up the program, organized by silo:
Each of these credentials requires passing a single $180 exam administered at Pearson VUE (fees outside North America vary in terms of currency and amount). The company does not require certification candidates to take courses to qualify for exams, but they do offer an official curriculum for those interested in attending training classes, offered in 39 countries around the world. Individuals with SAS certification are in reasonably high demand, and generally occupy positions at annual pay rates of $90K or higher. For those IT professionals with mathematical interests, or a background in analytics, data mining, business intelligence, or data management, SAS certification can be a terrific career-enhancing move (particularly for those who know about or already work with SAS software products).
March 12, 2013 2:39 PM
Posted by: Ed Tittel
Oho! Imagine my surprise when I jumped up onto Microsoft’s Born to Learn blog this morning to catch up on a family vacation day yesterday, only to observe this headline there: “Microsoft Certification Study Groups debut on Born to Learn.” And indeed, MS has decided to add study groups organized into major cert topic silos — namely, client, database, developer, and server (as the following screen cap illustrates) — under a brand-new “Study Groups” tab available at the Born to Learn home page.
Four new silos on a new tab for study groups on the Born to Learn pages!
Microsoft has apparently curated its available online resources and organized them into these topic areas, to make it easier for cert candidates to find stuff. There are also discussion forums and exam prep wikis available, on a per-cert-exam basis, where candidates can raise questions and audit answers, not just from fellow peers chasing the same exams and credentials, but also from Microsoft moderators (usually, this means MCTs and subject matter experts from the user community). Exam preparation wikis also point to general exam prep materials, as well as resources that map to the exam objectives for the relevant certification exam, selected based on feedback from other Microsoft online community members who’ve rated them online. MS also says that “new content is being added on an ongoing basis, so you may want to subscribe to these pages for updates.”
Long story short: if you’re chasing any current Microsoft certs, or have plans to pursue MS certification in the future, you’ll want to check out the new Study Groups tab available through Born to Learn.
March 8, 2013 2:39 PM
Posted by: Ed Tittel
As I was listening to NPR this morning, I heard economists and employment experts forecast the February numbers in a range from 150,000 to 170,000 jobs added. The overall consensus was that total employment would either remain unchanged at 7.9 percent, or that it might conceivably edge down to 7.8 percent. But when I cracked open the latest Employment Situation Summary from the US Bureau of Labor Statistics this morning, I learned instead that 236,000 jobs were added in February, and unemployment decreased to 7.7 percent instead. Here’s a precis:
Lookit them numbers!
Of course, those same economists who forecast the numbers about 28-36 percent below their actual mark are also concerned — and quite rightly so — about the impending impact of sequestration on employment numbers. Their consensus appears to be that some 750,000 jobs will be lost, and I heard more than one expert opine this morning that this could result in a dip of about 70,000 jobs per month on overall job growth numbers.
This is a serious concern, but if there’s any kind of silver lining in today’s numbers, it’s that deducting 75,000 from 236,000 (which results in 161,000 monthy job growth) hurts a lot less than deducting the same number from the 150,000 to 170,000 that had been the consensus forecast for upcoming monthly job growth for the foreseeable future. Prognostication is always a risky business, though: a look at the right-hand bar chart above shows that monthly employment numbers have been swinging through a wide range of late. Just last month, gains fell in the 110,000-120,000 range, where last November, they almost hit 250,000. That’s a case where one month nearly doubles another month, which speaks to wide variance in employment numbers from month to month. This makes solid, believable forecasts a little harder to achieve!
But for once, it’s nice to see reality (or at least, statistical reality as reported by the BLS) outstrip anticipation, and by a pretty wide margin. When further surprises arrive in the months ahead, let’s hope that they’re all equally positive. And on the IT front, Table A-14 also shows a very nice swing to unemployment for our sector: where IT had an unemployment rate of 8.4 percent in February 2012, one year later that number dropped to a fairly healthy 5.2 percent (anything in the range of 5-6 percent is regarded by most economists as “full employment”). The overall numbers also look pretty good: 247,000 unemployed in February 2012, versus 143,000 in February 2013. Given that healthcare receives notice in the high growth sectors mentioned in the preceding snippet I’m guessing that healthcare IT jobs are leading the way for our sector, too (for more discussion of this aspect of IT, see my UpperTraining blog from yesterday entitled “Healthcare IT Offers Huge Certification and Employment Opportunities“).
March 6, 2013 3:07 PM
Posted by: Ed Tittel
I saw an interesting article on TechRepublic this morning. Entitled “Four things that make your resume look dated,” by Toni Bowers, it digs into a short handful of potential sins to which resume writers are prone. While all of them are worth considering — and her story worth reading — I was forcibly reminded of a profound lesson I’ve learned (and re-learned from time to time) as a professional freelance writer.
Writing your resume to appeal to its readers will work wonders for you.
Image Credit: Shutterstock 99799265
That lesson is encoded in the title of this blog as “Know Your Audience,” but what it really means is the following:
- You understand your readers’ pain points and wishes
- You understand what your readers want to know
- You know how to speak the reader’s language
When it comes to writing resumes, Bowers’ points from her story can be re-interpreted in light of this basic principle of effective communication:
- You still have an objective statement: Bowers makes the very valid point that “…hiring managers couldn’t possibly care less what you’re looking for” and that “…the exercise is all about what you can do for the company you’re applying to.” I couldn’t agree more and also believe that the whole point of any communication in a resume is to show how you can add value through what you’ve done in the past and can do in the future, what you know, and what you can learn. Keep this in mind as you write a resume and the results will speak for you, as well as for themselves.
- Your resume looks like it was typed on a Smith-Corona:Her point is that the days of the typewriter are long since passed, and you can do interesting and visually appealing things in a word processor. You say a lot about yourself (and your knowledge of word processing or layout tools) in the way your resume presents itself to readers. If you can’t make the design stand up and bark on your own, get some professional help to snazz things up. This speaks to the desire of your audience to be amazed and entertained, as well as informed. Opportunities for entertainment are rare in a resume, so take advantage of this as much as you can!
- You consider yourself “hard working” or a “good communicator:”Bowers point here is subtle, but important — namely that any self-assessments you make in a resume are always subject to the charge of shameless self-promotion. Sure there has to be some shameless self-promotion in any good resume, but it works better if it’s less overt and more demonstrative. That means instead of saying those things in quotes, you provide examples that illustrate those points, and let the reader draw his or her own conclusions. Thus instead of “hard-working” you might say “Delivered 60,000 lines of tested, debugged Java code in 14 months, and returned the development project involved back to its originally planned schedule, reversing an anticipated delay of six months.”
- You offer references upon request: Bowers points out that employers can use Google as well as anybody else, and they will find such stuff on their own. Assume if an employer wants references, they’ll ask for them. Her advice is spot on “Save that part of your resume real estate for something important.”
Remember, your job in a resume is to explain how and why hiring you is going to help a prospective employer solve problems, make technology work better, and above all, make more money or deliver more services. If you can do that, you’ll get past the initial screening process, and may even get a shot at an interview. Happy job hunting!
March 4, 2013 4:44 PM
Posted by: Ed Tittel
Gosh, it seems like infosec topics have dominated the cert news and information lately. Today is no exception, as I report on one of the awards in SC Magazine‘s 2013 Winners — namely in their Professional Awards category. This year’s winner is the Certified in Risk and Information Control (CRISC) from ISACA, designated as the best professional certification program (presumably, in the information security field).
Top infosec cert pick for 2013: CRISC.
Also chosen as finalists were the following credentials: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Security Expert (GSE), ISACA Certified Information Security Manager (CISM), and ISACA Certified Information Systems Auditor (CISA). Does anybody else find it curious that only GIAC and ISACA certs made it into the finalist category? I certainly did, so I checked on the Judging Information page to see what it said about how the professional awards, including “Best Professional Certification Program” were made. Here’s what it says, verbatim:
With the exception of the Editor’s Choice Award recipient, winners in the Professional Awards category will be decided by an expert panel of judges. Like the Excellence Awards, not only are judges advised to review the materials provided by entrants, they also are asked to review any applicable research or analyst reports, product reviews by SC Magazine, and/or any additional documentation/input provided by SC Magazine and/or other Haymarket Media publications. In some cases, the panel may be offered further insight or add additional notes from SC Magazine’s editorial team members who may decide to interview or already have interviewed contenders. There will be one winner chosen per category.
That doesn’t seem like a terribly transparent set of judging criteria, but at least it’s an understandable one. What I guess I find interesting is the focus on news and information from the media company that owns SC Magazine. Aside from mention of “applicable research or analyst reports” (and that would certainly cover a host of sins), everything else seems to come through the Haymarket Media filter. I don’t mean to question the utility or value of any of the finalist certifications designated, and certainly earning the GIAC Security Expert is a lifetime achievement worthy of serious note. But there are a lot more (and more popular and/or more highly regarded, except for GSE) infosec certs out there that could at least have made finalist grade. I wonder at the omission of CCIE Security, CISSP (and its follow-on credentials), any of the ASIS certs (CPP, PCI, and PSP), and more. Very curious! It certainly would be nice to know more about the data and knowledge base from whence the judges drew to make their finalist and best selections.
March 1, 2013 8:03 PM
Posted by: Ed Tittel
There’s a big, bold, complex and new cybersecurity framework in town, and it comes from a source that seldom gets described using the terms “bold” and “new” — though “big” and “complex” are its stock in trade. Yes, that’s right: I’m talking about the government of the United States, specifically the Computer Emergency Readiness Team (CERT, aka US-CERT) in the Department of Homeland Security. The name of this program is the National Initiative for Cybersecurity Careers and Studies (NICSS), and it’s designed as a massive source of information on cybersecurity for the general public, students and their teachers, cybersecurity professionals and managers, policymakers, veterans, and other folks, too.
While it provides general computer and Internet security information, including an interesting Cybersecurity How-To Guide, its most important aim is to provide information for those interested in studying the topic, and for those interested in pursuing a career in cybersecurity. The organization is in the process of assembling a training catalog that will combine pointers to academic, professional, vocational, and commercial training in cybersecurity, with a massive collection of information about cybersecurity-related work categories, with job roles and titles and KSA (Knowledge, Skills, and Abilities) inventories to go with them, all in the context of a Cybersecurity Workforce Framework. These are divided into the 6 categories shown in the following figure, further organized into 31 distinct specialty areas.
The NICCS framework defines some basic building blocks to establish and maintain a strong security posture.
Ultimately, this mammoth collection of information will be indexed and organized by an “Education and Training Catalog Search” tool that will let interested site visitors find courses by any of the various ways of slicing and dicing coverage and content for various cybersecurity job roles. Right now, there’s only a dummied-up demo catalog to play with that lacks any real data. But even that is interesting to visit and play with, and there’s a lot to learn about how modern IT is organized and practiced by perusing the categories and specialties that the catalog (and other information silos on this website) covers.
To me, of course, the most interesting area in the site is the section on “Professional Certifications,” which currently features 26 different credentials (CISSP and SSCP are each listed twice for some reason but I only counted them once) out of a field of 120-130, as far as my most recent but still incomplete information security certification survey for 2013 goes. Here’s a compacted list of what’s mentioned:
|NICSS Table of Recognized Cybersecurity Certs
|(ISC)² Certified Information Systems Security Professional
||DRI Master Business Continuity Professional
|(ISC)² Systems Security Certified Practitioner
||Electronic Commerce (EC) Council Certified Ethical Hacker
|(ISC)² Certification and Accreditation Professional
||GIAC Certified Incident Handler
|CERT Certified Computer Security Incident Handler
||GIAC Information Security Fundamentals
|Certified Hacking Forensic Investigator
||GIAC Security Essentials Certification
|Certified Expert Penetration Tester
||GIAC Security Leadership Certification
|Certified Wireless Security Professional
||GIAC Systems and Network Auditor
||ISACA Certified Information Security Manager
||ISACA Certified Information Systems Auditor
||Security Certified Program (SCP) Security Certified Network Professional
|DRI Associate Business Continuity Professional
||Security Certified Program (SCP) Security Certified Network Architect
|DRI Certified Business Continuity Professional
||Certified Hacking Forensic Investigator
|DRI Certified Functional Continuity Professional
||Certified Penetration Tester
I don’t see too many surprises there (though given the DoD’s recognition of the CompTIA Advanced Security Practitioner, or CASP, just recently I do expect it to show up here sometime soon as well). I’ve had enough trouble getting solid, objective info on the Security Certified Program (SCP) credentials that I’ve kind of written them off; their appearance here with the SCNP and SCNA is surprising, and I’m also a little surprised to see that none of the Cisco security certs made the grade, even though CCNA and CCNP Security are on the same DoD cert list that CASP just joined recently (that DoD Information Assurance or IA registry is documented in the 8570.01-M Manual). But again where government agencies are concerned, I don’t necessarily expect them to be completely in synch with one another: the DHS is not part of the DoD, after all.
February 27, 2013 3:17 PM
Posted by: Ed Tittel
The CompTIA Advanced Security Practitioner cert takes up equal coverage with the CISSP.
For those not already in the know, the Department of Defense (DoD) has approved the CompTIA Advanced Security Professional (CASP) credential for addition to its baseline list of acceptable information security/information assurance certifications for the following levels:
- IAT Level III (Information Assurance Workforce Technical Level III): A description of this level of attainment is available at IA Academy and in the 8570.01-M Manual.
- IAM II (Information Assurance Management Level II): A description of this level of attainment is available at IA Academy and in the 8570.01-M Manual.
- IASAE Level I and II (Information Assurance Workforce System Architect and Engineer, Level I and Level II) IA Academy links for L1 and L2 at left, and also covered in the 8570.01-M Manual.
What makes this decision interesting is discussed very nicely in a 2/23/2013 article on Steve Linthicum’s Certification Site entitled “CASP-CompTIA Advanced Security Practitioner News” wherein the author opines as follows:
“What will ‘sell’ this exam to DOD employees and contractors seeking to meet the requirement of DOD Directive 8570.0 is the fact that it’s cost ($379) is substantially less than (ISC)2 charges for the CISSP exam ($599), coupled with at least a perception that it is easier than the CISSP.”
Currently study guides for the CASP are available from Sybex (Michael Gregg and Billy Haines, February 2012) and McGraw-Hill (Wm. Arthur Conklin, Gegory White, and Dwayne Williams, September 2012), and both books get pretty good reviews. If you can meet the CASP experience requirements (10 years in IT administration, including 5 or more years of hands-on technical security experience), the exam includes 80 questions (versus 250 questions for the CISSP) over a 2.5 hour period (versus 6 hours for CISSP). That’s probably the primary source for the belief that the CASP exam is easier than the CISSP, cost issues notwithstanding. This could be a great option for those who want to (or must) meet mandatory DoD IA certification requirements. For more information, I blogged about the CASP at PearsonITCertification on June 1, 2011 in a post entitled “CompTIA Ventures Beyond Entry-Level with CASP Credential.”
February 26, 2013 3:29 PM
Posted by: Ed Tittel
There’s an interesting press release from CompTIA up on their website this morning, entitled “Healthcare Providers Expanding Use of Mobile Technologies…” Because I just blogged on this very topic for Windows Enterprise Desktop yesterday (see “Dell Latitude 10: Viable Healthcare Tablet Option?“), this report struck something of a chord with me. And when my old Novell buddy, Mickey Applebaum, commented to me on Facebook that Acer also has “…a dedicated medical care section and are even listed in the Medical Product Guide as a provider of technology products to healthcare professionals” and that he has “…hooked several doctors’ offices [up] with Acer Direct…” for such sales, something of a pattern started to emerge:
healthcare IT = EHR + mobile + hunger for innovation
An increasing number of medical professionals are turning to mobile devices on the job.
[Image Credit: Shutterstock 125225471]
(remember, EHR stands for “electronic health records,” and represents US government jargon for the phenomenon that’s currently revolutionizing medical data storage, as the vast majority of medical records make the transition from purely paper-based to entirely digital forms. Because the CompTIA press release lumps EHR with EMR below, I should also explain the EMR stands for “electronic medical records” as well).
Bingo! In that context, the CompTIA information comes as no surprise whatsover, and these eminently repeatable factoids from same make very good sense indeed (all of the following bullet points are verbatim quotes, somewhat abbreviated where ellipses appear, from the CompTIA press release cited above):
- healthcare providers are on the cusp of expanding their use of smart mobile devices from routine business activities, such as e-mail and scheduling, to more advanced, care-specific uses … examples include medication monitoring and management, remote access to health records[,] and assisting patients in managing insurance claims.
- while most healthcare providers are in the early stages of adopting and incorporating mobile health and other technologies into their workflow, the research points to high levels of interest and experimentation … a net three in four healthcare providers surveyed believe mobility is having a positive impact on healthcare.
- one in five physicians with a mobile device capable of supporting apps uses health- or medical-related apps on a daily basis … over the next 12 months, healthcare providers expect to increase their usage of medical apps to … where 62 percent are relying on these apps at least a few times per week.
- CompTIA data indicates that about six in ten healthcare providers have at least some elements of an EMR/EHR system in place.
- CompTIA research … points to a more positive attitude toward EMR/EHR among healthcare providers this year … a net satisfaction rate in the low 60s indicates acceptable performance, but leaves a sizable segment of users seeking improvement…
- Fewer than half of healthcare providers acknowledge being fully prepared for their transition to electronic health record[s].
Obviously, equipment makers, solution providers, and system integrators all smell big opportunities for mobile healthcare IT, for everything from acceptable devices to specialized applications and systems that target healthcare professionals who might use those devices. I hope it’s equally obvious that there’s HUGE certification, employment, and career advancement potential here as well, and that interested IT professionals should keep in mind that there’s lots of money in healthcare, where some of it inevitably trickles down and into IT.
To that end, interested readers might want to consult a pair of pieces I wrote for Tom’s IT Pro on the subject of healthcare-related IT certifications:
- Top 5 IT Certifications in Healthcare (March 20, 2012)
- Healthcare IT: The Lowdown on EHR and Stimulus Certifications (December 3, 2012)
There’s a LOT of opportunity for IT pros who are interested in working in or around healthcare, and there are lots of certifications designed to help them find their way into this field. If this appeals to you, be sure to check these things out.