In a recent blog (“The Interesting Case of Mobile App Development: Where are the certs?” 11/9/2012) I raised questions about certifications for IT professionals wishing to demonstrate proficiency in mobile applications, from their design and development, to their deployment and security. What originally prompted my inquiry was the realization that the partnership announced between Via Forensics and CompTIA for a mobile app developer security certification in December 2011 had more or less “gone quiet.” In fact, the most recent news I could find on this topic was dated March 2012, and claimed that a “course and … certification should be available in the second quarter of 2012.” Seeing as how we’re halfway through Q42012, I had to wonder what was up, if anything!So I called Steven Ostrowski, the director of corporate communications at CompTIA to ask him that very question. In response, he very obligingly set up a call with Rick Bauer, CompTIA’s Director of Research and Development. He informed me that the work with Via Forensics for the mobile app developer security credential – which has yet to receive its “official name” – is proceeding, and that the partners should publish background and exam objectives information for the new credential sometime before the end of 2012. In discussing subject matter with the usual CompTIA partners in industry, research, academia, government, and business, Bauer indicated that consensus emerged that it was important (and a lot more feasible) to certify the people who develop mobile apps to make sure they have a good understanding of how to design in and implement appropriate security protections and controls, rather than trying to test and certify those apps themselves. As Bauer put it: “It’s just not practical to certify the huge numbers of mobile apps going public, but we can certify the builders of those apps.” Consequently the mobile app developer security credential focuses on:
- Best practices in mobile app development and security
- Incorporating application security into the overall software development lifecycle (SDLC)
- Dealing with network security issues associated with mobile access, protocols, and services
- Ensuring appropriate compliance with PCI, HIPAA and other relevant frameworks, including encryption, app hardening, and confidentiality controls
It should be very interesting to see what shape this new cert takes as more information becomes available, and what kind of uptake it provokes from a no-doubt hungry audience for such things.
At the same time, says Bauer, work on the CompTIA Mobility+ certification also continues. A call is currently out for mobility experts to participate in an SME gathering to help establish content and coverage elements for the new certification from December 11-14 at CompTIA HQ. If I understand the CompTIA Processes and timelines that means the Mobility+ certification and exam will start taking shape by mid-2013, and we should know better what aspects of the “wireless networking, mobility architecture, mobile security (both Wi-Fi and R/F) and policy, and … troubleshooting mobile devices” referenced in the call for experts will actually make it into the objectives and knowledge domains for the Mobility+ exam. Personally, I can’t wait to learn more, and am hopeful that Bauer’s wish that “Mobility+ can play the same role for IT professionals responsible for mobile technologies that A+ plays for PC bench and hardware technicians” will be granted. Gosh knows, the industry needs a strong general foundation in best practices for planning, deploying and managing mobile technologies in the workplace, and hopefully Mobility+ can deliver just that.
But the jury’s still going to be out for a while, and we have a lot more to learn about both of these impending CompTIA-related credentials. Stay tuned, and count on me to dig in and report back as and when I learn more.