Editor's Desk

A Simple Plan

Microsoft sets new securityspecializations for MCSE and MCSA titles.

I was both happy and disappointed with the details of Microsoft’s security specializations announcement. (You can read the salient facts at http://mcpmag.com/news/article.asp?EditorialsID=579) The specialization approach to certification has been honed carefully over the last couple of years by Cisco Systems, with its array of career specialties. These prove expertise in the basics, along with an extra emphasis in a particular area.

Announced during a TechEd keynote in June, the requirements for the new specializations from Microsoft—MCSE: Security and MCSA: Security—are culled from existing exams. That’s good news. As you sail toward your latest MCSE or MCSA, you can consider listing toward security in your choice of electives, thereby declaring yourself a security specialist at the end of your voyage.

The new approach is elegant in its simplicity. Security is an inherent aspect of designing, managing and administering a Windows network, so why shouldn’t the exams that cater to those job roles be good enough to lead to a security designation? And therein lay my initial disappointment. I was rather hoping for something harder-edged.

According to Contributing Editor Andy Barkl (a trainer who has taken more exams in his career than a schooner has rigging), most of the security focus in these credentials addresses the lowest common denominator. Take 70-214, Implementing Windows 2000 Security, a “prescribed exam” for both the MCSE and MCSA. In Andy’s opinion, “It’s what every new administrator should know about the basic security offering of Windows 2000.”

Likewise, another prescribed exam, CompTIA’s Security+ test, is for “any new user or network administrator who needs to prove they are at least aware of computer and network security issues and available technologies.” (The emphasis on “new” is mine.)

Andy considers the other exams on the roster tougher, because they require specific knowledge of security details within Windows 2000.

But all of these tests are multiple choice, with a few drag-and-drop or reorder item types thrown into the mix. Somehow, I thought taking on high tech terrorism would require sharper weapons—the blunt edge of time in the field, a certain form of training by authorized experts, the proven ability to get users to pay attention to what they’re doing when they open e-mail.

But, no, in its infinite wisdom, Microsoft has decided that most security breaches could be resolved with some fairly basic steps—learning the security settings in its operating systems, knowing security concepts, understanding the value of staying up on patches.

On further consideration, I decided Microsoft is right. And I hope that a whole lot of you pursue this specialization, at least in training if not in title. The world could use feeling safer.

About the Author

Dian L. Schaffhauser is a freelance writer based in Northern California.

comments powered by Disqus

Reader Comments:

Tue, May 3, 2005 Anonymous Anonymous

I don't want to know all that crap, I just want to know they're career background!!

Wed, Mar 24, 2004 Juanita Wolcott

sorry for the mess up but all you guys are HOTTTTTTT and my favorite song is perfect then addicted then my alien and last but not least god must hate me well love you all Juanita Greenwood write back

Wed, Mar 24, 2004 Juanita Wolcott

sorry for the mess up but all you guys are HOTTTTTTT and my favorite song is perfect then addicted then my alien and last but not least god must hate me well love you all Juanita Greenwood write back

Wed, Mar 24, 2004 Juanita Greenwood

You are my favorite band and i am your biggest fan write back Juanita Greenwood I am 13 years old and a female

Mon, Jul 28, 2003 Anonymous Anonymous

I'm disappointed that GIAC's GCWN certification wasn't brough up in this article. As one of only about 250 people who have passed it, I can honestly say it was tougher than getting my MCSE cert. You want to be good at Windows security? Earn this cert.

Thu, Jul 17, 2003 Mason Cooper AZ

Diane, Please get rid of the mullet. The 80's are over. Mullets and computers don't go hand in hand like they do with NASCAR and shootin' guns. Thank you.

Thu, Jul 17, 2003 Joel New York

All I can say is thank-you for letting me know. I checked my transcript and found they already awarded me the extra certification. Cool

Wed, Jul 16, 2003 Larry Rose East Coast

I think that any MCSA or MCSE should have a well rounded idea of how to secure a MS environment. After attending the Security Summit in Seattle, and actually seeing how "Microsoft's Best Practices" actually worked, I think these are nice added credentials and should be part of the training track...as long as everyone remembers that this is geared towards Microsofts Operating Systems.

Tue, Jul 15, 2003 Anonymous Anonymous

In the comment above I didn't mean "you" as any of you in this comment posting. I just copied and pasted the email response I sent to Mrs.
Ms. Schaffhauser

Tue, Jul 15, 2003 Anonymous Anonymous

I would like you to sit the Security+ exam and see if it is for any "new" user or network admin. No I am not reply simply to defend a cert I have earned but to stress I have taken the exam and it is not for just any old new user or network admin to say he is at least familiar with Security.

Have you taken the exam?

If not check out www.techexams.net Comptia-Security+ forum and read some of the posts The titles to some alone describe the temperature this test can create. Also, I have found that the forums practice tests are some of the most relevant and provide a really good scenario of the actual test. Try one of them and tell me how you did.

Tue, Jul 15, 2003 mrobinson52 Florida

Like the author Ms. Schaffhauser, I am a little disappointed that there is no new added material needed for this cert. I was planning on taking the 70-214 anyways, but I am not sure if I want to take ISA server or Security+, since the CompTIA tests are extremely expensive, even for those of us who are CompTIA members. In this terrible job market, it is good to have any way of destiguishing yourself from the herd. There are too many MCSEs for too few jobs, and if having the buzzword "Security" on my card helps land a job, I am all for it. Who knows, maybe more admins will learn how to properly secure their systems, and virii will no longer wreck as much havic as a result.

Tue, Jul 15, 2003 Anonymous Anonymous

Training is training. You know you can't stop. Like it or hate it, you will be exposed to more concepts and be better able to cope when you train up. There is nothing wrong with getting cool titles for your resume too.

As always, the uncertified don't even know what they don't know.

Tue, Jul 15, 2003 Douglas Colorado

I wish Microsoft would wake up and get a certficiation that has some weight and really means something. Like the GSEC or CCIE Security or the RedHat cert. For all these you don't just pass tests. You must actually prove you know something!

Sun, Jul 6, 2003 Martin HULL

I would think any MCSA or MCSE exam routes should add security in as a core exam, this area shouldn't be a specialisation but more a must. Its like saying tale the MCSA and add the windows server exam as a specialisation as an elective. Seems a little out dated nowadays to say security is a specialisation.

Mon, Jun 30, 2003 Anonymous Anonymous

This is good from MS finally. I am about to get CompTIA security what a great place www.getcertified4less.com for Transcender, Test voucher and Security is way to go for now.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.