A Simple Plan
Microsoft sets new securityspecializations for MCSE and MCSA titles.
- By Dian Schaffhauser
- July 01, 2003
I was both happy and disappointed with the details of Microsoft’s security
specializations announcement. (You can read the salient facts at http://mcpmag.com/news/article.asp?EditorialsID=579
) The specialization approach to certification has
been honed carefully over the last couple of years by Cisco Systems, with
its array of career specialties. These prove expertise in the basics,
along with an extra emphasis in a particular area.
Announced during a TechEd keynote in June, the requirements for the new specializations from Microsoft—MCSE: Security and MCSA: Security—are culled from existing exams. That’s good news. As you sail toward your latest MCSE or MCSA, you can consider listing toward security in your choice of electives, thereby declaring yourself a security specialist at the end of your voyage.
The new approach is elegant in its simplicity. Security is an inherent aspect of designing, managing and administering a Windows network, so why shouldn’t the exams that cater to those job roles be good enough to lead to a security designation? And therein lay my initial disappointment. I was rather hoping for something harder-edged.
According to Contributing Editor Andy Barkl (a trainer who has taken
more exams in his career than a schooner has rigging), most of the security
focus in these credentials addresses the lowest common denominator. Take
70-214, Implementing Windows 2000 Security, a “prescribed exam” for both
the MCSE and MCSA. In Andy’s opinion, “It’s what every new
administrator should know about the basic security offering of Windows
Likewise, another prescribed exam, CompTIA’s Security+ test, is for “any new user or network administrator who needs to prove they are at least aware of computer and network security issues and available technologies.” (The emphasis on “new” is mine.)
Andy considers the other exams on the roster tougher, because they require specific knowledge of security details within Windows 2000.
But all of these tests are multiple choice, with a few drag-and-drop or reorder item types thrown into the mix. Somehow, I thought taking on high tech terrorism would require sharper weapons—the blunt edge of time in the field, a certain form of training by authorized experts, the proven ability to get users to pay attention to what they’re doing when they open e-mail.
But, no, in its infinite wisdom, Microsoft has decided that most security breaches could be resolved with some fairly basic steps—learning the security settings in its operating systems, knowing security concepts, understanding the value of staying up on patches.
On further consideration, I decided Microsoft is right. And I hope that a whole lot of you pursue this specialization, at least in training if not in title. The world could use feeling safer.
Dian L. Schaffhauser is a freelance writer based in Northern California.