Microsoft Security-Related Certifications
Once upon a time—and for at least a little while yet—you could pursue solid, well-known certifications like the Microsoft Certified Systems Administrator (MCSA) or the Microsoft Certified Systems Engineer (MCSE) and get a side of security with that credential. These are known as the MCSA Security specialization and the MCSE Security specialization.
But with the most current of these credentials tied to Windows 2003, and newer credentials now falling into the Microsoft Technology Associate (MTA), Microsoft Certified Technology Specialist (MCTS), Microsoft Certified IT Professional (MCITP), Microsoft Certified Master (MCM), and Microsoft Certified Architect (no abbreviation) tracks, I wanted to take a long hard look at the Microsoft programs and see how security figures into this new regime.
What I learned is pretty interesting and can be explained along some basic lines. For one thing, where absolute fundamentals are concerned—namely, with the MTA credential, you see Security Fundamentals as one of the IT professional exams in the mix. But once you get into the MCP exams associated with MCTS and MCITP, and into Master and Architect level credentials, the mix changes dramatically.
All of the new higher-level Microsoft credentials focus on specific platforms, server architectures, or toolsets, so that security becomes a concern only as and when it’s part and parcel of the platforms, servers, and toolsets that are involved. Take a look at my analysis of the MCTS credentials labeled “Windows Technologies” shown in Table 1 as an example, and you’ll get a pretty good idea of what I mean.
Table 1: MCTS Credentials on Windows Technologies
|
Exam |
Title |
Elements that mention security, or involve security topics |
|
70-625 |
Connected Home Integrator |
Windows Firewall, Windows Defender, parental controls, troubleshooting |
|
70-654 |
Windows Essential Business Server 2008, Configuring |
Firewalls, antivirus/anti-spam, Forefront, VPN, remote access, certificates |
|
70-640 |
Windows Server 2008 Active Directory, Configuring |
DNS, AD trusts, authentication server, AD GPOs, account policies, audit policy, certificate services |
|
70-642 |
Windows Server 2008 Network Infrastructure, Configuring |
Windows Firewall with Advanced Security, DNS, remote access, NAP, NPS, |
|
70-643 |
Windows Server 2008 Applications Infrastructure, Configuring |
Forms-based authentication, remote access, remote desktop Web access, SSO, RD gateway, RD Session Host, server permissions & access controls, SSL security, secure streaming media |
|
70-653 |
Windows Small Business Server 2008, Configuring |
Configure network firewall, manage users and groups, manage server access and permissions |
|
70-620 |
Configuring Microsoft Windows Vista Client |
Parental controls, configure Windows security features, configure remote access |
|
70-680 |
Windows 7 Configuration |
IE security settings, application restrictions, configuring Windows firewall, configuring access to resources, configure remote connections |
Of the 17 exams (each of which maps to a separate MCTS credential) under this heading, only eight of them address security-related concerns explicitly in the “Skills being measured” descriptions associated with the web page for each exam. I’m sure that security gets at least passing mention in all 17 exams and certs, but the message from this new cert approach is that security is seldom, if ever, a topic or a credential unto itself. Rather, it’s a topic that’s addressed when it’s germane and relevant to the topics at hand.
My thesis is born out when you visit the MS Learning Web page that lets you view “Microsoft Certifications by Technology.” Sure enough, you’ll find a security category heading on that page, but when you choose it, you find only two MCTS entries under that heading (aside from the obligatory nods to MCSA Security and MCSE Security I’ve already mentioned as fading historical legacies). These are:
- Exam 70-557: Microsoft Forefront Client and Server, Configuration
- Exam 70-351: Microsoft Internet Security and Acceleration (ISA) Server 2006, Configuration
Both of these cover platforms built specifically to deliver security as a major component (ISA) or the sole focus (Forefront) of their design, and both of these exams are scheduled to retire on March 31, 2011, with no direct replacements in line or on the horizon.
Take a look at higher-level certifications—namely, MCITP, MCM, and Microsoft Certified Architect—and the same principle shines through. Security is integrated throughout those curricula, but serves nowhere as the primary focus for any individual credential in these tracks. What this means is that security finds a place in Microsoft certification on as-needed and where appropriate basis, but that nowhere does the company currently seek to adopt a security-first or a security-only perspective on its credentials.
Going forward, I have to believe this means that Windows professionals who want to focus in on security as part of their career development and certification path will have to seek out and acquire other, third-party security certifications to complement their Microsoft credentials. This probably makes a three-stage progression like the one depicted in Table 2 pretty sensible, though there are more options on the security side available than I include (I’ve deliberately picked popular and well-respected vendor-neutral credentials to complement their MS counterparts).
Table 2: Security Credentials to Complement Most Steps on the MS Cert Ladder
|
MS Cert |
Security Cert |
|
MTA Security Fundamentals |
none needed |
|
MCTS |
|
|
MCITP |
|
|
MCM |
CISSP, numerous GIAC credentials, CISM |
|
Arch |
This is just a representative sample, and includes no vendor-specific certifications either (these are most likely to be dictated by a candidate’s current or targeted work environment anyway). But given this roster, anyone with the inclination to add security certification to their growing collection of Microsoft certs should have a pretty good idea about what they might choose, and how they might progress down the security path.