With its newest certification exam for Windows 2000 expected later this year, Microsoft will now begin the process of identifying the scope of certification exams for the upcoming .NET Server 2003 platform.
The latest exam, called "70-214: Implementing and Administering Security in a Microsoft Windows 2000 Network," will enter its trial phase in mid-October and become available by the end of this year, said Dan Truax, director of Microsoft certification.
The 70-214 is the second security-specific certification Microsoft has offered this year, but it is the first one that addresses the day-to-day operational aspects of Windows security, said Ed Tittel, president of LANWrights Inc., a consultancy in Austin, Texas. Microsoft already provides a security exam for design and implementation, called "Designing Security in a Windows 2000 Network."
Truax said these two certification exams will be the last ones for the Windows 2000 platform. It costs $125 to take each exam.
The interest in security exams has been building. It began, more or less, around the same time that Microsoft introduced its Trustworthy Computing Initiative last year. As Microsoft combed code across its platforms to hunt down vulnerabilities, it started releasing a steady stream of patches and fixes -- frequent reminders to IT administrators that they need to secure their systems.
As customers hone the skills they need to secure their software, it has become necessary to measure those skills. This is how the certification exams came to be, Truax said.
"Companies are using [certification] as a development tool and as a way to train and reward employees," he said
IT administrators are often mixed on whether they believe any certification is necessary. With the constantly changing security landscape, there are many new things to learn and some old things to unlearn. Most Windows administrators learn how to do the job on the job, so certification may have little value.
"We're usually more interested in someone having experience than in certification," said Todd Purifoy, enterprise messaging administrator at International Truck & Engine Corp. in Warrenville, Ill.
On the other hand, it's a feather in the cap for some folks, said Greg August, director of management information systems at the Cystic Fibrosis Foundation (CFF), Bethesda, Md.
The newest certification exam delves into areas such as service packs, security updates and fixes, remote access and authentication, and how individuals who are security administrators would deal with issues in each of these categories. Most of these topics are addressed to some degree within Microsoft's core exams, but the security exams dig deeper, Truax said.
Microsoft said candidates for its latest exam would work in Windows 2000 and Active Directory environments. Client computers can range from Windows NT 4.0 to Windows 2000 Professional and Windows XP Professional.
Each candidate should also have one year of experience administering security and network infrastructures in an enterprise that supports 200 to 26,000 users, has five to 150 physical locations, and includes LAN, WAN and wireless networks.
Microsoft developed its exam content with input from some of its customers, so the test is not focused entirely on the product. It addresses regular workday situations as well.
Truax said that in a second focus group session held just recently, IT administrators continued to provide feedback. One item still being discussed is how to identify the individual who has received the special security specification. All agree that those who are certified in Microsoft security should already be certified as Microsoft Certified System Engineers (MCSE) or Microsoft Certified System Administrators (MCSA).
"They did not want us to come out with a separate security credential," Truax said.
Once the exam is complete, the certification team will shift its focus to the .NET Server 2003 platform, though the scope of the security track for .NET is still incomplete, he said. The .NET Server 2003 exams will begin their trials next spring. The MCSA credential will be available in the summer, and the MCSE will be available in the fall.
IT executives warn that knowing how to secure the operating system is crucial, but it's just a small piece of the picture. "If you design your enterprise correctly, you shouldn't have to worry about the operating system," said the CFF's August.