Blog Date: 5/21/2010
Author: Ray Coulombe
A topic that has gained significant attention in this industry has been that of training and certifying those who design, sell and install IP-based physical security solutions. In my opinion, IT companies have largely missed the boat on this issue. Where they have had the opportunity to take the industry by the hand to lead it to the IP Promised Land, they have instead relied on already-established programs, providers and certifications targeted at the IT professional. Thus, the industryâ€™s migration to this technology is happening in a disorganized, unstructured manner, with many left wondering the proper path for learning and skills validation.
While IT equipment and training suppliers can point to a host of IT certification programs and training programs in existence, these programs do not serve many of the immediate needs of the physical security industry. Industry sales and technical people need to become functional in the technology as applied to this industry, while seeing the migration path into broader IT certifications. Letâ€™s look at several key questions:
- What do people need to know? Focus should be on three areas â€” network fundamentals, network and data security, and network storage. Why these three? Network fundamentals is an obvious one, where fundamental concepts are applied to physical security devices. Network and data security gets right to the heart of the intersection of physical security and IT, where both sides have the concern, â€œNot on my network!â€ This is a bi-lateral concern in that non-secure physical security devices and applications represent a vulnerability when part of a broader network; and so too does an unsecured network infrastructure bring vulnerabilities to the physical security network. Given these issues, we all need to think of â€œsecurityâ€ in holistic terms, with physical, data and network elements. Network storage is on my list because it is such a major factor in terms of system cost and performance. Storage costs per TB, supported by ongoing improvements in video compression, continue their long-term downward trend. Which storage technology is right and how it is implemented are key questions. Physical security designers need to help drive this bus.
- How do security practitioners reach a level of proficiency? If one looks at a course catalog covering IT programs, the array of choices is mind-numbing. However, these programs will lead to meaningful certifications, recognized by the IT industry. For many, the cost, time and sheer volume of information to achieve these certifications are daunting and demotivating, particularly right out of the gate where people do not fully know what they need to. So the other available choices for learning are self-study, security vendor training and industry-specific emerging training and certification programs.
- Whatâ€™s available now? For the IT certifications, the broadest array with which I am familiar comes from CompTIA and Cisco. For the areas mentioned above, CompTIA offers Network+ and Security+, which are not vendor-specific. Cisco offers Cisco Certified Entry Networking Technician (CCENT), Cisco Certified Network Associate (CCNA) and CCNA Security. In addition, isc2 offers the well-accepted CISSP certification for network security. Other IT vendors offer their own training and credentials. In the middle, the Electronic Security Networking Technician (ESNT) certification, sanctioned by the Electronic Technicians Association (ETA) was specifically designed to address the needs of the physical security industry. Training for the ESNT is available through Slayton Solutions, PSA and ADI.
- Where are the gaps, and how will they get addressed? My opinion is that there is adequate content available for people in this industry to get the IT knowledge they require. The ESNT is a great first-level credential â€” one which should not cause security executives to lose sleep for fear of losing their newly certified technician. It is also a branching-off point to pursue those more IT-centric certifications, which are better recognized by IT departments. The gaps I see are in the organizational area, where our leading organizations â€” the Security Industry Association (SIA) and ASIS â€” have the opportunity to assume leadership by embracing, endorsing and promoting an IT certification path for physical security professionals. Perhaps this action would further stimulate the IT community to pay more attention to our industryâ€™s needs. As one example, learning providers could incorporate physical security devices into their network training to supplement the programming of switches and routers.
Link to Complete Article as it appeared in Security Technology Executive Magazine