A Tech Trainer Discovers the Security Essentials Certificate
More than a decade ago, while preparing to take my very first technology certification exam (the LPIC-1, as it happened), I learned something new about the entire certification process. Now, I was no stranger to the education world at that point: I'd been a high school teacher and administrator for the previous twenty years. But slowly working through the long list of Linux administration objectives made me realize that all the hard work was less about the exam and more about making sure I was competent in the skills and tools I'd need as a Linux admin.
IT professionals are often responsible for protecting millions of dollars of equipment and critical business processes. Keeping ahead of all the nasty things that are waiting to land is hard enough for even the best of admins. But where are "the best of admins" supposed to learn their trade? I'm aware of no college specializations or even boot camps that teach IT administration. You could learn the skills you'll need through the painful experience of recovering from expensive mistakes. Or you can work through a well-designed certification curriculum, which is what LPI offers.
When I agreed to write the Wiley/Sybex book "The LPI Security Essentials Study Guide" along with my "Complete LPI Security Essentials Exam Study Guide" course on Udemy, I'll admit that I initially had questions about the exam objectives:
- If the primary target candidates were technology consumers rather than administrators, why were they expected to understand relatively complex topics like specific encryption algorithms or TCP/IP addressing?
- Why were some critical hands-on security skills (such as event log analysis) missing from the objectives?
- What would people be able to do with the certificate? I ascertained that there wasn't enough deeply technical content in the Essentials certificate to fully prepare a candidate for a career in IT security.
As I worked through the objectives in the process of building my own book and course content, I developed an answer to my first question about complex topics along with a better sense of the exceptional value the certificate offers. There are a thousand ways that our personal data, smartphones, laptops, online accounts, and identities can be compromised. Without at least a basic understanding of each threat category, how will we even identify the signs of an attack? There are all kinds of tools - many of them available for free - we can use to protect ourselves. But without at least some familiarity with their functioning, we’re not likely to know when (and how) to adopt them.
Some topics - such as encryption technologies in WiFi networks, web browsers, and email clients - just can't be overly simplified without losing sight of the point. After thinking it through, I’ve decided that the objectives did a great job finding the right balance for their target audience. Sure, understanding the differences between the RSA and AES algorithms can feel a bit too far down the rabbit hole. But there are perfectly practical applications.
What about the missing information needed by administrators? The LPI Security Essentials was definitely not designed to produce IT security professionals, but it could guide candidates through their first steps toward that goal if they decided it made sense for them. In fact, the objectives do a great job lightly covering a very wide range of relevant topics in case any of them comes up in your daily activities. That's not unlike the way the LPIC Linux administration objectives cover some tools that I've never encountered in my years as an admin. But I can tell you that I definitely appreciated knowing about the tools that I did end up using.
So now more than ever I'm convinced that a well-designed set of objectives is worth the time and expense involved in getting yourself to the exam. The certificate you get after completing the exam is just icing on the cake. And I'm confident telling you that the LPI Security Essentials is in fact, well-designed.