Robert Hawk has earned a lot of certifications. Forty-four of them, in fact, and counting!
Hawk, the principal consultant at RBH Enterprises in Vancouver, British Columbia, has been delivering information technology and information services solutions since 1994. His certifications – the majority of which are related to technology – include ISC2’s CISSP; CompTIA’s A+, Server+, Network+, I-Net+ and Security+; and Microsoft’s MCP, MCP + Internet and MCSE.
When asked specifically about what motivated him to earn the CompTIA Security+ certification, Hawk explained that security is, for him, more than just a job function.
“For me personally, I have to say that security is a passion of my life,” said Hawk whose small business services include solutions for infrastructure and security, access control, e-commerce, Internet connectivity, remote access connectivity and risk management. “And I wanted to be certified by CompTIA due to the fact that they are technology agnostic and recognized worldwide.”
Hawk recently took some time out of his busy schedule to talk with InfoSec Institute’s Intense School not only about his motivations for targeting CompTIA Security+, but also about how it has helped him on his career path.
Intense School: What are the skills sets required to earn the CompTIA Security+ certification?
Hawk: I am going to answer this question from my own experience, which is also what the CompTIA indicates in regards to Security+ certification. I would say that the knowledge and skills that would be used for the CompTIA A+ certification and the CompTIA Network+ certification are a good place to start. The candidate will also want to be interested in the information technology and information security body of knowledge.
Intense School: What advice would you give to an IS/IT professional who is considering pursuing the CompTIA Security+ certification?
Hawk: I would recommend the CompTIA Security+ certification… and there are multiple paths to achieving the certification. There are classes one can take and there is always the self-study path. I would say that if a person is going to consider self-study, it is advisable to have a computer lab at home or available to them for the purpose of carrying out the technical experiments and procedures. I decided on the self-study path.
Intense School: Are there certain certifications that might make sense to pursue before taking on CompTIA Security+?
Hawk: The knowledge and skills that would be used for the CompTIA A+ certification and the CompTIA Network+ certification are necessary before considering the CompTIA Security+.
Intense School: Are there certain certifications that might make sense to pursue after earning the CompTIA Security+ certification?
Hawk: If a person is interested in strengthening their profile as an information technology or information systems professional, then the certifications from ISACA and…ISC2 are the best way to go. The CISSP certifications are still the top tier in information technology and information systems security. If a person is interested in staying completely technical, which security is not, then they can peruse the CEH or similar.
Intense School: How has the CompTIA Security+ certification helped you on your career path?
Hawk: CompTIA certifications are known worldwide and the organization is vendor neutral. It is a great way to show a grasp of the information technology and information systems body of knowledge.
Intense School: Is there a set path that an IS/IT professional typically takes after earning the CompTIA Security+ certification — or are there many different career options?
Hawk: I think there is not a set path. I have seen people come to information technology and information systems security from different paths. I was a private investigator and security consultant before entering information technology infrastructure work for five years and before getting into information security.
Intense School: Is there anything else that you care to add?
Hawk: In my opinion, anyone can become a good information security professional, but the great ones are born with the passion, purpose, personal vision and mission to make it a reality. As well, I like information technology and information security so much I have been teaching the topic at a local community college — Vancouver Community College — for the last 12 years.
According to the CompTIA website, the CompTIA Security+ certification designates knowledgeable professionals in the field of security.
In its certification exam objectives document, CompTIA notes that passing the CompTIA Security+ exam will show that the successful candidate has the knowledge and skills required to identify risks and participate in risk mitigation activities; provide infrastructure, application, operational and information security assistance; apply security controls to maintain confidentiality, integrity and availability; identify appropriate technologies and products; and operate with an awareness of applicable policies, laws and regulations.
The CompTIA Security+ certification is suited for IT security professionals who have the following:
- * No less than two year expertise in IT administration with a concentration on security.
- * Day-to-day technical information security experience.
- * Broad understanding of security issues and implementation including areas such as network security; compliance and operational security; threats and vulnerabilities; application, data and host security; access control and identity management; and cryptography.
Fortunately, CompTIA has some practice questions on its website to help IT security professionals who are interested in ultimately pursuing the CompTIA Security+ certification. The following are three of the practice questions listed on the site:
Which of the following BEST describes both change and incident management?
a) Incident management is not a valid term in IT, however change management is.
b) Change management is not a valid term in IT, however incident management is.
c) Incident management and change management are interchangeable terms meaning the same thing.
d) Incident management is for unexpected consequences, change management is for planned work.
Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?
d) Password complexity.
Which of the following information types would be considered personally identifiable information?
a) First name and home address.
b) Social security number.
c) Date of birth.
d) Full name, date of birth and address.
According to CompTIA, the exam contains a maximum of 100 questions that come in multiple choice and performance-based forms. The length of the test is one hour and a half, and the passing score is 750 on a scale of 100-900. The exam can be taken in English, Korean, German, Japanese, Portuguese, Simplified Chinese and Traditional Chinese.
After The Test
After completing the requirements for CompTIA Security+ and 43 other certifications, Hawk is finally taking a bit of a hiatus on that front. For close to three years, he’s been grappling with a challenging project and, as such, has postponed his pursuit of certifications.
“I’ve just been doing some maintenance,” he said. “Through the fact that I teach in the evenings, I earn enough CPE credits for the certifications that requires the continuing professional education. A lot of the certifications are ISO17024-compliant, which means that…there’s a mandate to update the certification by having current knowledge through reading, attending conferences, going to classes. And I believe that CompTIA is moving some of their certifications, including Security+, to that same kind of standard.”