The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Is CompTIA's InfoSec Push a Positive for IT?

The leading IT industry association is expanding the breadth of its security certification portfolio. Adding further acronyms and plus-rated nouns, help however, raises a variety of problems.

Man and woman discussing over laptopInformation security is an industry mouthful that refers to all of the below:


● A thriving IT job category
● A professional discipline that combines tech savvy with an advanced understanding of human behavior
● An ongoing concern that currently dominates every conversation about computing and information systems


It’s no wonder that InfoSec-related vendors and industry organizations have seen a generous uptick of interest in their training and certification programs in recent years.


CompTIA has been particularly active in this area, having created Security+ and its Advanced Security Practitioner (CASP) certifications. Now CompTIA has released a new InfoSec certification, and has another one in the works.


The Social Media Security Professional (SMSP) credential is actually a joint effort between CompTIA and the Ultimate Knowledge Institute (UKI), an IT training company based in California. UKI offers certification training for numerous IT vendor and industry association programs, including certifications from Microsoft, Cisco, EC Council, ISACA, and Red Hat.


UKI is currently developing two other social media security certifications to exist alongside the SMSP. These two new certifications are the Social Media Engineering & Forensics Professional (SMEFP), and Social Media Management & Governance Professional (SMMGP) credentials. For now, it appears that the SMSP is the only certification that UKI and CompTIA will be partnered on.


The SMSP certification is clearly aimed at corporations and governments who have had to embrace the use of social media sites and apps in order to stay relevant to modern clients and customers. When Facebook and Twitter hacks occur, while they are often more embarrassing than compromising, they receive the same level of media coverage as far more severe cybercrimes. This level of scrutiny has made social media security a priority for corporations, celebrities, and all levels of government.


That said, is having an IT industry credential based entirely on social media security actually necessary? The subject is certainly worthy of coverage in a larger information security training program, for example. Aside from the unique audience interactions and use incidents specific to social media sites and apps, however, the case could be made that social media security should be encompassed by any worthwhile InfoSec certification program.


To earn the SMSP certification, candidates can take Ultimate Knowledge Institute’s official SMSP training course and then pass the related exam. Or an individual can challenge the exam without the official training, provided he or she can show proof of at least one year of professional experience.


It will take time to see if the CompTIA/UKI partnership on the SMSP credential will gain traction in the increasingly crowded InfoSec certification marketplace.


CompTIA isn’t just sitting around and waiting for that news to come in, however — the group already has another security-related certification under development: the Cybersecurity Analyst+ credential. The beta exam period for this certification began on June 30, and the launch of the official exam is expected to hit during the first quarter of 2017.


As with the Security+ and CASP exams, candidates attempting the Cybersecurity Analyst+ exam must be prepared to perform hands-on simulations which CompTIA refers to as “performance-based” questions. The analysis of the Cybersecurity Analyst+ beta exam results will be used to refine the final exam objectives and question pool for the production version of the exam.


Leaving aside the SMSP, the launch of Cybersecurity Analyst+ will give CompTIA three dedicated InfoSec certifications. A fair question for candidates to ask is: what differentiates these three certifications from each other?


CompTIA offers something of an answer on the Cybersecurity Analyst+ certification web page, where the three certifications are placed in the following path based on the recommended number of years of professional InfoSec experience:


Security+ (2 years) > Cybersecurity Analyst+ (2-3 years) > CASP (5-10 years)


This summary of CompTIA’s perceived difficulty level for these three InfoSec credentials does give candidates a partial baseline for selecting the certification most relevant to them. Is this really enough, however, to make an educated choice?