Security Plus

    
Wendy Walden:           Today we're talking about IT security for professionals and in particular we're talking about Security Plus and CISSP programs. Joining me today is West Goewey. West is a certified security professional and is also an instructor of several security programs at the Buck Mickel Center. Welcome West.
           
West Goewey:                     Thanks.
           
Wendy Walden:            How are you?
           
West Goewey:                     Fine.
           
Wendy Walden:            Great, West before we start talking about CISSP and Security Plus let's first talk about the urgency or the need to have security training for a corporation.
           
West Goewey:                     Well security should be a part of a main goal for corporations, I mean every day in the newspaper you read about some kind of security breach. Whether like with the VA, military, data intrusion, credit cards. So it's happening at every level. And whether you're a small, medium, or large business you could be under attack.
           

Wendy Walden:           Especially in light of the 9/11 terrorist attack. We're finding that it's sort of, or expanded the horizon if you will, or enhanced the awareness of companies to be more safe with their intelligence, if you will. Correct, would you agree. Explain what Security Plus training is.
           
West Goewey:                     Security Plus training is actually an industry standard there is an organization COMPTEA (1:20.538), what COMPTEA does is set levels of expectation among common based levels of security and then bases their courses of that to give you knowledge within those domains.
           
Wendy Walden:           Okay, and what are some of the topics that are covered within this...
           
West Goewey:                     The different topics would be: physical security, you know buildings, etc. That could be even up to wiring. The fire systems; crypto, dealing with encryption. There's access control, which deals with pass words and things along that line different ways the secure systems, telecommunications and inner operability among systems and how they communicate, law and ethics, business continuity. In other words if a business is attacked or goes down like by fire how do you keep going. You know whether you are small or large. And we have security models. We learn the different types of security models that operating systems are based off of, whether military or like Microsoft, application development security, and then just security policies. What do companies need as far as policies to operate, to meet due care and due diligence with law and ethics. And it can be different depending on what standards they must meet and what type of business they are. They might have state laws, federal laws, or regulatory depending on their business.
           
Wendy Walden:           Great, now who would be a good candidate for this course.
           
West Goewey:                     Every one really is a good candidate. What security actually comes down to each individual that has access to a phone and a computer and to data. So it comes right down to every person needs to be educated. 
           
Wendy Walden:           So if I'm a customer service rep at a corporation or company,  would I need this particular training? Or is this more geared for somebody that's more in an IT role?
           
West Goewey:                     Really, it's geared for everybody, because the problem that you see in discussing with security professionals, what you hear them talking about is the education among users. Because the more they're educated the more they can look out for. Every person is a human firewall. So it's, the better the knowledge, you know the more secure you're going to be.
           
Wendy Walden:           Okay, so it sounds like there's a little bit of in this particular curriculum that addresses security for people at different parts of an organization. It may not be just for the IT alone, but it's also for people who may be answering inquires from someone on the outside and responding. It sort of sounds like it prepares them how to answer and what information they should also divulge to outsiders correct?
           
West Goewey:                     Yes, it trains them on particular attacks, such as social engineering, and if you look at most of the major attacks, they are done by you know dumpster diving getting information, people taking their passwords and you know sticking it on the screen, shoulder surfing, all types in fact on of the major cracks into Microsoft was when a friend was able to hook up with, send an email to somebody they knew that had inside access to Microsoft. And so, like I said, each individual is a firewall. So it's made for all levels, I mean management needs to know this because of due diligence, and what's expected because if management is not high security in the training then it just won't happen.
           
Wendy Walden:           What are some career opportunities for someone that has the Security Plus certification?
           
West Goewey:                     It enhances any type of job that you have. And also as more jobs come open in security it enables you to participate in that. The Security Plus is more entry level or just standard, industry standard. Whereas the CISSP is more ISO related to very particular miss documents on what security standards are, you know, at every level.
           
Wendy Walden:           And for someone just entering the security professional field would this be a good starting point for them?
           
West Goewey:                     This would be an excellent starting point.
           
Wendy Walden:           Great.