Typically, when you think certification, you think of a product line. But Symantec has taken a different slant with its new, vendor-neutral security certification program.
Instead of focusing on product-specific certifications on, say, Symantec Antivirus Gateway Solution, Symantec Corp.‘s partners are being required to earn certification on general security skills.
“No single product in security is going to solve all customer issues,” said Graeme Johnston, Symantec’s senior director of global learning and certification.
Instead, Symantec is building its certification program around three vendor-neutral certifications. These are CompTIA’s Security+; the SANS GIAC (Global Information Assurance Certification); and ISC2’s CISSP (Certified Information Systems Security Professional) certifications. “These are used to prove a partner’s core security competency,” Johnston said.
On top of these, Symantec uses four solutions exams based on the Symantec security product families. The exams cover virus protection and client security, intrusion protection, security management, and firewall and integrated security appliances using Symantec products.
Depending on the given combination of vendor-neutral certification and solutions exam, you can earn one of three Symantec certifications. This trio of certifications starts with the SCTA (Symantec Certified Technology Architect), which focuses on a single security segment and how to design, plan, deploy and manage effective security solutions for it.
Next is the SCSE (Symantec Certified Security Engineer). Holders of this certification focus on a single security segment and the implementation and in-depth management of solutions in that segment. Finally, the SCSP (Symantec Certified Security Practitioner) is a senior security consultant who demonstrates in-depth knowledge and expertise across two security segments.
Johnston said Symantec has been making this change for more than a year since the security giant decided it needed certifications that “reflected how the security business was evolving. Security is a complex environment that uses a slew of technologies. No one vendor, not Symantec, can deliver all the pieces.”
After shifting away from its older, product-specific model, Symantec is focusing on vendor-neutral certifications and how its partners can take general security knowledge and use it to integrate Symantec products into security solutions.
According to Johnston, Symantec has made “a program that’s not so much easier to pass but easier to navigate. Security is really about policy, procedures and people. If you don’t have the right ones in place, then no amount of technology will protect people today. And our partners reflect that in the services they’re providing their customers, and we’re doing that with our certifications.”
But do the partners find it easier—or more to the point, useful—in getting customers?
Gary Cannon, president of Colorado Springs, Colo.-based Advanced Internet Security Inc. and a longtime Symantec partner, said he finds that while “it is somewhat easier to become certified and to gain access to rebates, the new certifications still require fairly deep knowledge of Symantec’s products.”
While Cannon said he thinks that, in particular, the SANS GIAC provides a good grounding in a technology, he finds that the new exams in general rely more on book knowledge than on hands-on expertise. Still, he noted, “few certification programs, with the exception of some of the Cisco ones, do.” Still, he said the new Symantec certifications “provide a good foundation.”
Cannon also has an issue with the new certifications because they add “another level of training, cost and time” to the certification process. But because Symantec offers free or low-priced classes and tests, “it’s more time-consuming than expensive.”
As for the bottom line, Cannon said he has found that “having the certification is an extra check mark, especially when marketing to new customers.”
Beyond the certification, Symantec’s channel partner program, which depends in part on the certification, has led to Cannon’s company acquiring new customers.
In particular, Cannon said he’s finding that customers want better perimeter defenses. “We’re seeing much more interest in intrusion detection and gateway filtering. Sales and proposals have increased dramatically over the past six months.”
While the Symantec certification and partnership help get the work, what’s been driving the demand has been that customers are now feeling that they “can’t rely on Microsoft to solve their security problems in a timely fashion, so customers are looking to protect themselves.”
Check out eWEEK.com’s Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: 
