Letters to the editor

Following are responses to an FCW.com poll question that asked, "Do you think federal information technology workers should be required to earn a systems security certification?"

Taking Sides on Infosec Certification

In the six years I have been an IT specialist in the federal government, I have seen many positions within IT that have never touched servers or networking equipment. Requiring certification in system security across the board wouldn't be logical.

I am my command's information system security officer, but my role as ISSO gets little attention or support because management doesn't understand the concepts. And now because of the Navy Marine Corps Intranet contract, management wants to shift the entire responsibility to the contractor, EDS.

My opinion is that any IT position that is required to interface with networking equipment or updating patches on servers should be required to have some type of systems security certification. The best — and free — training is with the Defense Information Systems Agency (www.disa.mil). The Operational Information Systems Security course provides a great overview on Defense Department requirements and risk assessment.

Sandra Fox Military Sealift Command

As a network engineer, I have the task of supporting the operations of the Air Force- level network. Recommending, installing and troubleshooting routers and switches are my major daily tasks. Considering my responsibilities, I think earning a security certification should be required.

Our way of engaging in war is far more different than what we saw 40 years ago. We all can agree that information is knowledge and knowledge is power. The war that is upon us now is the war on information.

I've attended an Air Force course called the Information Warfare Applications Course. The course is designed for federal employees and military personnel to discuss ways to identify and protect against information warfare. It really opened my eyes as to what measures are needed to help defend against terrorism.

Cyberattacks are today's new form of terrorism. Every day, terrorists are probing key systems to find out how we operate as a country. As IT professionals, we need to know what we can do to fight against this new form of terrorism.

Depending on your specialty, there are numerous security certification tracks an individual can pursue. Systems administrators, database administrators, network engineers, etc., all now have a security certification track implemented in their training packages.

Vendors such as Microsoft Corp., Cisco Systems Inc., IBM Corp. and others realize that a secured network is a healthy network. And because they realize the importance of security, they are changing the way they train.

A security certification can boost an individual's career path. Employers are always looking for someone with credentials dealing with security because they want to run a secure network to help prevent against cyberattacks.

I strongly support earning a security certification. Obtaining this certification makes an individual more valuable to an organization. A security certification illustrates that you have the knowledge and skills to secure a computer network environment.

Currently, I do not have a security certification, but I have made a decision to obtain one. I figure a security certification would put me in the driver's seat to help others defend our country against terrorism.

Cedric Jenkins Air Force

I do not think federal IT workers should be required to earn a systems security certification because of the speed at which risks, threats and vulnerabilities change. Certification of individuals who will not be tasked with staying up with the changing issues may well create a false sense of security and competency level.

This negative impact also would put a liability factor where it should not exist, with personnel showing an ability to address security but having varying competency levels depending on the latest program they have attended or incident they have participated in addressing.

Further, integration of technical and physical security issues and the human factors involved in information security make integration a must. Trying to do that and maintain an efficient network, for example, is not realistic.

We hear all too often from chief information officers that "our system is secure" when it is not. We ask how they know. They respond that staff told them so.

CIOs and chief security officers cannot rely on "certified" personnel whose primary responsibilities center around operations and not security.

Richard Jones M2000/IS


We welcome your comments. To send a letter to the editor, use this form.

Please check out the archive of Letters to the Editor for fellow readers' comments.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.