A New Cybersecurity Certification for Integrators

June 14, 2021
The Security Industry Cybersecurity Certification (SICC) seeks to help identify industry professionals with high competence in physical, cyber and information security
This article originally appeared in the June 2021 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.

Last month, the Security Industry Association (SIA) unveiled its newest certification offering, the Security Industry Cybersecurity Certification (SICC) – the first-ever credential focused specifically on the convergence of physical security and cybersecurity.

The SICC was developed with support from PSA Security Network and Security Specifiers to help the industry better address the growing cybersecurity threats in today’s connected world. More specifically, it is designed to help customers identify whether the individuals installing, supporting, and even operating their security solutions know how to do so in a cyber-secure manner.

“The value [of having an industry-specific cybersecurity certification] lies in having an independent third party validate a person’s cybersecurity knowledge as it applies to physical security systems,” explains security consultant Michael Bendis, associate partner at Syska Hennessy Group. “A certification like the SICC enables security directors and others to conduct their own due diligence in selecting a vendor and provides a level of confidence in their selection process.”

Quick Look: The New SICC

What It Is: The Security Industry Cybersecurity Certification (SICC) launched in May and is designed to be earned by integrators, technicians, consultants and solution developers who can prove their cybersecurity skills.

SIA’s Take: Most previous cybersecurity certifications were designed for full-time cybersecurity professionals and/or IT systems administrators, but SIA’s new certification hits the sweet spot for integrators who want to prove their cybersecurity expertise to customers.

Website: www.securityindustry.org/sicc

According to Bendis, certifications also help security specifiers and consultants evaluate proposals, and holding a credential like the SICC would give an integrator a leg up on competitors during selection.

“Specifiers/consultants do require integrators and vendors to be certified on the systems they are being asked to install, and lack of certifications is a definite disqualifier,” Bendis says. “Integrators and vendors who possess certifications like the SICC demonstrate that they have the cybersecurity skills/knowledge on physical security systems, which provides clear advantage over others that do not during the selection process of a competitive bid. I would not be surprised if certifications like the SICC become a standard requirement for vendors to bid on and perform any physical security system work.”

Security technology has advanced dramatically from peak-to-peak analog and RS-232 connections, and today’s security technicians must have a thorough understanding of TCP/IP and UDP connectivity and information security principles, says Pierre Trapanese, Chair of SIA’s Board of Directors and CEO of Northland Controls, adding that endpoint devices have “matured from simple plug-and-play to complex devices” and that a typical IP camera today has more than 1,000 variables that need to be configured.

“Simply understanding connectivity is no longer enough,” Trapanese says. “Devices must be hardened

to protect themselves and the network – from best practices such as disabling unused protocols and strong password management, up to full-blown certificate authentication such as 802.1x. A modern security technician no longer terminates a device and walks away. It is typical to spend as much time configuring a device as terminating and installing it. SIA’s co-development of and support for the SICC is welcome news for all of us in the industry.”

“The interconnected nature of technology security solutions and IoT devices creates an imminent need for a certification program focused on physical, electronic and cyber/IT security system convergence,” says Dr. Elli Voorhees, Director of Learning and Development at SIA. “For several years, SIA and our partners at PSA and Security Specifiers have recognized that a personnel assessment program was becoming necessary to ensure that individuals responsible for the secure installation, networking and configuration of these systems are qualified to perform cybersecurity-related work associated with security system installation and maintenance.”

Earning the credential will “enable security professionals to outwardly demonstrate their competence and mastery of skill in cyber-physical systems by maintaining cross-functional awareness of cybersecurity threats in order to mitigate risk and protect organizational assets,” Voorhees adds. “It is an area that is going to continue to grow in years to come.”

The SICC will help professionals accelerate their careers and build trust with colleagues, partners and clients by validating the skills required to support technical security installations according to industry best practices for electronic security and cybersecurity and aligning with clients’ organizational priorities and business objectives.

“A strong knowledge of cybersecurity is of the utmost importance for security integrators today and will only increase as time goes on,” says Matt Barnette, CEO of PSA Security Network. “As cybersecurity rapidly evolves, the resources for integrators to add this skill set to their teams has been a challenge. The SICC certification will help bridge this gap and give security integrators a competitive edge both with existing end users and in pursuing new business.”

In the evolving cyber landscape, in which cyberattacks are more prevalent and sophisticated, it is

increasingly important for the security industry to take the precautions necessary to mitigate threats and make it more difficult for malicious actors to target physical security systems. The SICC was developed to equip security professionals with the knowledge of fundamental cybersecurity concepts needed to minimize cyber risk.

“Generally, we have seen a concerted effort by many security product manufacturers to implement controls in their solutions to address common cybersecurity vulnerabilities; however, the last mile – the configuration and maintenance of these controls in the integration process – proves to be a stumbling point,” says Joe Gittens, Director of Standards at SIA. “The SICC provides a fundamental and common understanding of cybersecurity principles among the security integration community and will improve the resiliency of the entire industry. Integrators with the SICC credential will make more informed decisions, will be qualified to work with converged security teams confidently and can deliver that ounce of cybersecurity prevention that goes a long way toward mitigating the industry’s exposure to wide net attacks.”

Who Should Apply for Certification?

The SICC was created for security systems integrators, manufacturers, consultants and other related industry professionals who are responsible for technically supporting the installation, networking, configuration and/or specification of electronic security/low-voltage technology devices.

The certification program is intended for security industry professionals in roles such as lead/senior service technicians and installers, technical project managers, security systems designers, technical support engineers, security specifiers and consultants, IT and cybersecurity managers, chief technology officers, network administrators and product managers.

“The new SICC was born out of the recognition that the security of installed systems depends on the

knowledge and qualifications of those who install and configure them,” says Ray Coulombe, founder and managing director of Security Specifiers. “This certification is an important step in the provisioning of cyber-secure systems.”

To earn the SICC credential, individuals must apply and take a certification exam. Each applicant is required to have a minimum of two years of experience directly related to or technically supporting the installation, networking, configuration and/or specifying of electronic security/low-voltage technology devices.

Applications will be accepted to test for the SICC credential beginning Tuesday, June 1.

Kara Klein is Manager of Communications for the Security Industry Association (SIA). Learn more about SICC at www.securityindustry.org/sicc.

About the Author

Kara Klein

Kara Klein is Manager of Communications for the Security Industry Association (SIA). Learn more about SICC at www.securityindustry.org/sicc