Tech Trends: Raising the Cybersecurity Bar
This article originally appeared in the March 2022 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.
Over the years, most security consultants and designers have slowly increased their awareness of cybersecurity vulnerabilities as an existential threat. The prevalence of topics pertaining to cybersecurity issues at trade shows, the availability of cyber-related training materials, and the engagement of manufacturers on device hardening all evidence this gradual shift.
Many industry professionals have sought formal certification through CompTIA, Cisco or others as a way of bolstering their resume; however, one challenge with those certifications is their scope – most cybersecurity industry certifications have been developed for trained networking experts. As a result, the course material is both broad and deep, and many seeking those certifications have found them to be difficult to obtain without a formal networking background.
In 2021, the Security Industry Association (SIA), recognizing the importance of industry-focused cybersecurity training and competency, launched the Security Industry Cybersecurity Certification (SICC). The intent of the SICC was to narrow its focus to what is specifically relevant to the security industry, and make the credential attainable for consultants, manufacturers and integrators. As the programmers and installers of network-connected security devices, integrators are a particularly impactful stakeholder that have much to gain from the baseline level of cyber training provided through the SICC certification process.
Inside the Creation of the Certification
I served as part of the committee that wrote the exam, and we ensured that every test question was both relevant to the security industry and that there was a reasonable expectation that a cyber-focused field technician should possess the knowledge.
“The need for a cybersecurity certification for physical security systems technicians and installers was observed by a few key industrystakeholders, including executive leaders at SIA, PSA Security Network and SecuritySpecifiers,” says Elli Voorhees, SIA’s Director of Learning and Development, describing the genesis of the SICC credential. “It was noted by Ray Coulombe, who was instrumental to the inception and development of the program, that individuals who work with network-connected low-voltage/electronic security equipment need to have a fundamental understanding of cybersecurity principles and best practices to ensure that system installations are performed securely,” she says.
“Based on this initial feedback, SIA conducted an industry needs assessment and confirmed that there was, in fact, a recognized cybersecurity knowledge gap among technicians, installers and similar professionals who are responsible for integrating technology solutions,” Voorhees adds. “The results of the assessment indicated that developing a cybersecurity certification focused on physical security systems would help to bolster cybersecurity awareness and set an industry standard for installing companies while also reducing potential cyber risk exposure and proving customers with additional quality assurance.”
SICC Gaining Momentum
As with any certification, adoption is critical to create a network effect (pun intended) that enhances its awareness and credibility. The first group of security professionals to pilot the program and its beta exam form were members of PSA Security Network.
“Since the SICC’s official launch in June 2021, the integrator community has been very receptive to the certification program,” Voorhees reports. “We currently have more than 70 SICC credential holders representing large to small and mid-sized integrator companies, as well as several industry-leading manufacturers and consulting firms.”
Many other firms are in the process of training their technicians to sit for the exam. As part of the SICC awareness campaign, SIA and PSA note that they are laying the groundwork for manufacturers to require certification for integrators to install their equipment, and for consultants to include SICC as a qualification requirement in their Division 28 specifications.
“With the SICC being new, in the near-term companies who certify their employees stand to gain a competitive edge over other integrators who are not certified,” explains Anthony Berticelli, VP of Operations for PSA. “Building trust is important in business. If an end-user trusts that your team has the knowledge and skills to keep them safe from additional cyber-risk, there is a clear advantage. As the certification grows, having a baseline of cyber knowledge not only limits risk, but hopefully it also becomes the minimum expectation for anyone who touches network devices,” he says.
“If we can help to eliminate risk and add multiple layers of security, the integrator becomes even more valuable to the client and the manufacturer,” Berticelli adds. “Because of the increased protection this knowledge can provide, the integrator, end-user and manufacturer all benefit from employees being SICC certified.”
SICC Resources
For firms looking to certify their employees, SIA and PSA have partnered on developing educational resources. A formal review course is scheduled to be released in May, which will cover the SICC Exam Blueprint and help individuals assess their readiness to take the exam.
Training courses are also available through past and upcoming SIAcademy LIVE! Courses that will be available at conference sessions during ISC West, PSA TEC, and other industry events.
While the goal is to develop and maintain a critical mass of SICC-credentialed professionals, these educational resources would be valuable for anyone looking to enhance their cyber-awareness.
“In today’s connected world, it is essential to have a baseline cybersecurity skillset for security professionals,” Voorhees says. “By design, that is exactly what an assessment-based certification program like the SICC does. It raises the bar by establishing a minimum competency requirement.”
A Personal Note
I am sad to say that this will be my last Tech Trends article, as I will be moving to a different part of the security industry. It has been a pleasure writing for this publication, and I thank the Endeavor Business Media team for their wonderful collaboration over the past few years.
Brian Coulombe can be reached through Linkedin at www.linkedin.com/in/brian-coulombe.