In the wake of the Code Red worm, some experts have voiced the opinion that the Windows MCSE is light on security. While I can't dispute the relative lack of security coverage in the required core exams (70-210, 70-215, 70-216, and 70-217), there are two exams on the Windows 2000 MCSE track that cover most of the important security bases pretty well:
Given the overall requirements for obtaining a Windows MCSE these days, pursuing this approach to the MCSE curriculum shows a profound interest in (or bias toward) security matters. Ironically, it's also entirely possible -- and statistics on exams indicate highly likely as well -- that somebody could upgrade an existing MCSE or obtain a new one without taking either or both of these exams. That said, between these two exams, the most important Win2k technical security topics are covered.
The 70-220 exam deals with the broad range of internal corporate security issues and design topics, among them:
The 70-227 addresses an equally broad range of security issues and design topics, but focuses on the peripheries or "security boundaries" between organizational units and the outside world via the Internet. Topics include:
In addition, this exam also covers Internet acceleration topics, such as those related to high availability options (clustering and load balancing) and cache management that do not have direct security implications.
Between these two exams, MCSE candidates can glean important aspects of designing, implementing, configuring, managing and troubleshooting their organization's security infrastructure. But if they want to get up-to-speed for a full-fledged security certification like CISSP, SANS-GIAC, or ICSA, they'll also need to bone up on:
For generalist MCSE, however, the 70-220 and 70-227 combo does a pretty good job preparing candidates for key technical security issues like access control, disaster recovery, operations security, telecommunications, network security and general security architectures.
Though MCSEs aren't yet required to master these topics, they certainly have the opportunity to do so within the current MCSE framework. Whether these optional elements will ever become required -- or if required elements start to include more security coverage -- is anybody's guess. But recent events and the growing concern for security demonstrate that one or the other scenario is increasingly likely and warranted.
Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 30 certification-related books on Microsoft, Novell, and Sun related topics.
This was first published in September 2001