Issue #12 October 2005

Red Hat Speaks: Announcing Red Hat Certified Security Specialist (RHCSS)

Red Hat has long attracted industry notice through its use of live system, performance-based testing in its Red Hat Certified Technician (RHCT) and Red Hat Certified Engineer (RHCE) certification programs. Now, Red Hat is adding a first-of-its-kind performance-based security certification to its fold: The Red Hat Certified Security Specialist (RHCSS). Red Hat Magazine recently sat down with Randy Russell, Director of Certifications and Curriculum for Red Hat's Global Learning Services to learn more.

RHM: What is Red Hat Certified Security Specialist (RHCSS)?
Red Hat Certified Security Specialist (RHCSS) is a new security credential that proves advanced skills to meet the security requirements of today's enterprise environment. An RHCSS has RHCE security knowledge plus has passed three Endorsement exams proving specialized skills in using Red Hat Enterprise Linux, Red Hat Directory Server and SELinux to meet the security requirements of today's enterprise environment. RHCSS is Red Hat's fourth certification, the only one of its kind in Linux.
RHM: Why is Red Hat releasing this new certification?
Unfortunately, the unfriendly world is getting unfriendlier, and the stakes are getting higher. Government agencies, particularly those involved in defense, must contend with the real and present threat of cyber-terrorism, sabotage and espionage. Businesses must be on guard for professional intruders who are interested in stealing credit card accounts on the Web store, or other company-confidential information. More troubling still are internal security breaches. The computers, networks and Internet access that have made workers more productive have also given the disgruntled or wayward employee new ways to seek revenge and new temptations for misbehavior. Putting up firewalls to guard against outsiders while leaving internal networks and systems wide open is simply naíve.
In the face of such security risks, organizations look increasingly to security certification of their IT personnel to determine who is qualified for the tasks of protecting networks and systems. General certifications like CISSP, which concentrates on security policies, partially meet the need for such credentials. However, there is a need for security certifications that focus on technical implementation, rather than policy or theory. And what better to establish the ability to implement security measures than a performance-based technical certification—one that can only be earned if the candidate successfully performs those tasks on a live system?
RHM: How does one attain RHCSS?
As with RHCA, one must first earn RHCE in order to take the endorsement exams required for RHCSS. One must then take and pass the following endorsement exams:
EX333 Enterprise Network Services Security
EX423 Enterprise Directory Services and Authentication
EX429 SELinux Policy Administration
As with RHCA, Red Hat supports candidates for these endorsements with courses that provide intensive, hands-on training covering the skills tested. RHCSS builds on the solid foundation of RHCE. It shares common ground with RHCA. Both credentials require the Enterprise Network Services Security (EX333) and the Enterprise Directory Services and Authentication (EX423) endorsements. RHCSS additionally requires the SELinux Policy Administration endorsement (EX429), discussed below. Flexibility is the key to Red Hat's approach. An RHCE can elect to earn only one or two of these endorsements, and each is meaningful on its own. It is always up to individuals and their employers or customers to determine the right mix for them and whether full certification as an RHCSS is a goal. Candidates who earn all three endorsements earn the privilege of calling themselves Red Hat Certified Security Specialists and have conclusively demonstrated a deep, comprehensive set of security skills.
RHM: what are the pre-requisites for the courses in this program?
The three RHCSS-track courses presume skills at the RHCE level, and only RHCEs are eligible to take the three endorsement exams required for this certification. Of these five, two test security-related skills: EX333 Security: Network Services, EX423 Directory Services and Authentication, and EX429 SELinux Policy Administration.
Those without RHCE cannot take the three Endorsement Exams but are still welcome to register for the courses themselves. However, because these courses are upper-level Linux courses, we strongly recommend RHCE or equivalent skills.
RHM: Why is RHCSS valuable?
Everywhere there are daily reminders that a networked world brings us into contact with the best and the worst that the world has to offer. Today's organizations must counter the ingenuity and determination of criminals and pranksters with equal ingenuity and determination. The increasingly complex world of IT security requires reliable measures of technical qualifications so that organizations can identify the people who are qualified to implement security solutions. Security certifications from Red Hat separate proven security specialists from those who just decide to print up a "security specialist" business card.
Learn more about RHCSS.