
Vendor/Industry Certifications
and a College Degree:
A Proposed Concentration for
Network Infrastructure

Dr. Garry L. White
gw06@txstate.edu
Department of Computer Information Systems
Texas State University – San Marcos
San Marcos, Texas 78666, USA

Abstract
This paper proposes a network infrastructure four-year degree curriculum based on industry/vendor certifications. The author argues that such a curriculum will meet industry standards and needs. And the academic department will have a valid method of assessment. An employer will be provided high caliber entry level candidates. And the college degreed student wins since he/she will be more marketable for entry level technical positions, plus have the potential to be promoted to management level positions.
Keywords: CCNA, CCNP, certifications, CISSP, CompTIA, curriculum, Microsoft MCP, Network+, Security+


1.   INTRODUCTION
Today, companies are demanding certifications (Schlichting & Mason, 2005; Venator, 2005; Hoffman, 2005).  Certifications such as MCSE, CNE, Network+, and Security+, in the computer industry are becoming as marketable as college degrees. Information Technology (IT) managers do hire certified workers who lack college degrees (Gilhooly, 2001).  This is because industry prefers specific talent (Bolan, 2001). Knowing how to use an IT tool is critical for an entry level position.  Certifications provide a valid assessment of these specific abilities.
Employers view certifications from Microsoft, CISCO, Novell, and Oracle, as strong assets. Certified professionals receive higher salaries (Gilhooly, 2001; Karr, 2001; Musthaler, 2003).  And employers use certifications as a means to compare IT applicants (Schultz, 2002). The certified candidate knows “how” to do a technical job.  Certifications differentiate candidates and make them competitive (Venator, 2005).  Certifications have become a screening tool. Therefore, certifications have become something that is needed in order to be marketable for a technical position (George, 2002).
2.   ACADEMICS AND CERTIFICATIONS
Today, high school graduates are able to be Microsoft and CISCO certified from a two year program (Bolan, 2001). They are then able to become candidates for entry level technical positions. Since employers highly value vendor/industry certifications, when does a college degree become valuable?  As noted earlier in the paper, a certification indicates the candidate knows “how” to do a technical job.  A college degree goes beyond the “how.”  A candidate knows “why” a technical job is done.  The candidate is able to make decisions. However, such a position is usually not an entry level position.  Generally, most entry level positions are technical positions.  After a few years the candidate is promoted to a decision making level position.
To manage a technical department, one must understand the technology. Certifications can open the door to an entry level technical position, while a 4-year college degree can lead to a management position. IT mangers must understand the technology in order to make technical decisions.
Academics do believe that certifications enhance employability of their graduates yet most academic departments fail to prepare their students for certification tests (Schjlichting & Mason, 2004). The reason maybe that these certification tests are too trade school in nature (Schjlichting & Mason, 2005) or there is a lack of understanding the “whys” in order to make decisions.  And vendor programs offer topics at a lower technical level to accommodate all ranges of students (Logan, 2002).
By teaching to the objectives of industry certifications, a curriculum would be addressing the needs of industry. This in turn would also provide a means of assessment for accreditation purposes.  Results of certification exams will show how well the curriculum is meeting industry standards and needs.
3.   PROPOSED CONCENTRATION
The author proposes four courses, based on industry certifications, as a concentration of network infrastructure within a CIS major. The curriculum covers topics that focus on business information technology needs and standards. This curriculum concentration provides depth in network infrastructure for the Information Technology area of the IS2002 curriculum.
Upon completion of these four courses, the student will be able to pursue the Network+, MCP, CCNA, and Security+ certifications. After obtaining these, the student could pursue more advanced certifications such as MCSE, CCNP, and CISSP. These certifications are discussed later in this paper.
The four courses are: 1) data communication/network, 2) local area network administration, 3) wide area network administration, and 4) network security. Each of these courses will prepare a 4-year college graduate as a professional for a career in network infrastructure management. As stated above, such a professional needs to understand the technology used as well as understanding the “whys” for decision making.  These four courses focus on vendor and industry certifications as describe below.  To differentiate these courses from vendor or technical courses, decision-making scenarios would supplement the courses. And the courses would be taught at a higher level.
This curriculum will require qualified instructors and a secured lab. The instructor would be expected to have at least the certification the course is preparing the student for. A more desirable instructor would have the advanced certification such as the CCNP, MCSA, and the CISSP.  For security reasons, the lab is to be a stand-alone network system with switches, routers, and servers.
The first course covers the basic fundamentals as defined by CompTIA, a non-profit Information Technology trade association. The next two courses cover vendor specific technologies. The last course is security as defined by CompTIA.
1) Data Communication/Network, CompTIA’s Network+ Certification
This course is the prerequisite for the other three courses. It gives the basic foundation in data communications and networks for advanced study with LAN, WAN, and security. The CompTIA Network+ certification provides such a basic foundation. It is an international industry credential that is a vendor-neutral certification for networking professionals. It validates the knowledge of networking professionals.
Around 130,000 world wide professionals have obtained this certification.  Microsoft, Novell, Cisco, Compaq, Lotus, and 3Com recognize CompTIA Network+ as part of their certification track. (CompTIA, 2005b; Microsoft, 2005).
It is better to teach in the first course generic technical concepts then to teach a specific vendor’s product. This is because vendor specific certifications fail to provide a foundation so people can evaluate and adapt to new concepts as they emerge (Varhol, 1998). By understanding the basic/generic concepts, it becomes easier and more efficient to learn new and different vendor products. Employers spend less time teaching basic knowledge and more time with vendor-specific training (Anonymous, 2005).
Topics covered in the Network+ exam are (CompTIA, 2005b):
* Media and topologies - such as cable standards, media types and connectors, hubs, switches, routers, gateways, ISDN, and wireless technologies.
* Protocols and standards – such as OSI model, IP/TCP, ports, T1, ISDN, FDDI, packet & circuit switching, internet access technologies, remote access, security protocols.
* Network implementation – such as network operating systems, client workstation, authentication scheme, firewalls, proxy service, VLANs, fault tolerance, and disaster recovery.
* Network support – such as network utilities, troubleshoot, and network services.
2) Local Area Network Administration (LAN), Microsoft’s MCP certification
The second course covers network administration. Since the basics have already been covered in the first course, this course can focus on a vendor specific product for a network system. A Microsoft Certified Professional (MCP) credentials that best fits this course is the Microsoft exam 70-290, Managing and Maintaining a Microsoft Windows Server 2003 Environment. “The Microsoft Certified Professional (MCP) credential is for professionals who have the skills to successfully implement a Microsoft product or technology as part of a business solution in an organization” (Microsoft, 2005b). This exam also provides credit towards MCSA and MCSE (Microsoft, 2005c).
The exam 70-290 evaluates the skills in managing, maintaining and implementing the following network environment skills and topics (Microsoft, 2005c):
* physical and logical devices
* users, computers, groups
* access to resources
* a server environment
* disaster recover
3) Wide Area Network Administration (WAN), Cisco’s CCNA certification
The third course covers wide area network administration.  Again, this course can focus on a vendor WAN specific product. Cisco is such a vendor.  The certifications offered are the Cisco Certified network Associate (CCNA) certification and the Cisco Certified Network Professional (CCNP). The CCNA indicates the ability to install, configure, and operate LAN, WAN, and dial access.  Protocols covered are IP, IGRP, Serial, Frame Relay, IP RIP, VLAN, Ethernet, and Access lists. Specific topics include network types, network media, switching fundamentals, TCP/IP, IP addressing and routing, WAN technologies, IOS devices, and managing network environments (Cisco, 2005b). The CCNA is valid for three years and is a prerequisite for the CCNP Certified Cisco Professional (Cisco, 2005a).
The Cisco Certified Network Professional (CCNP) is the next level of Cisco certification. The CCNP involves more knowledge, advanced networking, and more complex environments (Hilson, 2001). Such a network professional can install, configure, and troubleshoot local and wide area networks for enterprise organizations. The topics covered are security, converged networks, quality of service (QoS), virtual private networks (VPN) and broadband technologies (Cisco, 2005c). An advanced elective follow-up course for the CCNA could cover the CCNP. A course for the CCNP is being offered to 13 Canadian universities, colleges and technical institutions (Hilson, 2001).
4) Network Security, CompTIA Security+ certification
Since the September 11, 2001, attacks, security has become an issue (Messmer, 2004). The forth course covers network security. A certification to consider is the CompTIA Security+ and the Certified Information Systems Security Professional (CISSP®) certification. The Security+ is designed as an entry-level security certification (Rode, 2004). This certification covers topics such as infrastructure security, cryptography, access control, authentication, external attacks, and operational organization security. The Security+ certification was developed with the support of VeriSign, Microsoft, Novell, US Secret Service, and the US FBI. (Gallagher, 2003).
In less then two years 10,000 professionals world-wide become Security+ certified (CompTIA, 2005c; Hoffman, 2005). The 2004 demand for CompTIA’s Security+ certification was 28% to 30% higher than expected (Hoffman, 2005). Sun, McAffee, IBM/Tivoli Software Group, Motorola, and Olympus Security Group recommend or require Security+ of their IT employees (CompTIA, 2005a). It is a good credential to require of general IT staff (Rode, 2004).  And it can be used towards the Microsoft Certified Systems Administrator (MCSA) and Microsoft Certified Systems engineer (MCSE) (Microsoft, 2005).
The CISSP certification covers a higher level of security knowledge (Rode, 2004). It was developed by the International Information Systems Security Certification Consortium, Inc., (ISC)²; a non-profit organization dedicated to certifying industry professionals and practitioners under an international standard with a working and current knowledge of the following 10 domains of the Common Body of Knowledge® ((ISC)2, 2005).
* Access Control Systems and Methodology
* Applications and Systems Development Security
* Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
* Cryptography
* Law, Investigation and Ethics
* Operations Security
* Physical Security
* Security Architecture and Models
* Security Management Practices
* Telecommunications and Network Security
The CISSP certification is designed for computer security professionals.  Since the focus is technical and lacks topics related to business, it has limited use for non-computer business students (Hazari, 2002). An advanced elective follow-up course to the Security+ could cover the CISSP.
4.   SUMMARY
To include industry certification into a curriculum is a win-win deal. The academic department will have a valid method of assessment and be addressing the standards and needs of industry. An employer will be provided high caliber entry level candidates. And the college degreed student wins since he/she will be more job marketable for entry level technical positions, plus have the potential to be promoted to IT management level positions.
5.   REFERENCES
Anonymous (2005). “CompTIA to Release Convergence Certification.” Certification Magazine, 7(4), 10.
Bolan, S. (2001). “Secondary IT certification.“ Computing Canada, 27(26), 26.
CompTIA (2005a). “CompTIA Security+ Certification,” available as of May11, 2005 at http://www.comptia.org/certification/ security/default.aspx.
CompTIA (2005b). “CompTIA Network+ Certification,” available as of June 2, 2005 at http://www.comptia.org/certification/ network/default.aspx.
CompTIA (2005c). “CompTIA Press Releases,” available as of May 11, 2005 at http://www.comptia.org/pressroom/get_pr.aspx?prid=524.
Cisco (2005a). “CCNA Introduction,” available as of May 11, 2005 at https://www. cisco.com/en/US/learning/le3/le0/le9/learning_certification_type_home.html
Cisco (2005b). “Certification Recourses: 640-821 INTRO,” available as of May 11, 2005 at https://www.cisco.com/en/US/ learning/le3/current_exams/640-821.html
Cisco (2005c). “Introduction: CCNP Certification,” available as of May 30, 2005 at http://www.cisco.com/en/US/learning/le3/le2/le37/le10/learning_certification_type_home.html
Gallagher, J. (2003). “Security+ closes the gap.” Insurance & Technology, 28(2), 48.
Gilhooly, K. (2001). “Certifications: Who needs ‘em?” Computerworld, 35(37), 38.
George, T. (2002). “Employers raise the bar on certification.” InformationWeek, 896, 76-77.
Hazari, S. (2002). “Reengineering and Information Security Course for Business Management Focus.” Journal of Information Systems Education, 13(3), 197-204.
Hilson, G. (2001). “Cisco builds on CCNA program.” Computing Canada 27(11), 27.
Hoffman, T. (2005). “Demand for IT certifications on the rise.” ComputerWorld, 39(8), 1-2.
International Information System Security Certification Consortium, Inc. (ISC)2 (2005). “About (ISC)2,” available as of May 27, 2005, at https://www.isc2 .org/cgi-bin/content.cgi?category=7.
Karr, S. S. (2001). “IT Certification pays off.” Financial Executive, 17(9), 60-61.
Logan, P. Y. (2002). “Crafting an Undergraduate Information Security Emphasis within Information Technology.” Journal of Information Systems Education, 13(3), 177-182.
Messmer, E. (2004). “Some certifications are hot, some not.” Network World, 21(5), 23-24.
Microsoft (2005). “Apply your Credentials to Microsoft Certifications,” available as of May 24, 2005, at http://www.microsoft. com/learning/mcp/partners.asp.
Microsoft (2005b). “Microsoft Certified Professional,” available as of June 2, 2005, at http://www.microsoft.com/ learning/mcp/mcp/default.asp.
Microsoft (2005c). “Preparation Guide for Exam 70-290, Managing and Maintaining a Microsoft Windows Server 2003 Environment,” available as of June 2, 2005, at http://www.microsoft.com/ learning/exams/70-290.asp.
Musthaler, L. (2003). “Certifications are worth it.” Network World, 20(17), 53.
Rode, K. (2004). “Security certification staples.” Network World 21(38), 45.
Schlichting, C. & Mason, J. (2004). “Certification Training and the Academy.” The Journal of Computing Sciences in Colleges, 20(1), 157-167.
Schlichting, C. & Mason, J. (2005). “The Computer Curriculum and Certification: A Proposal.” The Journal of Computing Sciences in Colleges, 20(4), 84-91.
Schultz, E. (2002). “Certifications paying more than technical skills.” Computers & Security, 21(3), 208.
Varhol, P. (1998). “Pros and Cons of Certification.” Computer Design 37(5), 113.
Venator, J. A. (2005). “The Intrinsic value of Certification.” Certification Magazine, 7(6), 12.