SAP Security Certification value?

SAP Training/Certification related postings (For Registered Users Only)

Moderators: rtella, Snowy, thx4allthefish

Post Reply
banksecurityadmin
Posts: 35
Joined: Fri Dec 01, 2006 9:57 am

SAP Security Certification value?

Post by banksecurityadmin » Thu May 22, 2008 3:42 pm

I was wondering if there is any value to the SAP Security Certification?

Does anyone know if there is any value just focusing on Security, I have a few years experience and my company just decided to move all the security responsiblilities (authorization, role assignment etc) to the BASIS team.

This makes no sense to me.

Please help, I have taken all required courses for SAP Security Certification, just not sure of any potential career paths from here.

Jim B
Posts: 1181
Joined: Sun Dec 01, 2002 3:06 am

Re: SAP Security Certification value?

Post by Jim B » Fri May 23, 2008 12:04 am

There is always plenty of work in security - usually there is a shortage of people with any interest.

I don't know that there is much value in certification - a few employers love it and won't hire without it, others will look askance at certification (it is often used as a substitute for experience, rather than a complement to good work experience).

jim

thx4allthefish
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: SAP Security Certification value?

Post by thx4allthefish » Fri May 23, 2008 9:05 am

i totally agree with Jim_B.

you could also ask to be transferred to the Basis-team. i promise you, it'll take them about 1 week (whithout any experience) to despair! i'm basis myself and know about the 'hardcore'-basis guys, they'll never manage ... (too much functional knowledge required).
curiousorange wrote: I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?

wilhitern1
Posts: 135
Joined: Thu May 15, 2008 4:25 pm
Location: Butterball LLC., Goldsboro, NC, USA
Contact:

Re: SAP Security Certification value?

Post by wilhitern1 » Fri May 23, 2008 9:32 am

Security Is a huge area. In large companies, SAP security can require sizable teams. Any significant SAP site I've ever worked at always had at least 1 dedicated Security person. Is there a future there? I'd say yes! Is that future for you? That I can't say. It's lucrative in the right companies. But if you don't enjoy it, what is that?

BTB: Security is almost always associated with the Basis function. That is no surprise at all.
Neal Wilhite (WilhiteRN1)Image

banksecurityadmin
Posts: 35
Joined: Fri Dec 01, 2006 9:57 am

Re: SAP Security Certification value?

Post by banksecurityadmin » Fri May 23, 2008 9:52 am

Thanks everyone for all your prompt replies!

Again, I am shocked that a financial institution has decided to take a responsibility like SAP Security and role it into BASIS, however I think this has more to do with their lack of leadership and desperation to save money with their reorganization. BASIS has enough on their plates, and knowing security does require some good functional knowledge as well.

I have seen other public and private organizations with dedicated security teams. The complexity of security is growing, and for anyone who is interested, please visit sdn.sap.com/security and check for the security solution map which gives a great overview of all the different aspects of security from an SAP standpoint.

Al.
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London
Contact:

Re: SAP Security Certification value?

Post by Al. » Fri May 23, 2008 2:26 pm

Hi BSA

I recruit a fair number of security people here in the UK & to be honest I am yet to see a link between certification and actual security ability. The role is a bit of a funny one in that it crosses both functional and technical areas and I don't think it's unfair to say that many security practitioners don't understand either very well. I can train any muppet to build a user and a role but those skills seem to be enough for some to claim they are security consultants. What is missing in most security people is an understanding of risk & control from both a business & tech perspective. There is a lack of high level business process knowledge - how can you secure something that you don't understand at least the very basics of. To me, people with these skills (or the recognition that they need to acquire them) are better prepared to do security consulting rather than being in a purely reactive administrative function.

To summarise a long ramble, I can always find stuff to differentiate a candidate well before we get to certification. I don't have anything against certification, just that I have found the minimum level of skill which it is supposed to validate it pretty damn low!

hussy9
Posts: 5
Joined: Fri Jun 06, 2008 2:45 pm

Re: SAP Security Certification value?

Post by hussy9 » Tue Jun 10, 2008 2:19 pm

I am a basis guy. And my team of two is going to implement security in our ERP project.
The thing here is that where there is such a scene , the major part of responsibilty lies with funtional ppl.
They are the one who has responsibility ti identify the risk . Cause they are always in better position to do that.
After that all basis needs to do is just implement the needed security.

Al.
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London
Contact:

Re: SAP Security Certification value?

Post by Al. » Fri Jun 13, 2008 8:23 am

hussy9 wrote:I am a basis guy. And my team of two is going to implement security in our ERP project..
Good luck :-)
hussy9 wrote: The thing here is that where there is such a scene , the major part of responsibilty lies with funtional ppl.
If that is how your company works then that is great - makes your job easier
hussy9 wrote: They are the one who has responsibility ti identify the risk . Cause they are always in better position to do that.
After that all basis needs to do is just implement the needed security.
That is the difference between a basis expert & a security expert. A security expert should be proficient in implementing control within the security framework - this requires an understanding of both the business processes, process risk and the technical side. In the same way that a basis expert should know DB, networking etc as well.
Someone claiming to be a security consultant shoul have in depth knowledge of the security concept, what it covers (and what is does not) and what the key auth controls are in each are & how to apply them to each bus process.

There is nothing wrong with Basis implementing security, just generally there are not the skills to interface between Audit, functional and technical side. In the same way, someone knowing STMS and SCC4 is not a proper basis person

banksecurityadmin
Posts: 35
Joined: Fri Dec 01, 2006 9:57 am

Re: SAP Security Certification value?

Post by banksecurityadmin » Tue Jul 08, 2008 10:18 pm

Just to follow up on my evaluation of SAP certifications, I recently participated in an SAP webcast on the new SAP certifications.

I found the forum to be very confusing. i was disappointed when I e-mailed a question to SAP education Canada and received no response. I find the whole certification scheme for SAP to be confusing and in a state of change.

Does anyone else feel the same? How are you dealing with the changes in certifications? :?

thx4allthefish
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: SAP Security Certification value?

Post by thx4allthefish » Wed Jul 09, 2008 3:35 pm

banksecurityadmin wrote: How are you dealing with the changes in certifications? :?
i'm not. i never had a certification for mostly the reasons AI already posted. much of what SAP does is designed more for marketing purposes than having a deeper meaning. and of course, the monetary aspect of that business is not to be neglected. their noses are golden aready from what they are selling to people and this in only one more feather in their cap. i am yet to see the the value gained to approximate/equal the costs involved. try as i might, i cannot. it might serve well for 'selling' yourself first but it will not serve you when doing the job, so i am missing a long-term perspective in all this fuzz.

changes are various and more frequent during the time - you will have to cope with the 'new' things appearing on the horizon (or dropping on your head by chance) as you go along, you cannot go into a several-week (or -month) training with everything you might encounter - starting NOW!

so, depending on who will pay for your certification, i'd suggest you take it as long as your company/bank (?) does pay for this and forget about the thing as soon as you have a new job (except: the new company is paying for a re-certification). if this is not the case, your experience, skill, functional knowledge and 'wisdom' will serve you better for impressing a new company.

you might want to consider another thought: these certificates are much sought, especially by newbies from several non-european/american/australian cultures, so the value of the certificates decreases as the the number of certified 'newbies' flooding the market rises - as it was with the 'quality-certificates' according to DIN-ISO YADDA over the years - you won't find many partners in an interview now that ask you how you would proceed in Change Management according to ... the same goes for ITIL - 3 years ago in this country you didn't dare look anyone in the eyes without having ITIL on your tongue and an accompanying certificate in your hands - the noise has gone down considerably.
curiousorange wrote: I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?

Al.
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London
Contact:

Re: SAP Security Certification value?

Post by Al. » Thu Jul 10, 2008 9:05 am

some good points from fish

You have done the courses so cert isn't going to get you any new knowledge. If you want a qualification which would get you a competitive edge in my opinion, then the likes of Security+ or CISSP would demonstrate some contextual knowledge of security as a subject. CISA and QICA are OK but generally you need to do hands on auditing to get those under your belt.

banksecurityadmin
Posts: 35
Joined: Fri Dec 01, 2006 9:57 am

Re: SAP Security Certification value?

Post by banksecurityadmin » Thu Jul 10, 2008 9:29 am

Thanks fish and Al for the valuable feedback.

I would like to progress in the area of IT Security and not remain with just SAP skills that any monkey can learn.
I find the SAP security role is one where I support the functional leads mostly because they want to understand the impact of their changes on the security in their roles; the roles which they are responsible for. I also need to make sure the proper controls are followed in the change process (proper authorization, etc) so audit is happy.

I found the the SAP Security Solution Map provides a broad view of all the areas (such as compliance, identity and Access Management, Infrastructure Security, etc.) It's easy to see that security is really everyone's responsibility.

I don't have any hands on audit experience and don't see this as happening anytime soon. I think the key is to look at where I can easily gain experience, and I don't see any security certifications which can open any doors. I think the key is to try to acquire the experience first.

thx4allthefish
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: SAP Security Certification value?

Post by thx4allthefish » Fri Jul 11, 2008 8:37 am

banksecurityadmin wrote: I think the key is to try to acquire the experience first.
i wholeheartedly agree with this. but over the years i came to value AI's advices a lot, so take a look at those certificates he indicates as proper for 'getting a competitive edge'. you cannot go wrong there.
curiousorange wrote: I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?

Al.
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London
Contact:

Re: SAP Security Certification value?

Post by Al. » Fri Aug 08, 2008 8:39 am

Thanks Fish :)

Post Reply