There are Linux certifications, such as the RHCE (Red Hat Certified Engineer). There are security certifications, like the CCSP (Cisco Certified Security Professional). Now we have the first certification that combines Linux and security: the Linux Professional Institute’s LPIC-3 with its new “Security” exam elective.

The LPI certification, unlike the Red Hat and Novell certifications, is vendor-neutral. The long-delayed, top-level LPIC-3 arrived in 2007.

To obtain this certification, roughly equivalent to the RHCE or the NCLE (Novell Certified Linux Engineer), a Linux administrator must have already achieved the LPIC-1 and LPIC-2 certifications. In addition, he or she must pass the enterprise-level core certification exam (LPI-301) and a “Mixed Environment” elective (LPI-302). According to the LPI press release, “In 2008 LPI will develop a ‘Security’ elective (LPI-303) to accompany this level of the program. The introduction of this advanced-level ‘Security’ elective follows extensive consultation with industry leaders and enterprise customers on priorities for the LPIC-3 program.”

While Linux is known for being secure, security is not an operating system, it’s a process. While recent major security breaches such as the Advance Auto Parts network break-in and the Hannaford credit card heist have nothing to do with Linux, it can be expected that companies will want more security training for their administrators.

The LPI-303 Security exam development has already begun. The focus will be on dealing with real-world security threats, according to LPI. After the exam has been developed to an alpha stage, LPI and its corporate partners will give it a “global Job Task Analysis survey” during the summer of 2008.

This will be followed by a series of beta exams from October to November 2008. If all goes well, the course will be published and made part of the LPIC-3 certification in February 2009.