Don Parker, 2005-03-28
Recent changes to the GIAC makes one question the value of certification for the security industry.
Colapse all |
Post comment
Practically Certified
2005-03-29
Alex Arndt (1 replies)
Alex Arndt (1 replies)
Practically Certified
2005-03-30
Carlos Canoto
Carlos Canoto
I must also agree with Don, there is a great value improvement when you have a certification test your practical skills, maybe you could also consider the CCIE Security certification (not only CCNA or CCSP) when it comes to Cisco, this certification includes a one day practical session as well as th...
[ more ] [ reply ]
[ more ] [ reply ]
Practically Certified
2005-03-29
Mestafio
Mestafio
You make a valid point about the value of the certification when all that is required is a boot camp or good memory skills. Equally valid about employer requirements being at least partially to blame.
I think the greater point is that there are many people who don't see a college degree any differ...
[ more ] [ reply ]
I think the greater point is that there are many people who don't see a college degree any differ...
[ more ] [ reply ]
Practically Certified
2005-03-29
Anonymous (4 replies)
Anonymous (4 replies)
Does anyone else find it conflicting for isc2 to offer cpe conferences where you automatically get x hours of cpe credit 'required to keep your cissp certification' for x dollars? Isn't that a wee bit like extortion?...
[ more ] [ reply ]
[ more ] [ reply ]
Cool Names != quality
2005-03-29
Bipin Gautam <visitbipin[]hotmail.com> (2 replies)
I have vividly heard Mr.'X' got to their 'local test center' with the name of Mr.'Y' and take the EXAM. Mr.'Y' pays Mr.'X' for his job..... and no doubt Mr.'Y' is certified even without turning a page. That's what I call PROSTITUTION OF KNOWLEDGE. There is no further questions asked or verificatio...
[ more ] [ reply ]
Bipin Gautam <visitbipin[]hotmail.com> (2 replies)
I have vividly heard Mr.'X' got to their 'local test center' with the name of Mr.'Y' and take the EXAM. Mr.'Y' pays Mr.'X' for his job..... and no doubt Mr.'Y' is certified even without turning a page. That's what I call PROSTITUTION OF KNOWLEDGE. There is no further questions asked or verificatio...
[ more ] [ reply ]
Cool Names != quality
2005-03-30
IAMCanadian (1 replies)
IAMCanadian (1 replies)
I can't help to agree with most of the points you have made. Although I have not even looked at the RHCE cert I have been looking at various others. My problem is that I find that most certifications gear toward people that are great at memorization, and not as much of a practical approach to the...
[ more ] [ reply ]
[ more ] [ reply ]
Cool Names != quality
2005-04-05
X
X
It's horrorible to see how people with zero hands-on get a job just 'coz they are certified in a particular product. In India, due to the soaring remote offshoring business, things have gotten worse. The agents in these so-called "BPO" units would have never ever worked on the product they have "go...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-29
Jim Moore (1 replies)
Jim Moore (1 replies)
What I see as the most dangerous aspect of the change is the threat to the SANS Reading Room. There are a whole lot of junior people out there who need to benefit from people who have mastered the subject. And there are a lot of senior people, struggling to keep up with a wide variety of fields (l...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-29
John H. Sawyer (5 replies)
John H. Sawyer (5 replies)
I do think that the decision to drop the practical was hasty without their new testing methodology in place, but I think you should have spoken to someone within SANS/GIAC before comparing them to notorious paper-CERTs. SANS/GIAC is an excellent organization with great training, and I have no doubt...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-29
Don Parker
Don Parker
Hi John,
Well I do not really see myself as complaining in this case. I have two of the certs GCIA GCIH and it was the defining feature of the GIAC practical that made the cert what it was. A lot of other people like Clement Dupuis, who used to teach for them, also agree with my criticism in this...
[ more ] [ reply ]
Well I do not really see myself as complaining in this case. I have two of the certs GCIA GCIH and it was the defining feature of the GIAC practical that made the cert what it was. A lot of other people like Clement Dupuis, who used to teach for them, also agree with my criticism in this...
[ more ] [ reply ]
Practical Certifications
2005-03-29
Anonymous
Anonymous
Why not the more people they can get certified the more money they can make. Now they won't need numerous individuals to read over each practical as well.
I went through the LMP and I was the only individual in the group who even wrote attempted a practical much less went through and took the ...
[ more ] [ reply ]
I went through the LMP and I was the only individual in the group who even wrote attempted a practical much less went through and took the ...
[ more ] [ reply ]
Boot Camps\SANS Needs to Change
2005-03-30
Anonymous (2 replies)
Anonymous (2 replies)
1. I find it incongruous to slight the MCSE due to the availability of boot camps and hold the CISSP high while ISC(2)offers boot camps.
2. SANS is struggling to find a model to go forward. Let's be brutally honest: the young studs that built SANS are getting older. The awesome, intense energy and ...
[ more ] [ reply ]
2. SANS is struggling to find a model to go forward. Let's be brutally honest: the young studs that built SANS are getting older. The awesome, intense energy and ...
[ more ] [ reply ]
Boot Camps\SANS Needs to Change
2005-03-31
Guy L. Pace, CISSP
Guy L. Pace, CISSP
I've seen boot camps for CISSP advertised, but they are not associated with (ISC)2, as far as I know. I attended an (ISC)2-hosted training prior to sitting for the exam, but I wouldn't call it a boot camp. My impression was the seminar provided a focused overview of the 10 domains and helped direct ...
[ more ] [ reply ]
[ more ] [ reply ]
Boot Camps\SANS Needs to Change
2005-03-31
Anonymous
Anonymous
There is no need to slight anyone because of the availability of boot camps, I prefer to slight the individual "Must Consult Someone Else" because s/he sincerely expect me to hire as an administrator a person who answers the question "how are your DOS skills?" with "DOS? No, I prefer to work with mi...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-30
Anonymous
Anonymous
I could not agree more. Also, to illustrate some of the problems, I will use the example of my GCFW practical. In it I used the recommendation of one of my GCFW instructor for the implementation of logging. When I submited the practical I was chastised for using the suggestion. What the content was,...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-29
DanM
DanM
The interesting brouhahas over certificates
I think that the recent move by sans, http://www.sans.org has really created a stir in the security community, and validates something I have not only observed, but also been in the middle of, and one of the reasons why I like college over certificates....
[ more ] [ reply ]
I think that the recent move by sans, http://www.sans.org has really created a stir in the security community, and validates something I have not only observed, but also been in the middle of, and one of the reasons why I like college over certificates....
[ more ] [ reply ]
Practical Certifications
2005-03-29
Anonymous
Anonymous
The first cert I ever got was Network + after being in the field for a year. I followed that with CCNA and was impressed at how you had to actually know your stuff to pass.
On the urging of my company, I went through the MCSE classes which seemed more focused on teaching how to take the test rath...
[ more ] [ reply ]
On the urging of my company, I went through the MCSE classes which seemed more focused on teaching how to take the test rath...
[ more ] [ reply ]
Practical Certifications
2005-03-29
Paul
Paul
Quite frankly I find that the decision to drop the practical amounts to SANS/GIAC accepting, even encouraging, mediocrity for the sake of revenue. Increasing the volume of GIAC certificate holders, as Northcutt implied in his announcement e-mail to us GIAC cert holders, provides more revenue from r...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-29
Kenton (1 replies)
Kenton (1 replies)
As a holder of the GSEC cert and a local mentor for the same program, I've been following all of these discussions quite intently. One thing I have noticed is that people are forgetting a couple of things.
Anyone who takes one of these certifications (MCSE, GIAC, CISSP, etc) is learning. The GIAC c...
[ more ] [ reply ]
Anyone who takes one of these certifications (MCSE, GIAC, CISSP, etc) is learning. The GIAC c...
[ more ] [ reply ]
Practical Certifications
2005-03-31
Anonymous
Anonymous
Take a class to learn, get certified to demonstrate an ability to apply what you learned. Certification isn't a learning experience as you seem to imply, it's a confirmation or verification process which has now been diminished by SANS/GIAC.
Remember, in comparison to other ceritication exams ...
[ more ] [ reply ]
Remember, in comparison to other ceritication exams ...
[ more ] [ reply ]
Practical Certifications - Vendor Specific Certs
2005-03-29
Ben Heinkel
Ben Heinkel
What about vendor specific Security certifications like Checkpoints CCSA/CCSE ? From the trend I see among firms hiring Security professionals here in the UK, they are much less concerned with general network/security certifications like the CISSP, and would rather prefer someone certified by the sa...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-30
Anonymous
Anonymous
The reasoning circulated in the email announcement had to do with a lack of time to do the practical. Apparently job pressures were getting in the way of a supposedly highly qualified CIA (or was it FBI) manager getting his/her practical done.
Apparently, the project constraint is so bad that ...
[ more ] [ reply ]
Apparently, the project constraint is so bad that ...
[ more ] [ reply ]
Practical Certifications
2005-03-30
Edgar Danielyan CISSP ISSAP ISSMP CISA MBCS (1 replies)
Edgar Danielyan CISSP ISSAP ISSMP CISA MBCS (1 replies)
Getting rid of practicals was a mistake. Practicals were the most important differentiator of GIAC certifications and the most important reason they are (were?) respected. Getting examinations right is very difficult, expensive and time-consuming. Organisations like ISACA and (ISC)2 spent years and ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: CISSP
2005-03-30
Anonymous
Anonymous
Re: the CISSP
I thought it good to note that this certification is really of most practical value for management level folks, rather than hands on level technical people. I've run into too many CISSPs that are remarkably ignorant about technical issues, and couldn't even install an network driver...
[ more ] [ reply ]
I thought it good to note that this certification is really of most practical value for management level folks, rather than hands on level technical people. I've run into too many CISSPs that are remarkably ignorant about technical issues, and couldn't even install an network driver...
[ more ] [ reply ]
Practical Certifications
2005-03-30
Brian Almond CISSP, CCSP
Brian Almond CISSP, CCSP
I am sad to see the practicals taken away from the GIAC certs. The practicals seperated them from other certifications by making sure there was an element of actual hands on experience.
I think that the more hands on the certification the better. This is the way it should be. You should never be...
[ more ] [ reply ]
I think that the more hands on the certification the better. This is the way it should be. You should never be...
[ more ] [ reply ]
Practical Certifications
2005-03-30
Anonymous
Anonymous
In my opinion the GSEC has always been a faulty and discredited certification. Simply because of the fact that there is no testing center for which your practical is taken or your tests are graded.
So in essence all I really need to do is to get my smart buddy over to my house, have him write my...
[ more ] [ reply ]
So in essence all I really need to do is to get my smart buddy over to my house, have him write my...
[ more ] [ reply ]
Practical Certifications
2005-03-31
Ron Ropp
Ron Ropp
Yep...I sit my GCIH tests this weekend, and was about two weeks out from submitting my practical when I got my email! Needless to say, I was not pleased. I also have another GIAC cert and the practical portion was the best part, and separated this cert from the rest. I could even point people to my ...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-03-31
Anonymous
Anonymous
Writing a Practical does not demonstrate experience or knowledge of security. It demonstrates research skills and writing skills. I could task my 16 year old son to write a practical about a security related topic. I would just give him some references books and access to the internet. Does this mak...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications-Do something about it
2005-04-01
ChrisG
ChrisG
In the military they say never voice a problem without a solution otherwise it is just whining. I would urge all you people with some standing in the industry to stop whining about it, pool some money together, create your own certification with practical and then charge outrageous sums of money fo...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-01
Anonymous
Anonymous
I think that the whole thread has summarize it very well:
It was a mistake to remove the practical requirement that was a big differenciator.
it was a mistake to make it easier for people to certified because the justifications are NOT for the better of the community but for the better of the ...
[ more ] [ reply ]
It was a mistake to remove the practical requirement that was a big differenciator.
it was a mistake to make it easier for people to certified because the justifications are NOT for the better of the community but for the better of the ...
[ more ] [ reply ]
Practical Certifications
2005-04-01
Anonymous
Anonymous
It?s all about the money. When I took the GCFW course you could buy the books for about $900.00. SANS then changed it to where you could not buy the books for self study you had to purchase there online course for about $2500.00. Now SANS is eliminating the practical so that more people will attempt...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-02
Allen
Allen
I agree with Don that removing the practicals could put the certification in the paper class certificates category. However I do believe that SANS still could have both the EXAM ONLY and also the EXAM + PRACTICAL certificates. This would provide both categories to be acheived. People with time and e...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-03
Anonymous
Anonymous
The one issue with the practical is how it was graded. SANS admitted to inconsistencies between graders and reevaluated the program. That in and of itself, reduced the value of the graded practical. By removing a faulty process from the mix, they have not reduced the value of the process, they ha...
[ more ] [ reply ]
[ more ] [ reply ]
Don't forget about the way it's done: Internet
2005-04-04
Alexandre de Abreu Teixeira
Alexandre de Abreu Teixeira
Hi all,
I totally agree with Don, just adding some facts that we must agre too: Cisco Exams(LPI, other) are done in VUE/Prometric, GIAC Exams will be done via Internet, aren't they?
So, one could pay other ppl to do the job, ok?
Alexandre de Abreu, until now, last GCUX with practical :|...
[ more ] [ reply ]
I totally agree with Don, just adding some facts that we must agre too: Cisco Exams(LPI, other) are done in VUE/Prometric, GIAC Exams will be done via Internet, aren't they?
So, one could pay other ppl to do the job, ok?
Alexandre de Abreu, until now, last GCUX with practical :|...
[ more ] [ reply ]
Practical Certifications
2005-04-04
Sherman Hand
Sherman Hand
The GIAC or Sans exams use a good method for examination.
I do think that the decision to drop the practical was done with much thought and their new testing methodology in place. SANS/GIAC is an excellent organization with great training.
I am sure they have the same concerns as most about mo...
[ more ] [ reply ]
I do think that the decision to drop the practical was done with much thought and their new testing methodology in place. SANS/GIAC is an excellent organization with great training.
I am sure they have the same concerns as most about mo...
[ more ] [ reply ]
Practical Certifications
2005-04-05
Anonymous
Anonymous
My letter to GIAC:
I am a GCIH. I have recertified once already, and was planning to recertify again in January of 2006; however, I am seriously reconsidering this decision based on the significant change in value that the GCIH certification now offers. I am quite shocked and rather disappointed ...
[ more ] [ reply ]
I am a GCIH. I have recertified once already, and was planning to recertify again in January of 2006; however, I am seriously reconsidering this decision based on the significant change in value that the GCIH certification now offers. I am quite shocked and rather disappointed ...
[ more ] [ reply ]
Practical Certifications
2005-04-05
Anonymous (1 replies)
Anonymous (1 replies)
Well I wish that e-mail stating the changes had shown up a few weeks earlier. I had already gone through the budget process to get flights, hotels, and the SANS fee for this spring. I wouldn't have bothered if I had got the e-mail first.
In the end I figured the paperwork I need to do to revers...
[ more ] [ reply ]
In the end I figured the paperwork I need to do to revers...
[ more ] [ reply ]
Practical Certifications
2005-04-06
sebastan
sebastan
yeah it is very sad to know about GIAC to remove their practical requirement.but i feel good at the same time that not all of them can afford a lab to do it to submit their papers .i guess with the new cirriculam more people will go for it .but yeah they should not m,ake the online papers for promet...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-05
Anonymous
Anonymous
How about the "grandfathering" scam that many new certifications use to build up a pool of members (like the recent CISM). I have a CISSP, was one of the earlier ones too, but I took the test instead of grandfathering based on experience. Now you have CISSP bootcamps and "CISSP for Dummies" so we ca...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-05
Kelly (2 replies)
Kelly (2 replies)
I do agree with Don that it is a shame that the practical was eliminated. This does deminish the value of the training and Certs. Why should I doll out $4500+ for a SANS course when I can take a local CISSP or CCSP course?
In one of the earlier replies the writer commented that all a practical a...
[ more ] [ reply ]
In one of the earlier replies the writer commented that all a practical a...
[ more ] [ reply ]
Practical Certifications
2005-04-06
Anonymous
Anonymous
I agree. Life itsef, is an open book exam.
There should be a fine line between having to memorize every tome available, and being able to prove that you have an excellent foundation of knowledge in the required subject.
People that know what they are looking for will also know where to find i...
[ more ] [ reply ]
There should be a fine line between having to memorize every tome available, and being able to prove that you have an excellent foundation of knowledge in the required subject.
People that know what they are looking for will also know where to find i...
[ more ] [ reply ]
Practical Certifications
2005-04-08
Anonymous
Anonymous
I like your idea Kelly. I hold a GSEC, GCIH, GCFW, and soon (with a practical) a GCUX. I am still planning to get all the way to the GSE. So for my last two certs before the GSE, I will attempt what you have described. It may not count for the letters, but the work frmo my past practicals have taugh...
[ more ] [ reply ]
[ more ] [ reply ]
Practicals cannot stay
2005-04-06
Edward Luck, GCFW, ex. SANS instructor (1 replies)
Edward Luck, GCFW, ex. SANS instructor (1 replies)
As a member of one of the SANS GIAC Advisory boards and having previously instructed for SANS, I have a bit more perspective on this than most.
What many of you are failing to grasp is that whilst the SANS practicals did make the certification stand out, many of the students (even brilliant ones)...
[ more ] [ reply ]
What many of you are failing to grasp is that whilst the SANS practicals did make the certification stand out, many of the students (even brilliant ones)...
[ more ] [ reply ]
Practicals cannot stay
2005-04-06
Anonymous
Anonymous
First off, I have little or no respect for certifications. Most people (but certainly not all) who have them are of no use technically. They pass tests and then look good for the bosses. I use my real-world experience.
I do completely agree with Mr. Luck, unfortunately. I have taken two rem...
[ more ] [ reply ]
I do completely agree with Mr. Luck, unfortunately. I have taken two rem...
[ more ] [ reply ]
Practical Certifications
2005-04-06
Slade (1 replies)
Slade (1 replies)
You shouldn't comment if you haven't attempted these certifications either. I hold the GCIH and GCFA from almost 16 months of very difficult reasearch and extra hours of work. The dual model you mentioned would be perfect, right now anyone can challenge the open-book tests and get certified. I co...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-07
Edward Luck (1 replies)
Edward Luck (1 replies)
Your comments regarding the exam as it currently stands are spot on. In its current form it is not up to scratch, because it's open book and is designed as an addendum to the practical. A bit like two-factor authentication; the practical is something you did, and the exam is something you know. Ad...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-07
Don Parker
Don Parker
The exam system is in my opinion an abysmal failure. What you need to do is demonstrate in no uncertain terms via a practical that you know what you are doing. Whether that be the CCIE (my apologies for forgetting that one) or other cert (RHCE). The practical portion is what separates the boys from ...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-08
Keith
Keith
I also agree that we should wait and see what the new GIAC exams look like. I am certified GSEC and took the IDS track but didn't have time to complete a practical. Since the tests are taken over the Internet they will have to remain open book. For the test to provide value then they will have to as...
[ more ] [ reply ]
[ more ] [ reply ]
Worthless Certifications compared to College
2005-04-08
Anonymous, NCN (No-Certs-Needed) (2 replies)
Anonymous, NCN (No-Certs-Needed) (2 replies)
Personally, I think Certifications are ego builders and ways for companies to make money off of those who think they have accomplished something special.
I know plenty of paper CISSPs that have never user a simple TCP scanner let alone know what what an IP address is. Same goes with certs from S...
[ more ] [ reply ]
I know plenty of paper CISSPs that have never user a simple TCP scanner let alone know what what an IP address is. Same goes with certs from S...
[ more ] [ reply ]
Re: Worthless Certifications compared to College
2006-06-23
Anonymous
Anonymous
When it comes to comparing college to certifications the measuring stick varies a lot. For instance the CCIE is more advanced than any college network class. The college classes are basic reading for a CCIE. But, a CCIE without a degree will probably be lacking some math skills. If a certification s...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Worthless Certifications compared to College
2007-03-26
Anonymous
Anonymous
The CISSP is crap, it is a paper cert with a test that is not practical and leans towards memorization of useless facts.
I have one just because it's what employers look at as a legitimate security cert.
Having the cert is the same as a paper mcse except the paper mcse may retain more useful p...
[ more ] [ reply ]
I have one just because it's what employers look at as a legitimate security cert.
Having the cert is the same as a paper mcse except the paper mcse may retain more useful p...
[ more ] [ reply ]
Practical Certifications
2005-04-08
Anonymous (3 replies)
None of these security certifications are actually relevant. The best example of a relevant certification was the ORIGINAL CCIE. That required multiple steps, and actual performance under actual pressure.
I teach infosec, and some of the most stupid "you should already know that" questions co...
[ more ] [ reply ]
Anonymous (3 replies)
None of these security certifications are actually relevant. The best example of a relevant certification was the ORIGINAL CCIE. That required multiple steps, and actual performance under actual pressure.
I teach infosec, and some of the most stupid "you should already know that" questions co...
[ more ] [ reply ]
You should never hire off a resume anyway
2005-04-11
Edward Luck
Edward Luck
Any organisation that hires people solely on their certifications is looking for trouble. Like anything, it should merely be a piece of the puzzle. To my mind, it makes it easier to zero in on a target that a candidate can be tested on; "Oh so you've got a GCFW, eh? Tell me then, why wouldn't you...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Practical Certifications
2007-07-28
The Real Ben
The Real Ben
You're absolutely right. You do need the experience in order to really understand how to manage security in an IT field. But the cert. is really there to ensure that companies are reducing their legal liabilities and meeting business IT security standards (again, from a legal point of view). So i...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2005-04-08
Disappointed
Disappointed
I have the CISSP & CCSP I was looking at the GIAC Firewall Analyst as one I really wanted. I mainly work with Firewalls and IDSs and thought the GIAC FW would be the final notch on my belt. I am SO disappointed they took away the practical... hardly seems worth getting the cert. How does it stand ap...
[ more ] [ reply ]
[ more ] [ reply ]
Practical Certifications
2007-05-03
DNS Admin
DNS Admin
Denying all traffic inbound to tcp port 53 is NOT a good practice.
The security argument in favour is based on a misunderstanding of the use of such traffic in the DNS protocol. Specifically - such traffic is not simply used for zone transfers, as many security practitioners seem to believe. It i...
[ more ] [ reply ]
The security argument in favour is based on a misunderstanding of the use of such traffic in the DNS protocol. Specifically - such traffic is not simply used for zone transfers, as many security practitioners seem to believe. It i...
[ more ] [ reply ]
Additionally, I also think that Cisco certi...
[ more ] [ reply ]