I would agree that the CISSP is basically a useless certification if you are looking for a deeply technical security practitioner as the test is severely dated, shallow and not all that hard to pass. However, I noticed this article did not mention any certifications that are currently available from SANS/GIAC.

I hold the CISSP, CCSE and the CCNA but they are, as the author correctly states, nothing more than a piece of paper. I am most proud of my SANS/GIAC certifications because of the required practical that is developed to show your mastery of the subject material and multiple exams to test your knowledge of the course material.

I would highly suggest taking part in one of the certifications tracks available from SANS/GIAC. I think you would be suitably impressed and would find that it requires not only time but a great deal of knowledge in order to get the certification.

For those ranting that certifications don't prove anything then I would invite you to make those same assertions after completing a few. I used to think the same way and would prattle on for hours about how worthless certs are and how I would never obtain one but it was really just a coverup to the fact that I was too lazy to get off my butt and earn one. I started with CCSE (CCSA also) and the moved to the CCNA. I learned a little but didn't feel all that knowledgeable but then I enrolled in the SANS Security Essentials course and was impressed with the depth and amount of material covered in the course. I felt I had a good background in Infosec (14 years experience) but I found I had a lot of gaps in my knowledge that the GSEC helped me even out.

From there I obtained the GCFW (Firewall/VPN) and the GCIA (Intrusion Detection) and then took the CISSP because it was required for my job. I was a bit worried because of all the horror stories I have heard about the exam but it was laughable. Honestly - the exam is a joke.

My point is this:

1. Try out the GIAC/SANS certifications.
2. Don't knock certs until you have a couple
3. Knowledge IS power
4. Employers DO look for certifications.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/118/16965#16965