While Mr. Lasser may have taught for SANS, he is not an employee of SANS and the view he expresses are his own.

Also, SANS does not teach "bootcamp" style courses designed *to help you pass* the GIAC certifications. SANS teaches courses *that can be used to prepare for the certifications* - but they are in no means designed specifically to help you pass. There is a subtle - but important - difference.

The term "bootcamp", when used with a SANS course, denotes intensive training that includes evening sessions (7PM - 10PM) in addition to a full day of instruction (9AM - 5PM).

Many CISSPs are GIAC certified. Many GIAC certified people are pursusing the CISSP. I have never seen either side slam the other, and there are many supporters who believe that the certifications complement each other, with the CISSP providing a broad foundation and GIAC providing in depth, hands on skills. I for one agree with this.

The debate over what a test (ANY test) really "tests" is an old one and you can argue it in circles. Maybe Mr. Lasser is right and the exam was easy or inappropriate. Maybe he's a Really Smart Guy and based on his existing knowledge, found the exam easy. Maybe the exam is fine, but he lost sight of what objectives, and what level of knowledge, the exam is intended to test. Understand what a certification can and can't do, and take it for what it's worth. Of course, NO certification is the final measure of someone's knowledge or ability. If you assume it is, you're missing the point.

Everyone is entitled to their opinion - and there are many. But it's an unfortunate disservice to CISSPs to slam as worthless a program that counts among its members a large number of intelligent, professional, security-savvy people.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/67/11278#11278