There's also the attitude slowly growing in the infosec community (at
least with the people I talk to regularly) that SANS is turning
themselves into a white hat script kiddie school. I've read through
quite a few of the papers that were submitted for practicals, and I have
to say that I am quite unimpressed with the quality of a lot of the work
there.

Granted, there are some fantastic papers, and there are some horrible
papers, and most are somewhere in the middle, but as a security
professional with more than a few letters after my name, I would be MUCH
more inclined to judge someone as qualified in information security by
the CISSP after their name than by a GSEC.

This is not to say that the GSEC is not meaningful, just that I consider
the CISSP as being more significant. In comparing the SSCP to the GSEC,
I would say they are probably targeting the same people, but the skills
required are slightly different.. The SSCP is a bit longer/harder test,
and requires more a more complete technical knowledge, but the GSEC
requires you to write a paper which proves you have documentation and
writing skills (or that you can copy a few paragraphs and change the
wording around from a previous paper or other article).

As a note, my personal opinion (not reflecting that of my company
etc...) on the certs that I've done:

CISSP - Test is quite comprehensive. You won't pass that without
experience or a LOT of study. If you are a very logical person, you'll
have an easier time of it.

SSCP - The test seemed very simple to me, but then it is geared for
persons with 1 year of technical experience, and I've been in this field
for far longer than that. I would consider it a valuable proof of an
entry level / junior tech's security skills, or of a non-technical
person's understanding of basic security technologies.

CISA - The hardest test I've ever written. It is focused a lot more in
finance, process, and standards, as opposed to technical/theoretical
security or IS/IT, so it's understandable that being slightly out of my
area of expertise I found it difficult. If you are a very logical
person, you'll have an easier time of it.

CCNA / CCDA - First level Cisco certifications. The tests were almost a
joke. Basic IP and basic knowledge of Cisco router configurations
required for NA, and knowledge of Cisco products and some network
architecture required for DA.

CCNP / CCDP - Second level Cisco certifications. Required a passing mark
in 4 or 5 different tests (it was a while ago so I don't recall
exactly). Requires good knowledge of networking concepts, and
Cisco-Specific hardware and configuration parameters. I'd say that
someone with this Cert in InfoSec is either specializing in networking
(LAN/WAN), or learning as much as possible about the Cisco security
products. When I wrote these tests, there was no security-specific
certification.

GSEC - The test was a joke.. If there's a particular area you don't know
well, read the materials for a half hour before writing it. For my
practical, I wrote up a paper on wireless security concepts and issues
in a few hours. Read through the SANS web site where all the passing
papers are posted, and you'll see what I mean.

GCIA - The test requires a fair amount of hard-core IP understanding,
which could have been picked up in about a week for someone with a bit
of time. The practical takes a lot of time, but is not hard. From what
I've been told of from a few friends who have gotten 3-4 SANS certs
each, most of the level 2 SANS certifications seem to take a lot more
time than effort for someone who is qualified/experienced.

MCSE - I haven't bothered to take the Windows 2000 tests, so I'm not
certain if the cert has expired (I think it does next month). I really
should get around to writing them sometime soon, but don't consider this
a useful certification in our industry (infosec).

CFE - A lot of fraud-specific knowledge required, and very useful course
materials. This applies directly to some of the work that I'm doing now,
and my hat goes off to whoever put the documents together. I'll be
writing the test sometime in the next month (as soon as they send it to
me), and will let whoever is interested know how I found it (provided
that the non-disclosure lets me).

I also have a few vendor certs which I don't really consider as anything
special. All it takes is a few evenings of study and a day of playing
with the software to pass most of these tests.

I hope I didn't offend anyone here..

Comments are welcome :-)

Have a good weekend,
Jeff

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]