|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bill_Royds@pch.gc.ca
Date: Thu Jan 10 2002 - 09:34:24 CST
I have a GIAC GCIA certificate and I just wrote the CISSP exam last
weekend so I can compare. One person in the group of about 80 was writing
the SSCP so it is obviously not coveted as much.
The GCIA process asks more of what you can do, the CISSP asks more of
what you know, The CISSP requires a much broader knowledge than GCIA, the
GIAC requires you to show some analytical skills in a smaller area.
Since the CISSP has been around longer, it is more likely to have a
higher reputation. It tests knowledge of facts in a large area so it
certifies that you know contents of the Common Body of Knowledge. Combined
with work experience and references it would help to evaluate a candidate
for a job that required a broad knowledge (consultant, manager etc.).
SANS has a good reputation, but the GIAC certificates are relatively
new. Its testing requirements are less on a large area of knowledge
(although it requires network knowledge and particular area knowledge) and
more on abilities to analyze a situation and report on it. This is also an
important skill for a consultant but probably most important in an
operations role.
A GIAC certification would have great value for a practitioner and
should probably be preferred by someone hiring relatively new people. A
CISSP should be the topping to someone with already good experience but
wouldn't add much to someone relatively inexperienced. It measures whether
you have learned by experience but doesn't give you that experience.
A GIAC certificate gives you particular knowledge that can supplement
experience.
A CISSP certifies that you know a broad range of facts but it needs better
to certify the experience part.
I like the SANS web listing of people with actual papers and marks. It
allows an independent confirmation of certificate.
Bill Royds
Acting System Administrator, Canadian Heritage Information Network
ph: (819) 994-1200 X 239
Gregory Tucker <gregory_a_tucker@yahoo.com>
01/09/02 03:11 AM
To: CISSP Study <cisspstudy@securityfocus.com>
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: Re: SSCP
I won't dare to make a comparison between SANS and ISC2. The real "value"
of
a certification is determined not by security professionals, but by the
managers who sign the checks: HR recruiters, IT heads, etc. (I realize
that
below was talking about "reputation" not "value". Definitely they are
different. Here I am talking about the latter, which is probably more
interesting to most people.) So a meaningful discussion of the
certifications value requires some sampling of how do the certifications
affect salaries, and how do they affect consulting agreements, etc.
The GIAC web site posts a link stating that employers prefer GIAC. I have
not reviewed the information, but as a matter of course I would expect
them
to say that. I haven't reviewed what research is available on the subject,
if any, but I think it is a very interesting question. A friend (who has
the
CISSP) swears by that certification, but he doesn't back it up. Probably a
friend of his told him the CISSP is better. Without hard evidence of the
affect on salary, it is hard to say. Therefore, if anyone has any
interesting links on this subject, I would be very interested to see them
posted on this list.
But a purely "economically rational" view of any certification doesn't do
complete justice to any of them. Some pursue certification for the joy of
learning. Individuals may be naturally more talented in one area than
another; an economically rational decision may be a poor choice for any
given individual. For example, I will never be a successful American
Football player. Pursuing a CAFE ("Certified American Football Expert")
certification probably will do me no good.
Regards,
Greg
Tom Watson wrote:
> To me ISC2 has a better reputation than SANS for certifications. Whether
> that is an accurate representation however I can't say, I suppose the
only
> way to find out is to ask other security professionals (preferably not
on
> this list!).
>
> HTH
> Tom Watson
>
> P.S. The views expressed in this email are my own and do not necessarily
> represent those of my employers.
>
-- Gregory Tucker Tokyo, Japan mailto:gregory_a_tucker@yahoo.comOur Father which art in Redmond, William be thy name...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]