GSEC, GSLC, or GISP?

PJ_Sneakers

I may have the opportunity to get some SANS training, and I was wondering which GIAC cert would have the best ROI: GSEC, GSLC, or GISP. I kind of like the idea of GISP to help prepare for CISSP, but that can be done in other ways.I understand the GSEC is more technical than the GSLC, but what exactly is covered in GSLC training? It's more management-oriented, right? I'm not sure which is a better fit at this point. I am not an infosec guy per se, I am an administrator for systems that requires compliance with federal mandates.GSEC sounds more fun than GSLC to me, but GSLC may be more useful?

chanakyajupudi

GSEC would probably the best choice if you want something technical in the options that you have mentioned.

I do not know about the GSLC though. According to GIAC - GSLC is for Security Professionals with managerial or supervisory responsibility for information security staff.

docrice

As a generalization, the GSEC is probably the best ROI out of those three if you're looking for something to provide context when dealing with compliance. Understanding the logic and reasoning in the security domain is incredibly useful as security principles aren't always intuitive. SANS 401 doesn't dive deep into any particular territory, but it definitely serves as a good foundation for systems-oriented folks. It's mostly about realizing the security-perspective. Most network and systems engineers tend to look at availability and performance, whereas security adds on that extra dimension about risks and threats.

PJ_Sneakers

Thanks docrice. I don't have any security certs beyond the Security+. From what I understand, the GSEC material is much more in depth than the CompTIA stuff (except CASP, I guess). I'd like to go down the GIAC path. GSEC, GSLC, GCWN, and GMOB apply directly with the environment I have to support currently. I am a little bit confused on the cert renewal process though.

The way the site reads, CPE renewals have to be handled within the last 3 years of validity? Also, CompTIA A+ N+ Sec+ training counts towards CPE's? So would it be acceptable to take a CompTIA class a year after obtaining a GIAC cert in order to renew it? Does another GIAC cert renew other GIAC certs?

Sorry about the questions.

cyberguypr

My GIAC certs are still valid so I can't speak authoritatively to this, so this is my interpretation. If someone knows for sure please chime in.

You need to understand that as awesome as SANS is, everything is designed to make money for them. The renewal fee is $399 plus you need 36 CPEs. If you take any CompTIA training you can only count up to 12 CPEs as supplemental. The other 24 need to come form one of the options in the first group below:

There are four primary options for earning the 36 CPEs required for certification renewal:
1) Retaking the standard certification exam
2) Attend or teaching ISO 17024 related information assurance training courses
3) Publishing an information assurance related paper, book or article
4) Applying post graduate level information assurance courses

There are also supplemental options that can be combined to help you reach the required
36 CPEs:
1) Other Training Courses / Events
2) Relevant Work Experience
3) GIAC / SANS / Community Participation
4) Cyber Range Exercises
*Note: Typically, at least one primary option is submitted with supplemental options
added as needed.

docrice

Renewing GIAC certs is a bit of a minefield to understand when you first look at it. I have nine GIAC certs that I maintain (and likely sitting for another GIAC exam this year, so that'd make 10). That said, I believe they're considering updating the CPE inclusions to allow for more renewal options. But yes, taking a 6-day SANS class provides 36 CPEs good for a cert renewal. Taking the associated exam for that class gets you another 36 to renew another cert. The time period in which you can apply these for renewing an existing certification is a bit tricky to figure out though.

I took SANS 401 (and the GSEC exam) shortly after taking Security+, so I remember the difference. It's significant.

PJ_Sneakers

OK, so it's 36 credits per cert? And (of course) the most efficient path to credits is from taking their classes and tests.

Man, that might not be feasible for me (time & money). Huge bummer, but I'd rather know on the front end. I appreciate everyone sharing their knowledge on the subject!!!

docrice

There are other ways to obtain CPEs such as attending events, teaching, work experience, other security-related training, etc..

http://www.giac.org/certifications/renewal

PJ_Sneakers

Dude, how in the world do you maintain 360 CPE's?! LOL I'd need a spreadsheet for that.

I guess they are staggered? So you only need to get like 36-ish per year?

docrice

More like 72 CPEs per year since at one point I was averaging about 2 GIAC certifications/year. And yes, I have a spreadsheet to bring some sanity as to how I'm going to allocate specific earned CPEs to cert renewals based on renewal requirements, their effective time periods, etc..

BillHoo

I'm hoping you need these certs for work!

Or, are you one of those odd birds who takes cert exams for kicks?

docrice wrote: »

More like 72 CPEs per year since at one point I was averaging about 2 GIAC certifications/year. And yes, I have a spreadsheet to bring some sanity as to how I'm going to allocate specific earned CPEs to cert renewals based on renewal requirements, their effective time periods, etc..