Poll: Hardest InfoSec Cert
dbailey007
Banned Posts: 21 ■□□□□□□□□□
Hey everyone. I would love to get your thoughts on the InfoSec certs that are the hardest to obtain.
If you have a second, please write down your top 3 most difficult certs. Even if you don't have three, reply with one difficult exam that you have taken. I know Offensive Security is going to be there, but who else?
Thanks!
If you have a second, please write down your top 3 most difficult certs. Even if you don't have three, reply with one difficult exam that you have taken. I know Offensive Security is going to be there, but who else?
Thanks!
Comments
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□"Hardest" is a relative term.
Why does it matter to you what InfoSec cert is the "hardest"?2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
cyberguypr Mod Posts: 6,928 ModTo me the hardest InfoSec cert is CEH because I struggled to associate my name with their crap.
Why does he want to know? I'm guessing content for CertBase. -
dbailey007 Banned Posts: 21 ■□□□□□□□□□Hi iBrokeIT. Definitely agree that it is relative, which is what makes it interesting to me. Obviously the difficulty of a cert is certainly something to consider when choosing one. If you don't have a lot of free time or experience, the most challenging cert is probably not the best choice. Also, I tend to think that difficulty is related to respect or credibility of the cert. If you can pass it by reading a ****, then it probably isn't that good a measure of competency.
I also wanted to write a blog post on the topic so I'd really love some feedback! -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Probably the GSE since there only 200(ish?) and require mutiple GIAC certs.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Probably the GSE since there only 200(ish?) and require mutiple GIAC certs.
Also one of the most expensive certifications as well. When you consider the requirements are 2 gold level and 1 Silver level SANS cert, your talking about a 20 to 30 grand investment.Still searching for the corner in a round room. -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□TechGromit wrote: »the requirements are 2 gold level and 1 Silver level SANS certain
I think you need to reread the requirements because that isn't the only pre-requisite path to qualify for the GSE.
GIAC Information Security Expert | GSE Certification
Please be more careful about posting stuff you aren't familiar with and haven't double checked.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□TechGromit wrote: »... your talking about a 20 to 30 grand investment.
If you go the work study and/or gold paper route you can stay under the $20k mark. Again, paying straight retail isn't the only path.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
636-555-3226 Member Posts: 975 ■■■■■□□□□□cyberguypr wrote: »To me the hardest InfoSec cert is CEH because I struggled to associate my name with their crap.
Seconded. About a quarter of the way through my first and last EC-Council cert studies I debated whether I wanted to claim knowledge of this garbage on my LinkedIn profile. I eventually figured most people don't know jack about EC-Council quality so it wouldn't hurt to have and just bagged the studies and took the exam cold, nearly acing it. I still encourage everybody I know to avoid EC-Council like the plague unless they want the CEH for the resume. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□I think you need to reread the requirements because that isn't the only pre-requisite path to qualify for the GSE.
Please be more careful about posting stuff you aren't familiar with and haven't double checked.
GIAC Information Security Expert | GSE Certification
GSE pre-requisite list (including substitution options):- GSEC, GCIH, GCIA with two gold
- GSEC, GCIH, GCIA with one gold and one substitute
- GSEC, GCIH, GCIA with no gold and two substitutes
- GCWN, GCUX, GCIH, GCIA with one gold
- GCWN, GCUX, GCIH, GCIA with no gold and one substitute
So if you take three SANS classes at $5,600, pay $675 for the exams and pay $400 each to turn two of them gold (plus the research papers), you get $19,625. Two gold and 1 silver, that's what I said. The GSE exam is $399 and the lab $2,100, that adds up to $22,124 minimum. Without golds, the cost goes up to $33,874
If you lucky your could pick up a facilitator gig or two to reduce the cost, but there no assurance they will pick you. I guess in theory you could challenge all 3 exams, flip two to gold and only pay $6,299 total for your GSE.Still searching for the corner in a round room. -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□TechGromit wrote: »When you consider the requirements are 2 gold level and 1 Silver level SANS certainTechGromit wrote: »There's not? Guess you over looked this page.
GIAC Information Security Expert | GSE Certification
GSE pre-requisite list (including substitution options):- GSEC, GCIH, GCIA with two gold
- GSEC, GCIH, GCIA with one gold and one substitute
- GSEC, GCIH, GCIA with no gold and two substitutes
- GCWN, GCUX, GCIH, GCIA with one gold
- GCWN, GCUX, GCIH, GCIA with no gold and one substitute
I think you are confusing yourself. In your first post you say "two gold level and 1 silver" when clearly that isn't the only path.
Again, if you did work study x5 @ $1100 and the $399 + $2100 GSE attempt that would be $7999 which by my math is below the $20k you cited.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
Mike7 Member Posts: 1,114 ■■■■■□□□□□636-555-3226 wrote: »I still encourage everybody I know to avoid EC-Council like the plague unless they want the CEH for the resume.
Other than that, I prefer to associate my name with (ISC)2 and ISACA certs. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Again, if you did work study x5 @ $1100 and the $399 + $2100 GSE attempt that would be $7999 which by my math is below the $20k you cited.
Is it cheaper to go the Work Story route? Absolutely, but you could apply for every work study opportunity for years and never get selected. You need to be a little bit lucky to get work study gigs. I guess if you knew someone like a instructor that recommended you could get selected, but where would you meet an instructor without ever attending a SANS conference? Meet them at another security conference and make friends? Your route relieves heavily on luck, my route doesn't.Still searching for the corner in a round room. -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□TechGromit wrote: »where would you meet an instructor without ever attending a SANS conference? Meet them at another security conference and make friends?
I'm getting a recommendation from an instructor for a work study later this year because a co-worker at my current job used to work with the instructor at a previous company... aka I know a person who knows a person -
TechGromit Member Posts: 2,156 ■■■■■■■■■□NetworkNewb wrote: »I'm getting a recommendation from an instructor for a work study later this year because a co-worker at my current job used to work with the instructor at a previous company... aka I know a person who knows a person
Not everyone is so lucky. I went out drinking with two instructors on the 5th day of a SANS training conference, but be hesitant to hit them up for a recommendation.Still searching for the corner in a round room. -
SaSkiller Member Posts: 337 ■■■□□□□□□□"If you can pass it by reading a ****, then it probably isn't that good a measure of competency."
That is a foolish statement. Just because a candidate is capable of dumping a cert does not mean that the cert has no value, and that no candidate with it can be considered competent.
There are **** available for almost every cert out there. And there are a lot of qualified, competent individuals. People want certs to be a black and white area where you can guarantee competence. It just doesn't work that way yet.OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio. -
BlackBeret Member Posts: 683 ■■■■■□□□□□"If you can pass it by reading a ****, then it probably isn't that good a measure of competency."
That is a foolish statement. Just because a candidate is capable of dumping a cert does not mean that the cert has no value, and that no candidate with it can be considered competent.
There are **** available for almost every cert out there. And there are a lot of qualified, competent individuals. People want certs to be a black and white area where you can guarantee competence. It just doesn't work that way yet.
I agree with what you're saying and since there's a **** available for almost every cert you really have to look at the candidates closely, what they've done work wise, how they perform in the interview labs, etc. However, given a stack of resumes for a Linux related position the people with RHCSA are going on top of the people with Linux+ because of the amount of candidates we've seen with Linux+ and no actual Linux abilities. I think dbailey is just trying to factor that concept in with the difficulty rating, and he's not wrong about it unfortunately. -
BlackBeret Member Posts: 683 ■■■■■□□□□□The most difficult exams I have taken -
1. GCIA - It's very technical and even with a lot of preparation and being open-book you still have to be able to work through the given problems. It's very deep technically speaking.
1.5. CISSP - The breadth of knowledge required is extreme. It's the opposite of GCIA, you have to learn a little about a LOT of topics, it doesn't go near as in depth technically. I rank it just under GCIA because it's not as technical, even though you need to learn more topics you don't really have to be any type of expert in a particular topic. This is also why I approve of their extreme endorsing policies, they want to make sure you are in expert in a few of the topics and still have an understanding of all of the other areas. -
gespenstern Member Posts: 1,243 ■■■■■■■■□□I'm about to start my OSCP in next few months and one hypothesis that I wanted to test by accomplishing this is that the exam's complexity is seriously exaggerated. What could be hard here after all. There's a limited variety of penetration and post-penetration techniques that you are supposed to learn and lab and then just apply what you've learned.
I'd vote for recent MS exams, they are pretty hard. If you look at TE forums you'll notice that there's just too many folks who attempt exams such as 70-410 or 70-412 multiple times and fail. -
Sheiko37 Member Posts: 214 ■■■□□□□□□□gespenstern wrote: »I'm about to start my OSCP in next few months and one hypothesis that I wanted to test by accomplishing this is that the exam's complexity is seriously exaggerated. There's a limited variety of penetration and post-penetration techniques that you are supposed to learn and lab and then just apply what you've learned.
You make it sound like they just give you a simple list of what to learn. -
OctalDump Member Posts: 1,722I think you are confusing yourself. In your first post you say "two gold level and 1 silver" when clearly that isn't the only path.
Again, if you did work study x5 @ $1100 and the $399 + $2100 GSE attempt that would be $7999 which by my math is below the $20k you cited.
Has anyone done it that way? Given that the 5 you can take are from a limited pool, it looks like it would be challenging to achieve 5 work studies, maybe even harder than the GSE
I think a 20k figure is probably reasonable, given that you'd probably have a bunch of other costs on top of the actual courses and exams (travel, accommodation, practice times, more books, lab etc). I think a similar figure has been given as a starting place for CCIE.
Not to mention the opportunity cost if you are earning a good amount of money.
Although I expect most people doing the GSE are either writing it off as business expense, or having a good part paid for by their employer.
It is in an interesting position, though, since as a non-vendor certification there won't be the same incentives for businesses to get their staff certified.2017 Goals - Something Cisco, Something Linux, Agile PM -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Has anyone done it that way?
You might be able to pick up one or two work studies, but five, that's wishful thinking. You can do online training to minimize travel/accommodation costs, that's why I didn't include it in my estimates. If I were to add up training and travel costs, I'm up to over 16k for two GIAC certs (assuming I pass the GCIH). Fortunately my company has picked up the entire tab so far, if the current trend holds, it will cost over 40k for me to obtain a GSE.Not to mention the opportunity cost if you are earning a good amount of money.
Really don't know if the cost for the GSE is worth the investment. I've seen very few jobs that just specific a GSE, usually most job postings will happy to accept a few GIAC certs. You also have to remember that only 150 people ever had a GSE and around 140 are still current, that's an extremely limited talent pool.Still searching for the corner in a round room. -
cyberguypr Mod Posts: 6,928 ModI met a guy at my last work study that skewed every single work study statistic. In 2015 he did 5 courses through the program. He quit his job for health matters and after everything went back to normal he decided to live off savings for a while and just do work study. He's local to the NoVa area so he had a lot of events he could do. After a the first few I'm sure the SANS peeps knew him on a first name basis.
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□cyberguypr wrote: »After a the first few I'm sure the SANS peeps knew him on a first name basis.
That's exactly how it goes with some of the people I met at Security West. A few of them said they have a good rapport with the work study coordinator and send email to that person before sending in their app. A few of them were on their 6th or 7th work study.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
TechGromit Member Posts: 2,156 ■■■■■■■■■□You still have to consider even with work study, unless your employers picks up the tab, airfare, accommodations, meals are at least $2,000, add that to the cost of work study, it's 3,000+. If your lucky the SANS training event will be held local to you, but from what I understand, they prefer you stay onsite so your at there beckon call. I'm sure I could get my employer to pay for the work study after I get the certification for the class, but I'm not so sure they would be willing to pay for other costs, especially if I they already paid for training / travel once that year for me. The training budget isn't bottomless.Still searching for the corner in a round room.
-
cyberguypr Mod Posts: 6,928 ModGood point. I completely neglected to mention that this guy lived in his car while doing all of those Work Study sessions. I can't do that. Respect.
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□cyberguypr wrote: »After a the first few I'm sure the SANS peeps knew him on a first name basis.
So they knew him by name...and smell? Seven days is a long time to be living out of a car, I guess he washed up in the restrooms each morning with cold water.
Does anyone know if they needed someone for work study, would they allow you to work one course and give you the materials for another? I'm sure they prefer to have someone that does work study take the same course as they facilitate, but if they were hard pressed to find someone fill a slot, are they flexible?Still searching for the corner in a round room. -
gespenstern Member Posts: 1,243 ■■■■■■■■□□TechGromit wrote: »So they knew him by name...and smell? Seven days is a long time to be living out of a car, I guess he washed up in the restrooms each morning with cold water.
There's a trick to deal with it. You find a nearby gym that allows one-timers and go there to "exercise", but instead you just go straight to a shower room. -
OctalDump Member Posts: 1,722gespenstern wrote: »There's a trick to deal with it. You find a nearby gym that allows one-timers and go there to "exercise", but instead you just go straight to a shower room.
Yet another valuable tip this site has given me.2017 Goals - Something Cisco, Something Linux, Agile PM -
chanakyajupudi Member Posts: 712This discussion went about being a SANS / Work Study discussion. I have been able to get into 5 over the last 3 years. I am sure it is not as easy as it was a few years ago. I got docked my On Demand subscription because I was not wearing the dress code the 5th time.
I hear the competition is very high and in some countries SANS are not direct. They have a company that manages that for them which makes it even harder because that company sends in their employees / consultants to do the work study.Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
http://adarsh.amazonwebservices.ninja -
cyberguypr Mod Posts: 6,928 ModWHAATT!!!!. Every event I've been to is very lax on dress code the setup and last day because there's so much physical work and clothes may end up getting messed up.