GIAC Cert training and the CISSP
Hey folks,
Sorry for the confusing headline. I am looking for feedback from people that have taken both SANS training and the CISSP exam. Specifically, people that have taken any of the following SANS classes:
Mods: I understand this might be better in the CISSP forum but I my target audience are people that have gone through the process for GIAC certs so I thought I would try here first.
Sorry for the confusing headline. I am looking for feedback from people that have taken both SANS training and the CISSP exam. Specifically, people that have taken any of the following SANS classes:
FOR408 (GCFE)
FOR508 (GCFA)
SEC503 (GCIA)
ICS410 (GICSP)
I know there is a SANS class designed for CISSP prep but I wont be taking that. Did any particular sections/books/concepts from the classes I listed help prep you for the CISSP? Was the information in these SANS books, classes presented in a way that was helpful for CISSP prep? Or did you think the dedicated materials for CISSP did a better job? I suspect the training materials from the SANS classes is probably more technical then what I would need for the CISSP but maybe there are some sections I can focus on.FOR508 (GCFA)
SEC503 (GCIA)
ICS410 (GICSP)
Mods: I understand this might be better in the CISSP forum but I my target audience are people that have gone through the process for GIAC certs so I thought I would try here first.
Comments
-
cyberguypr Mod Posts: 6,928 ModRemember that the CISSP is and inch deep and a mile wide. The problem with those SANS classes is that they are way more advanced and way more detailed that what you the CISSP test covers. Although they technically help, it's like killing a fly with a cannon. The dedicated CISSP material will be more than enough, especially given your previous certs.
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□Personally I think the CISSP is outdated, it shouldn't be given a fraction of the reputation it currently enjoys. It's really just a Cyber Security Management certification, if you not hiring for a management position, the CISSP should have no influence in your hiring decision process. I would hope in the future as Cyber Security matures, employers will value other more targeted certifications than the generalized CISSP.Still searching for the corner in a round room.
-
BlackBeret Member Posts: 683 ■■■■■□□□□□Have you ever looked at the CISSP domains? (https://www.isc2.org/cissp-domains/default.aspx) None of them are forensics, intrusion analysis, or ICS systems. None of the courses you listed are going to cover anything at all on the CISSP exam, with the exception of GCIA touching lightly on things that may be covered in network security or security engineering, but not at all in the way CISSP will present them.
-
sb97 Member Posts: 109BlackBeret wrote: »Have you ever looked at the CISSP domains? (https://www.isc2.org/cissp-domains/default.aspx) None of them are forensics, intrusion analysis, or ICS systems. None of the courses you listed are going to cover anything at all on the CISSP exam, with the exception of GCIA touching lightly on things that may be covered in network security or security engineering, but not at all in the way CISSP will present them.
-
sb97 Member Posts: 109cyberguypr wrote: »Remember that the CISSP is and inch deep and a mile wide. The problem with those SANS classes is that they are way more advanced and way more detailed that what you the CISSP test covers. Although they technically help, it's like killing a fly with a cannon. The dedicated CISSP material will be more than enough, especially given your previous certs.
-
sb97 Member Posts: 109TechGromit wrote: »Personally I think the CISSP is outdated, it shouldn't be given a fraction of the reputation it currently enjoys. It's really just a Cyber Security Management certification, if you not hiring for a management position, the CISSP should have no influence in your hiring decision process. I would hope in the future as Cyber Security matures, employers will value other more targeted certifications than the generalized CISSP.
-
CIPHERSTONE Member Posts: 30 ■□□□□□□□□□I just passed the GCIA yesterday. Unless the CISSP gets into hex deep packet inspection and analyzing tcpdump, wire shark, bro, scary etc. etc. I doubt you would find it applicable in anything more than a high level.
CISSP has been something I've thought about getting. The feeling I have from other colleagues echoes what others have said that it's more of a broad brush security course similar to the GSEC. I think you could buy one of the CISSP study guides and do a self study. Spend the money on more targeted SANS disciplines in areas you are interested in exploring/working in.
One of the biggest pro's to SANS courses are the instructors who as a general rule have extensive real world experience. Having access to that kind staff is a great advantage.
Interested in packet analysis? You can usually bump into Judy Novak who I think sees the world in hex like Neo saw code.
Just my two cents. -
Mike7 Member Posts: 1,112 ■■■■□□□□□□CISSP has been around for much longer and was for a long time the only few infosec certifications around. Hence the demand by those who do not know better though I am starting to see technical job postings that no longer ask for CISSP but ask for SANS certs. It really is a security management certification that covers entire infosec spectrum with a very board and light stroke. You can check the CISSP forum threads for reading materials; the CISSP official study guide and Eric Conrad (who conduct SANS courses) should cover your needs.There is actually too much information floating around out there. Its a struggle to decide what to focus on.
-
LWB250 Member Posts: 59 ■■■□□□□□□□I did the GISP last year as a work study at SANS Orlando with the expectation that I would go on and take the CISSP. Unfortunately, life got in the way due to a medical issue with a family member, and since I had the free certification voucher for the GISP, I went ahead and took it (and passed) since I knew it wouldn't take near the effort to prepare for that the CISSP would. And yes, I passed.
My employer doesn't require it and more and more openings I see posted have more specific certification requirements and fewer asking for the CISSP. With that in mind, and not that I'm looking for a job or expect to be, I'm just continuing on with my GISP and GIAC certs. -
sb97 Member Posts: 109This has turned into an interesting discussion. While I agree with the people who think the CISSP is overrated (that is an oversimplification) it is still the most widely recognized cert out there. Just for fun I did some searching on Indeed. I left the location field blank and searched for the following keywords:
CISSP - 11520 hits
GCIA - 601 hits
GCIH - 1189 hits
GCFE - 137 hits
GCFA - 274 hits
GICSP - 45 hits
GSEC - 1583 hits
When I did the same search on Dice, I got similar results on a smaller scale. I am not really looking for a job right now either. Pending approvals I am taking the For508 course at the Austin DFIR summit this year. In the meantime, I have been doing some desultory CISSP prep really only because I suspect my job may require it from me down the road.
Edit: added in the data for GSEC as well. That seems to be one of the more common GIAC certs.