GIAC Cert training and the CISSP

sb97

Hey folks,

Sorry for the confusing headline. I am looking for feedback from people that have taken both SANS training and the CISSP exam. Specifically, people that have taken any of the following SANS classes:

FOR408 (GCFE)
FOR508 (GCFA)
SEC503 (GCIA)
ICS410 (GICSP)

I know there is a SANS class designed for CISSP prep but I wont be taking that. Did any particular sections/books/concepts from the classes I listed help prep you for the CISSP? Was the information in these SANS books, classes presented in a way that was helpful for CISSP prep? Or did you think the dedicated materials for CISSP did a better job? I suspect the training materials from the SANS classes is probably more technical then what I would need for the CISSP but maybe there are some sections I can focus on.

Mods: I understand this might be better in the CISSP forum but I my target audience are people that have gone through the process for GIAC certs so I thought I would try here first.

cyberguypr

Remember that the CISSP is and inch deep and a mile wide. The problem with those SANS classes is that they are way more advanced and way more detailed that what you the CISSP test covers. Although they technically help, it's like killing a fly with a cannon. The dedicated CISSP material will be more than enough, especially given your previous certs.

TechGromit

Personally I think the CISSP is outdated, it shouldn't be given a fraction of the reputation it currently enjoys. It's really just a Cyber Security Management certification, if you not hiring for a management position, the CISSP should have no influence in your hiring decision process. I would hope in the future as Cyber Security matures, employers will value other more targeted certifications than the generalized CISSP.

BlackBeret

Have you ever looked at the CISSP domains? (https://www.isc2.org/cissp-domains/default.aspx) None of them are forensics, intrusion analysis, or ICS systems. None of the courses you listed are going to cover anything at all on the CISSP exam, with the exception of GCIA touching lightly on things that may be covered in network security or security engineering, but not at all in the way CISSP will present them.

sb97

BlackBeret wrote: »

Have you ever looked at the CISSP domains? (https://www.isc2.org/cissp-domains/default.aspx) None of them are forensics, intrusion analysis, or ICS systems. None of the courses you listed are going to cover anything at all on the CISSP exam, with the exception of GCIA touching lightly on things that may be covered in network security or security engineering, but not at all in the way CISSP will present them.

I have looked and there is cross over more than you might think. Especially for the GICSP. While the material was focused on ICS, there was still some baseline stuff that covers topics from 4-5 of the CISSP domains. The question is more how much is it covered and is it worth it to revisit this material or just focus on the dedicated CISSP materials.

sb97

cyberguypr wrote: »

Remember that the CISSP is and inch deep and a mile wide. The problem with those SANS classes is that they are way more advanced and way more detailed that what you the CISSP test covers. Although they technically help, it's like killing a fly with a cannon. The dedicated CISSP material will be more than enough, especially given your previous certs.

Thank you. This is kind of what I was thinking. I may hold back on revisiting them unless I really struggle with something. That is one problem I have with the CISSP. There is actually too much information floating around out there. Its a struggle to decide what to focus on.

sb97

TechGromit wrote: »

Personally I think the CISSP is outdated, it shouldn't be given a fraction of the reputation it currently enjoys. It's really just a Cyber Security Management certification, if you not hiring for a management position, the CISSP should have no influence in your hiring decision process. I would hope in the future as Cyber Security matures, employers will value other more targeted certifications than the generalized CISSP.

I dont disagree. On the other hand, at my current job they are pushing people in our partner groups to get their CISSP. I think it is only a matter of time before I am told to go do it. May as well get started.

CIPHERSTONE

I just passed the GCIA yesterday. Unless the CISSP gets into hex deep packet inspection and analyzing tcpdump, wire shark, bro, scary etc. etc. I doubt you would find it applicable in anything more than a high level.

CISSP has been something I've thought about getting. The feeling I have from other colleagues echoes what others have said that it's more of a broad brush security course similar to the GSEC. I think you could buy one of the CISSP study guides and do a self study. Spend the money on more targeted SANS disciplines in areas you are interested in exploring/working in.

One of the biggest pro's to SANS courses are the instructors who as a general rule have extensive real world experience. Having access to that kind staff is a great advantage.

Interested in packet analysis? You can usually bump into Judy Novak who I think sees the world in hex like Neo saw code.

Just my two cents.

Mike7

CISSP has been around for much longer and was for a long time the only few infosec certifications around. Hence the demand by those who do not know better though I am starting to see technical job postings that no longer ask for CISSP but ask for SANS certs. It really is a security management certification that covers entire infosec spectrum with a very board and light stroke. You can check the CISSP forum threads for reading materials; the CISSP official study guide and Eric Conrad (who conduct SANS courses) should cover your needs.

sb97 wrote: »

There is actually too much information floating around out there. Its a struggle to decide what to focus on.

Know everything but at a much less deeper level than SANS. CISSP is designed for experienced practitioners and there is 5 years experience requirement. As you go through the 8 domains, there will be areas that you know and do not know. Focus on the unfamiliar and weak areas. Your areas of weakness may be risk management, asset security and software development security.

LWB250

I did the GISP last year as a work study at SANS Orlando with the expectation that I would go on and take the CISSP. Unfortunately, life got in the way due to a medical issue with a family member, and since I had the free certification voucher for the GISP, I went ahead and took it (and passed) since I knew it wouldn't take near the effort to prepare for that the CISSP would. And yes, I passed.

My employer doesn't require it and more and more openings I see posted have more specific certification requirements and fewer asking for the CISSP. With that in mind, and not that I'm looking for a job or expect to be, I'm just continuing on with my GISP and GIAC certs.

sb97

This has turned into an interesting discussion. While I agree with the people who think the CISSP is overrated (that is an oversimplification) it is still the most widely recognized cert out there. Just for fun I did some searching on Indeed. I left the location field blank and searched for the following keywords:

CISSP - 11520 hits
GCIA - 601 hits
GCIH - 1189 hits
GCFE - 137 hits
GCFA - 274 hits
GICSP - 45 hits
GSEC - 1583 hits

When I did the same search on Dice, I got similar results on a smaller scale. I am not really looking for a job right now either. Pending approvals I am taking the For508 course at the Austin DFIR summit this year. In the meantime, I have been doing some desultory CISSP prep really only because I suspect my job may require it from me down the road.

Edit: added in the data for GSEC as well. That seems to be one of the more common GIAC certs.

sb97

By the way, thanks to everyone for the replies.