Expectations for GSEC in the real-world

docrice

If someone were to have a GSEC by itself and was relatively new to the field, how would employers generally view this person? I'm trying to confine the realistic expectations and perceptions of the GSEC. I know it's kind of a broad intro to infosec (although I grant you it commands more respect than, say, Security+) and there are always other factors to consider such as working experience, individual character, other skill sets, etc., but would you consider someone with just this cert for a sysadmin (or any junior security-related) position?

I'm studying for the exam right now and while I feel it covers a pretty good foundational base, I don't think it's sufficient by itself to get your foot in the door. As an employer I'd probably be more impressed with at least an additional GIAC cert.

dynamik

The GSEC definitely looks good for entry-level positions. I'm pretty sure one of our guys was hired over other candidates simply because he had that.

If you really want to impress an employer, write a paper and go Gold

docrice

I actually plan to do Gold as I don't mind writing. I also don't want the "cheap" GSEC but rather live up to the original standards with the "practical" portion. For my particular situation, I'm not looking for a beginner-level position though since I've been working in the IT industry for over a decade, although not in a dedicated infosec position (I've done some firewall and VPN work already). I'm looking to eventually lean a lot more towards that focus and I need to be able to demonstrate it at least on resume.

The reason for the question is because up until recently, I never bothered to get any certs, but I decided it was time for some knowledge-gap filling ... but wasn't sure what the real status of these various certs were except for the name-brand ones that the vendors toss out.

dynamik

What I consider to be entry-level in infosec and entry-level in IT in general are two very different things. I wouldn't recommend the GSEC to someone looking for a help desk position.

Are you doing this self-study, or are you getting the course? Is there a reason you're not doing something like the GCFW?

docrice

I'm doing the SANS self-study / OnDemand course. Pricey, but I think it's worth it over the travel costs. The reason I'm going for the GSEC is 1) well-known acronym that semi-knowledgeable employers might be familiar with, 2) it would help with my core foundations, parts of which I might not have had a lot of exposure to / help with seeing the bigger picture, and 3) "pay my dues." In my view, it doesn't make sense to do all the complex technical work without having a solid grasp of the underlying business / non-business motivations. It's one thing if all of this was just a hobby for me, but another thing entirely if I'm trying to help an organization succeed.

I do eventually plan to follow-up with GCIA and / or GCFW when budget allows. That said, a lot of GIAC courses look very promising and it's hard to decide what to choose. I should clarify when I said "lean towards that focus" - I meant in terms of the security area, not specifically for VPNs and firewalls. That's all fun and good, but I need more than that out of life.

dynamik

Yea, tell me about it. I unfortunately have very little funds, so I need to challenge these. On the plus side, I can get the courseware when they are up for renewal. I'll be challenging the IA and IH sometime in order to be only a gold paper away from being GSE eligible. I just picked out about a dozen books on amazon that'll hopefully help get me there. Paul Boz just passed his GSEC and GCIH (now I'm the one behind ), and we're going to detail our GSE studies on my blog, so keep an eye on that. Content should start getting added in a matter of weeks.

BTW, I agree 110% on developing a solid foundation and understanding the business objectives that necessitate security.

JDMurray

docrice wrote: »

The reason I'm going for the GSEC is 1) well-known acronym that semi-knowledgeable employers might be familiar with

And with the CISSP and Security+ even more so.

If you are simply looking to increase your market value, be aware that most employers who list the GSEC in their job posting also seem to be equally impressed with lesser, cheaper security certs. Search the popular tech job boards for "GSEC" and see how many postings bury the GSEC in a long listing of other, "nice to have" and "a major plus" certs. You will be very hard pressed to find job positions that specifically list the GSEC as a required cert. Those jobs are likely only in the Virginia/Maryland/D.C. area and will probably want you to already have a DoD TS/SCI clearance too.

You may decide to go on for the GSEC anyway, but people reading this thread in the future should be aware that they have less-expensive options for improving their resume.

docrice

I was under the impression that the GSEC was getting more recognition lately. In any case, I've already paid for the course, have the exam scheduled, plus it strengthens the basics which I'm supposed to already know pretty well (which isn't necessarily the case in all areas). The CISSP is the next one on my list anyway.

While I may eventually pursue vendor-specific stuff like CCSP, etc., I like the brand-neutral approach of the GIAC courses and in looking through their catalog, find it hard to decide which one will be next.

JDMurray

docrice wrote: »

While I may eventually pursue vendor-specific stuff like CCSP, etc., I like the brand-neutral approach of the GIAC courses and in looking through their catalog, find it hard to decide which one will be next.

Then definitely go for the GSEC. If I could go for any security cert (that I was qualified for) without regards to cost, it would be the GSEC. If I wanted the most recognition for my resume then it would be the CISSP.