SANS challengers group

ibcritn

Bl8ckr0uter wrote: »

Does anyone know exactly what the online bundles and assessment gives you (for 399)?

Yea $399 really isn't bad! Is the online material enough to say lay a solid foundation for the certification?

ipchain

The online material is literally what you see in the books + mp3 files from a live conference. It is more than sufficient to get a great score on the exam.

ibcritn

ipchain wrote: »

The online material is literally what you see in the books + mp3 files from a live conference. It is more than sufficient to get a great score on the exam.

Thanks! SANs courses really aren't that bad then. I can't really justify spending nearly my entire training budget on a 5 day crash course, but $399 isn't that bad.

TrainingDaze

ibcritn wrote: »

Thanks! SANs courses really aren't that bad then. I can't really justify spending nearly my entire training budget on a 5 day crash course, but $399 isn't that bad.

That would be awesome but I'm afraid that if you follow the asterisks on that page it will lead you here (https://www.sans.org/ondemand/bundle.php) which explicitly states:

"The SANS OnDemand Bundle options are available for up to $399 as "supplemental training" when purchasing a course through any of SANS other training programs (Live Training Events, Community SANS, OnSite, SANS vLive!, SANS Mentor or Self Study). When SANS OnDemand is purchased as stand-alone training, it costs up to $3500."

eMeS

Ok, I have to ask a couple of dumb questions/make a couple of dumb statements here.

I know the SANS certifications seem to be highly thought of here and by people within the security industry.

However, when I look at their certifications page I'm left completely muddled and confused. None of it seems to be ordered or described in any way that makes any sense whatsoever.

I have to think that business people that take a serious look at it would have no idea what it means for someone to hold any of the SANS certs either.

Does anyone else question this, or is there some secret handshake to keeping it all straight?

Chris:/* wrote: »

I will be doing the G7799 and hopefully solidify my subject for my GSEC Gold paper.

It was back in 2007 that 17799 was revised to 27002:2005 (see ISO/IEC 17799:2005 - Information technology -- Security techniques -- Code of practice for information security management). 17799 is in a withdrawn state. Fundamentally there is very little difference between the two, however, it seems to me that a company in the business of selling a certification that testifies to an individual's expertise in applying this code of practice would take the time to align their certification to the current ISO/IEC naming. You know, they've only had 4 years to do this...

IMO, this makes me question the credibility of the certification. Does anyone else see this as odd?

I admit I am interested in some of these certs, but am very reluctant to move forward without something addressing these two questions, as well as some indication of what the market demand is for these credentials, of which I've seen little to none.

MS

Bl8ckr0uter

eMeS wrote: »

However, when I look at their certifications page I'm left completely muddled and confused. None of it seems to be ordered or described in anyway that makes any sense whatsoever

What do you mean by this? If you look at the challenge information they do have a good amount of information about the information the exam covers. Lets take a look here:
GIAC Certified Intrusion Analyst (GCIA)

If you look for the certification bulletin it does show the information you are looking for:

GCIA Certification Bulletin

eMeS wrote: »

It was back in 2007 that 17799 was revised to 27002:2005 (see ISO/IEC 17799:2005 - Information technology -- Security techniques -- Code of practice for information security management). 17799 is in a withdrawn state. Fundamentally there is very little difference between the two, however, it seems to me that a company in the business of selling a certification that testifies to an individual's expertise in applying this code of practice would take the time to align their certification to the current ISO/IEC naming. You know, they've only had 4 years to do this...

IMO, this makes me question the credibility of the certification. Does anyone else see this as odd?

I admit I am interested in some of these certs, but am very reluctant to move forward without something addressing these two questions, as well as some indication of what the market demand is for these credentials, of which I've seen little to none.

MS

As far as the G7799, I had never heard of it until Chris mentioned it so I won't even try to defend that one. It could be that it isn't as popular as the other ones. I would go as far as saying that of the jobs I have seen that have mentioned SANS certs, the GCIA, GCIH, GCFW, GPEN and GSEC are the most popular ones. I have seen the GWAPT once or twice. I have seen some posting put GSEC or GSE (GSEC is like CCNA level GSE is like CCIE level so yea). Honestly I think that their technical certs are way, way more popular than their "management" certs.

SANS are very niche. They are no where near as ubiquitous as a MCSE or CCNA but the thing is they seem to fit the niche that I want to be in. I don't want a MCSE job, I want more of a GCIA/GWAPT/GPEN/GCFW type of role. Plus the people who I would need to know about SANS certs, C|EH are the infosec decision makers, hiring managers and etc. Idk that is my mindset about the whole deal. They do cost a ton of money.

Which ones where you interested in?

eMeS

Bl8ckr0uter wrote: »

What do you mean by this? If you look at the challenge information they do have a good amount of information about the information the exam covers. Lets take a look here:
GIAC Certified Intrusion Analyst (GCIA)

If you look for the certification bulletin it does show the information you are looking for:

GCIA Certification Bulletin

Here's what I mean by my statement. Look at this page:

GIAC Information Security Certifications

Certifications are divided into different areas, and there's some kind of leveling indicated within each area.

First, why does it start with levels 4, 5, or 6? Why are there so many certifications in all of these different areas, which taken at face-value don't seem to be all that different.

And I agree, once you dig down a little deeper there is sufficient explanation for each one, but what is missing is something that would make clear sense to someone making business decisions. I just don't see any of that.

I take no issue with the "niche" aspect, I certainly tend to focus on somewhat "nichey" things. The thing with focusing on a niche is that before getting too far into it you really have to know that there is a market demand for that niche, and that you can compete effectively within that niche.

The only experience I've had with a customer mentioning SANS is once where one of my customers mentioned attending one of their lower-level courses. That person clearly stated to me that before the course they were sent about 2 boxes worth of random material that seemed totally unrelated and thrown together, and that it was unclear at times what to read and what not to read. This person did say, however, that the person delivering the material was top-notch.

Bl8ckr0uter wrote: »

As far as the G7799, I had never heard of it until Chris mentioned it so I won't even try to defend that one. It could be that it isn't as popular as the other ones. I would go as far as saying that of the jobs I have seen mentioned SANS certs, the GCIA, GCFW, GCIH, GPEN and GSEC are the most popular ones. I have seen the GWAPT once or twice. I have seen some posting put GSEC or GSE (GSEC is like CCNA level GSE is like CCIE level so yea). Honestly I think that their technical certs are way, way more popular than their "management" certs.

I'm sure it covers what's in 27002:2005, however, it just puzzles me that if you read further into the description they're clearly aware of 27002:2005, but for some reason they've chosen not to align the naming and top-level description of the certification.

Bl8ckr0uter wrote: »

SANS are very niche. They are no where near as ubiquitous as a MCSE or CCNA but the thing is they seem to fit the niche that I want to be in. I don't want a MCSE job, I want more of a GCIA/GWAPT/GPEN/GCFW type of role. Plus the people who I would need to know about SANS certs, C|EH are the infosec decision makers, hiring managers and etc. Idk that is my mindset about the whole deal. They do cost a ton of money.

Which ones where you interested in?

When I consider a cert it is usually for two reasons. The first is that I already did some work that qualifies me for it. I believe in taking credit for what I've done. The second reason is that I am both qualified to hold the cert, and there is significant market demand for that cert that I feel I can exploit.

I'm sure some of these I'm qualified for, but what I'm missing is any indication of market demand that justifies the price-tag.

Here's kind of the crux of things that I'm getting at. The rates at which I bill myself are in no way low, however, I am always looking for ways I can increase those rates. I continually hear all of this greatness about the earning power of various security-focused certs, but see very little evidence of it.

By evidence I don't mean what can be culled from random postings on job boards. I mean understanding what I've paid in the past for security-related skills (admittedly many years ago, when I was a manager that made these types of decisions), as well as what I've seen my customers pay more recently for these sames types of skills in the last several years. They hype just doesn't seem to jive with the reality.

Not only that, I work with many people in the federal sector, in many organizations that do various work for different agencies, including DoD. I've encountered many people that hold Security+ and CISSP, but never a single person that holds a SANS cert...That seems odd to me if there really is significant demand for these things...

Now, I could be totally missing the picture here, in fact I hope I am and someone can clarify this for me, but I personally couldn't justify the investment without being able to clearly see some potential return.

I'm not intending to specifically attack SANS. I think that there are many certification programs that are described just as poorly or worse than this one. It's just that I feel like that we all put a lot of time and money into this stuff. Without market recognition all of that time any money is wasted.

MS

Bl8ckr0uter

Have I ever told you you're my hero?


I think it could be a cost thing. At 1k without training and about 4k with, they certainty aren't cheap. That cost barrier probably pushes 90 percent of candidates out of the running.

eMeS

Bl8ckr0uter wrote: »

Have I ever told you you're my hero?

No, but I appreciate it.

I'm not trying to be a dick or anything. I find the SANS stuff interesting, but I really think if they intend to take it mainstream then they really need to put some business polish on it.

Bl8ckr0uter wrote: »

I think it could be a cost thing. At 1k without training and about 4k with, they certainty aren't cheap. That cost barrier probably pushes 90 percent of candidates out of the running.

More than likely they've structured it more for government and corporations to foot the bill....that makes sense, because that's where the money is.

MS

Bl8ckr0uter

Ok when I get back to a computer I want to steal you words about your rates....

See the thing that makes me so mad is people like me have no real way to get a sans cert besides A:challenging it or B:go into debt trying to pay for the class. It's total bs. But I guess they have to eat too.

Idk you might have a point about return on investment.

eMeS

Bl8ckr0uter wrote: »

Ok when I get back to a computer I want to steal you words about your rates...

Feel free. When in business one should always be looking for how to increase revenue. For what I do that involves selling either the same or different services for more. If someone is a direct employee, that involves getting more experience and trying to increase their salary. Regardless of one's source of revenue, we should all be working to increase our revenue.

MS

Chris:/*

One thing SANS certifications have over other certification bodies is the respect not only in the security industry but the academic industry. One major benefit is if you get your white paper published it is considered equivalent to other academic journals. For someone attempting to attain a PhD that is helpful.

I have had training from numerous vendors including SANS and I have found so far that SANS is the best. Unlike other vendors the SANS training is not to pass the exam but to understand the material that the certification covers.

As to the G7799 statement and its name I understand where you are coming from. SANS chose the name though because it was based on BS 7799 and then modified over time for the new ISO Standards to the current. It used to show the changes over time because some organizations still had their security controls based on the BS 7799 or ISO 17799 and they have not moved forward. Now the certification just covers the current standard. SANS 27000 Implementation & Management

The certification body is GIAC the training body is SANS so you have to go to both pages to find information.

This points to a major complaint that has been brought up here that I have as well. The information surrounding the SANS training and GIAC Certifications is not informative enough. The only way to know which one fills my needs is to do extensive research or talk to people who actually have taken the training. A working description or syllabus would be more helpful than a one paragraph description.

Yes I work in the federal industry as well but I find the reason you see CISSP and Security+ everywhere is because the GIAC certifications are far more difficult to the level of 8750 accreditation you achieve. For IAT III the 8570 standard equates the CISSP as the same thing as the GSE which is ludicrous. In addition the CISSP and Security+ cover more areas of 8570 than any single GIAC certification so it is just good business sense to pick on that fills more check marks.

People I have met with multiple GIAC certifications are typically industry leaders in security, academia and research. The biggest reason I see that is because of the quality of the training and the challenge the certs provide. I do agree that the level system was confusing to me because it is completely different than other vendors. I just grew to accept it and say "alright that is how GIAC does it instead."

I am not trying to defend SANS and GIAC but I do appreciate the training and I believe that their certifications are a better measurement of knowledge than other BIG name certs.

dynamik

eMeS wrote: »

I've encountered many people that hold Security+ and CISSP, but never a single person that holds a SANS cert...

Ouch...

Anyway, this is the best place to start: SANS: Network, Information and Computer Security Training Courses

That breaks down all the courses and their related certifications. The certifications are listed by level 4, 5, and 6 at the page you referenced because they don't offer certifications for the lower-level courses (or higher, there are currently no certifications for level 7 either).

If you click on the link under the "Security" column, you'll go to the course page and then you can view a day-by-day breakdown of the topics covered on the right-hand side of the page. If you click the link under "GIAC Offering," you'll go to the certification page. That provides a high-level overview of the certification. If you want the details, follow the "View Certification Bulletin (Part 2 of Candidate Handbook)" at the bottom. For example, these are the exam objectives for the GSEC: GSEC Certification Bulletin

While this is far from the empirical data you're looking for, you can get an idea of the popularity/demand of a certification by reviewing these pages: GIAC Certified Professionals The total number of certified professionals will appear at the top in bold white letters on the subsequent pages.

You will notice some only have a few dozen while GSEC has over 10,000. The more popular ones are around 1500-2500. I'm not too familiar with the managerial or auditing certifications, but the GSEC, GCIH, and GCIA are staples of the technical offerings. It's also interesting to watch the changes over time. The GPEN has nearly doubled in numbers since I got mine eight months ago. The GCIA and GCIH often place near the top of the salary surveys I see them in. While I think these surveys are often off in terms of the actual numbers, they're usually decent when it comes to identifying how certifications compare against each other.

Bl8ckr0uter wrote: »

At 1k without training and about 4k with, they certainty aren't cheap. That cost barrier probably pushes 90 percent of candidates out of the running.

It's funny looking back at how much I've spent on my Microsoft and Cisco certifications. I think they're easier to swallow because you're spending the money incrementally, but (at least for me personally) the total isn't too far off when you consider practice exams, lab equipment, books, CBTs, etc.

If you're looking for cheaper instruction, I've heard you can sometimes pick up extra copies of the material at the actual conferences. While they don't sell it cheaply, it's significantly less than the course. I'm going to test this out in New Orleans later this month. You can also see if there's a local mentor: SANS: Mentor: Local Network and Computer Security Training I can mentor GSEC and GPEN in Baton Rouge if I can get 4-5 people together.

Edit: You can also sign-up for their work-study program and help facilitate a course for $800 (certification attempt is an additional $500). I was accepted to help with the 502 course in New Orleans, but that's not one of the ones I need.

Chris:/* wrote: »

One thing SANS certifications have over other certification bodies is the respect not only in the security industry but the academic industry. One major benefit is if you get your white paper published it is considered equivalent to other academic journals. For someone attempting to attain a PhD that is helpful.

I've also seen potential employers say that they look for Gold candidates because their papers provides them a sample of their writing, organizational abilities, logic, etc. They could also been shown to prospective clients.

Chris:/* wrote: »

I have had training from numerous vendors including SANS and I have found so far that SANS is the best. Unlike other vendors the SANS training is not to pass the exam but to understand the material that the certification covers.

While I haven't personally taken any of the training, this is unanimously the feedback I receive from everyone who has. They also focus on delivering the concepts in a vendor-neutral (GCWN being the obvious exception) and open-source manner. This makes the courses much more accessible and allows them to focus on the concepts. For example, you may be using enterprise-class products over snort and tcpdump for intrusion analysis, but everything you learn from the course can be easily adapted to the platforms you are using. You're learning TCP/IP, not Product X.

Chris:/* wrote: »

This points to a major complaint that has been brought up here that I have as well. The information surrounding the SANS training and GIAC Certifications is not informative enough. The only way to know which one fills my needs is to do extensive research or talk to people who actually have taken the training. A working description or syllabus would be more helpful than a one paragraph description.

I'll think you'll find the information you're looking for in the links I provided. I agree, that it's not as obvious and easily accessible as it should be. I'll forward this thread over to them because it certainly contains constructive feedback.

Chris:/* wrote: »

People I have met with multiple GIAC certifications are typically industry leaders in security, academia and research.

Unlike MS, I have never met Chris, so this may be true for him.

Chris:/* wrote: »

The biggest reason I see that is because of the quality of the training and the challenge the certs provide. I do agree that the level system was confusing to me because it is completely different than other vendors. I just grew to accept it and say "alright that is how GIAC does it instead."

I am not trying to defend SANS and GIAC but I do appreciate the training and I believe that their certifications are a better measurement of knowledge than other BIG name certs.

One thing that made me appreciate SANS/GIAC a lot more was delving into their exam-writing process (I write questions for the GPEN). It's amazing how far out of their way they go to make sure you don't end up with questions like you do on some other exams (mini-rant: I really find it inexcusable that some of the more popular certification bodies cannot follow the example that SANS is setting).

They have very rigid guidelines that prohibit confusing and misleading wording, and there are multiple levels of review for each question submitted. They want to focus on testing your actual knowledge of the material; not whether you can interpret what they're asking. They also want the exams to be internationally-accessible and don't want to penalize non-English speakers with tricky wording. From the exams I have taken, I can attest to just how far above-and-beyond these exams are from all others I've taken (Cisco would probably come in at #2).

Anyway, in regards to the original topic at hand, I'll be challenging another one or two early this year. Gotta clear out those GSE pre-reqs...

Chris:/*

dynamik wrote: »

Unlike MS, I have never met Chris, so this may be true for him.

I do not understand this comment but I believe you are stating you have not met industry leaders where you are?

I have met the industry leaders in the DC, Maryland Virginia area and in Boston primarily when I travel to those locations. If I am way off base for what you are trying to say please let me know.

dynamik

Chris:/* wrote: »

I do not understand this comment but I believe you are stating you have not met industry leaders where you are?

No. I mean I have multiple certifications and am not an industry leader

I was just poking fun at myself...

Chris:/*

Ah got ya, well there are always the exceptions

TrainingDaze

hopefully I can join this group bl8ckr0uter,

I was denied by SANS for workstudy last fall (although with exams I wouldn't have been able to attend) but I applied again for SANSFIRE in July. I put a little more effort into my application this time and didn't understate my abilities so hopefully I get selected

I think they're offering 37 classes, so the odds of getting put into one of my top picks is kinda low though

eMeS

First apologies to blackrouter for somewhat hijacking his thread.

dynamik wrote: »

Ouch...

It's not meant to be a slam or anything, just an observation. But I think a relevant observation. I'm in front of 20-50 new people almost every week, from various industries and various parts of the country. Even in the DC area at federal contractors I don't run into people that hold these certs.

We should see more people with Security+. CompTIA certs are basically the equivalent of a flea-dip, especially Security+. Even I hold Security+. I don't think you would ever find a hard-core Security practitioner that's gonna bow up with pride about their leet Security+ cert.

From what I've seen, the people that really want to head in that career path tend to have the CISSP or the equivalent experience without the cert.

Not only that, it's not really just SANS....I rarely see anyone that holds a CISM either, and I've often wondered about the value of any of the ISACA stuff.

Chris' explanation makes a lot of sense to me, and I repped him for it. If it's big from an academic standpoint then that explains a lot.

dynamik wrote: »

Anyway, this is the best place to start: SANS: Network, Information and Computer Security Training Courses

That breaks down all the courses and their related certifications. The certifications are listed by level 4, 5, and 6 at the page you referenced because they don't offer certifications for the lower-level courses (or higher, there are currently no certifications for level 7 either).

That really doesn't make anything much clearer for me. It looks like a bunch of classes with a bunch of associated certs, with no clear indication of what the high ground is. Seriously, looking at their stuff makes me want to cry much more than it makes me want to learn about security. That's saying a lot given that much of the work I do involves ITIL....

If I'm like blackrouter, or a business decision maker, and I'm trying to decide where to spend my money, then I think that's important.

It's funny looking back at how much I've spent on my Microsoft and Cisco certifications. I think they're easier to swallow because you're spending the money incrementally, but (at least for me personally) the total isn't too far off when you consider practice exams, lab equipment, books, CBTs, etc.

Yeah, this is a good point. It's easy to drop a bunch of money on stuff. Still, I think it's much easier to make an ROI case for Microsoft, CompTIA, and Cisco certs.

MS

rwmidl

I'm going to chime in and I'm not sure if I will add anything to this conversation or not. Also, hopefully I won't come across as pulling the d!ck card or anything. But in the interest of full disclosure, I do have my GSEC and GCIH which my employer paid for.

Prior to starting work for my current employer I had never heard of GIAC (I had visited on occasion the Sans Storm Institute but that is it). My employer offered a program with SANS where you could take these two courses. I'm all about "free" training, so I signed up for them. I don't even recall really looking in to "what" the courses were about until maybe a few days before they class started.

Are SANS certs very "niche"? Pretty much. To give an idea of how niche, I did a Dice search in my state of GSEC and GCIH (the two certs I hold). Now we are no NY, CA, DC, VA etc, but I was somewhat surprised at the results:

GSEC: 1 listing (and that was in a city about 100 miles from where I live). This was for a network security position, and it also listed, CISSP, SEC+.

GCIH: 0 listings.

The original purpose of this thread was to get together a group to study for some other SANS certs (GCIA and GPEN were listed in the original post). So I decided to search on Dice for those as well.

GCIA: 0 listings
GPEN: 0 listings.

A search on Sec + and CISSP listed the following:

Sec+: 5 results (I was somewhat shocked by the low number)
CISSP: 6 results

Now just to see if it was just my state, I did a search in Dice in VA:

GSEC: 40 results
GCIH: 14 results
GCIA: 13 results
GPEN: 0 results
Sec+: 97 results
CISSP: 199 results

So what does this mean? I think it does show that SANS certs are very niche. In SC (my state) there was 1 GSEC result (GSEC I'd personally equate to the "entry" level SANS cert) vs 5 Sec+ results (which is an entry level security cert). In VA, there were 40 GSEC vs 97 Sec+.

If I were starting out and wanting to get in to Security, I sure wouldn't go the SANS route. Looking at the numbers, it makes more sense to chase the Sec+ and CISSP than it does SANS. I'm sure there are other reasons for SANS not showing up as much (cost, people not knowing much about them, etc).

Not sure if I contributed anything to this conversation, but just thought I'd throw this out there to think about....

ibcritn

rwmidl wrote: »

GCIA: 0 listings
GPEN: 0 listings.

A search on Sec + and CISSP listed the following:

Sec+: 5 results (I was somewhat shocked by the low number)
CISSP: 6 results

Now just to see if it was just my state, I did a search in Dice in VA:

GSEC: 40 results
GCIH: 14 results
GCIA: 13 results
GPEN: 0 results
Sec+: 97 results
CISSP: 199 results

Interesting. I am seeing a lot of people wanting GSEC as well. It makes me think although I really want the skills and knowledge from GCIA, GCIH, GPEN...I can get the knowledge on my own without sitting the for the exam. The best ROI to round off a GIAC cert might be to just sit for GSEC. I mean whats to stop me from getting the knowledge from the above mentioned three if we are talking about whats recongized GSEC might be the way to go....and not to mention it seems like after CISSP, CEH, Sec+ there will be very little new material in GSEC(if any).

I have seen GPEN listed in some jobs that I would like, so I am still going to pursue that, but I may just do GSEC after and prepare for (GCIA/GCIH), but not actually take the exam.

rwmidl

ibcritn wrote: »

Interesting. I am seeing a lot of people wanting GSEC as well. It makes me think although I really want the skills and knowledge from GCIA, GCIH, GPEN...I can get the knowledge on my own without sitting the for the exam. The best ROI to round off a GIAC cert might be to just sit for GSEC. I mean whats to stop me from getting the knowledge from the above mentioned three if we are talking about whats recongized GSEC might be the way to go....and not to mention it seems like after CISSP, CEH, Sec+ there will be very little new material in GSEC(if any).

I have seen GPEN listed in some jobs that I would like, so I am still going to pursue that, but I may just do GSEC after and prepare for (GCIA/GCIH), but not actually take the exam.

I'm not trying to discourage anyone for studying and sitting the exam. I guess it's just look at what is the (potential) return on investment. Is it worth your time (money) to study for something that is a little bit more recognized, then down the road go for the niche (after you gain experience and your employer will foot the bill) or is it better to focus on the niche where it could potentially cost you out of pocket money and the return might not be there.

Chris:/*

ibcritn wrote: »

not to mention it seems like after CISSP, CEH, Sec+ there will be very little new material in GSEC(if any).

I disagree as the GSEC shows you how to do the many of the things that the CEH and CISSP talk about. I will be taking my CEH this month and I have been studying for the CISSP. Could you move on without the GSEC with that knowledge absolutely but you may be missing some golden nuggets.

Chris:/*

rwmidl wrote: »

So what does this mean? I think it does show that SANS certs are very niche. In SC (my state) there was 1 GSEC result (GSEC I'd personally equate to the "entry" level SANS cert) vs 5 Sec+ results (which is an entry level security cert). In VA, there were 40 GSEC vs 97 Sec+.

If I were starting out and wanting to get in to Security, I sure wouldn't go the SANS route. Looking at the numbers, it makes more sense to chase the Sec+ and CISSP than it does SANS. I'm sure there are other reasons for SANS not showing up as much (cost, people not knowing much about them, etc).

Not sure if I contributed anything to this conversation, but just thought I'd throw this out there to think about....

Keep in mind SANS has a number of training classes that do not have corresponding certifications. SANS works to make security professionals while GIAC provdes the certifications covering the information in some of SANS classes. They work hand in hand but the two bodies have different roles.

ibcritn

Chris:/* wrote: »

I disagree as the GSEC shows you how to do the many of the things that the CEH and CISSP talk about. I will be taking my CEH this month and I have been studying for the CISSP. Could you move on without the GSEC with that knowledge absolutely but you may be missing some golden nuggets.

Yea I haven't looked into GSEC much just going by hearing it as "entry-level"

If GSEC is more hands on then that certification will certainly be a lot of fun. Thanks for your input.

Chris:/*

No worries just for you information here is how their certs map out according to my instructor for GSEC.

GSEC is not entry level it is more Associate or Administrator level along with the rest of their Intermediate level certifications. Entry level would be GIAC Information Security Fundamentals (GISF). Professional level would be their advanced certifications. Specialty certifications would be in the Highly Advanced category.

dynamik

eMeS wrote: »

That really doesn't make anything much clearer for me. It looks like a bunch of classes with a bunch of associated certs, with no clear indication of what the high ground is.

That's pretty much exactly what it is. Maybe the problem is that you're assuming there's a hierarchy and you're confused by the simplicity

The course number denotes how advanced the course/certification is. There are actually a couple that build on each other (301, 401, and 501 for security essentials and 560 and 660 for penetration testing), but these are the exceptions. They typically stand-alone; GPEN for penetration testing, GCIH for incident handling, etc. If you're a hiring manager looking for an intrusion analyst, you're going to be looking for someone with a GCIA. It really couldn't be more straight-forward. People that have multiple typically have a GSEC, which is a complimentary foundation.

eMeS

dynamik wrote: »

That's pretty much exactly what it is. Maybe the problem is that you're assuming there's a hierarchy and you're confused by the simplicity

Nice one...

Yeah, that's it, the problem is with me, the potential customer, not understanding the "simplicity" of their offerings. Not that they're offerings are all over the place. It's as if the same people wrote their offerings list that made the Cheesecake Factory menu.

I suspect if I'm having trouble deciphering wtf they're selling, that others are too...

MS

rwmidl

Chris:/* wrote: »

GSEC is not entry level it is more Associate or Administrator level along with the rest of their Intermediate level certifications. Entry level would be GIAC Information Security Fundamentals (GISF). Professional level would be their advanced certifications. Specialty certifications would be in the Highly Advanced category.

To me the GSEC seemed more entry level (Sec+ on steriods), but that perception may be because I've been working in Security so the concepts discussed and covered were mostly familiar to me.

To clarify again, in no way am I discouraging anyone from taking a SANS course or sitting a GIAC exam. As I said previously, prior to starting with my new company a year ago I had never heard of any GIAC exams. Personally, if it were my money and I were trying to break in to the InfoSecurity field, I'm not sure I'd go the route of obtaining GIAC certifications. Down the road, yes but to start out, no.

ibcritn wrote: »

If GSEC is more hands on then that certification will certainly be a lot of fun. Thanks for your input.

I personally thought the GCIH was much more "hands on" than GSEC (GCIH had the capture the flag event on the last day, so you really can't get more hands on than that - GSEC had labs but nothing as all encompassing as the CTF).

eMeS wrote: »

It's as if the same people wrote their offerings list that made the Cheesecake Factory menu.
MS

mmm...Cheesecake Factory...

dynamik

eMeS wrote: »

Nice one...

Yeah, that's it, the problem is with me, the potential customer, not understanding the "simplicity" of their offerings. Not that they're offerings are all over the place. It's as if the same people wrote their offerings list that made the Cheesecake Factory menu.

I suspect if I'm having trouble deciphering wtf they're selling, that others are too...

MS

Are you a potential customer? What areas of security do you specialize in? Do you ever need to manually decode hex packet **** or exploit and pivot through vulnerable systems? Do you regularly identify XSS and SQLi vulnerabilities?

I'm not saying your perspective is wrong, but I'm asking whether that matters? For those of us in the industry, with these types of roles, it really is plain as day. Your complaint is that it's not mainstream enough or easily accessible to everyone. Again, fair enough, but does it matter. That's not their focus. It's not like they're a small organization that's struggling to hang on. They're perpetually selling out enormous classes at their conferences through out the year. You seem to want to fix something that isn't broke.

They're selling highly specialized training. You're not going to go get a GPEN and then apply for a job as a systems administrator where you can maybe integrate some penetration testing into your daily responsibilities. Chances are you're already a penetration tester to some degree, and you want to bolster your credentials. If you want to be an intrusion analyst at SecureWorks, Perimeter, etc., you're clearly going to go for a GCIA (and you really should go for Gold at that point).

I think making these more mainstream would water-down the talent pool and lesson the value of the certification. These certifications have made the difference for me and several others I know getting hired, and the clients I've visited on-site are the most impressed with these certifications.

Earlier teasing aside, I'm not giving you a hard time or being insulting. I'm just saying that if you don't know what you should pursue out of their offerings, they're likely not relevant for what you do.

eMeS

dynamik wrote: »

Are you a potential customer? What areas of security do you specialize in? Do you ever need to manually decode hex packet **** or exploit and pivot through vulnerable systems? Do you regularly identify XSS and SQLi vulnerabilities?

Aren't we all? You're implying that the certifications are exclusively focused on the deep technical side of security, when in fact they seem to propose to cover everything from deep technical to high-level managerial aspects of security.

And yes, if I felt like learning and doing something as specific as what you've mentioned would give me an edge in the market, then I see no reason to artificially limit myself.

dynamik wrote: »

I'm not saying your perspective is wrong, but I'm asking whether that matters? For those of us in the industry, with these types of roles, it really is plain as day. Your complaint is that it's not mainstream enough or easily accessible to everyone. Again, fair enough, but does it matter. That's not their focus. It's not like they're a small organization that's struggling to hang on. They're perpetually selling out enormous classes at their conferences through out the year. You seem to want to fix something that isn't broke.

My complaint is not that it's not mainstream enough. My complaint is that it's difficult to figure out exactly what they're selling, why I need it, and in the grand scheme of things what is the career benefit of any of their specific certifications.

I'm not interested in fixing anything; I'm simply asking questions to try to understand something that seems to be at times purposefully obsfucated.

I'm left thinking of this quote:

Linus wrote:

Btw, and you may not like this, since you are so focused on security, one reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior.

Earlier teasing aside, I'm not giving you a hard time or being insulting. I'm just saying that if you don't know what you should pursue out of their offerings, they're likely not relevant for what you do.

That's very likely the case. But it also doesn't mean that I'm the only one confused about their offerings.

MS