Home page logo

basics logo Security Basics mailing list archives

Re: The Value of GIAC/GSEC Certification
From: "Florian Rommel" <frommel () gmail com>
Date: Thu, 15 Mar 2007 15:20:38 +0200

Kim, I am not sure I agree with you on the assertion of "entry level"
security with a CISSP.

As you mentioned, a CISSP is a broad knowledge test. The SANS GSEC ( I
have a colleague who took it last year) is just what it describes, a
General Security knowledge test. Furthermore, at least when I took my
CISSP some years ago, there was a minimum requirement of experience
for it. CISSP holders usually have a higher ranking then GSECs, BUT
that also varies from company to company. Can you pass a CISSP? Sure
you can, but it is hard and it is very highly regarded. Plus ther is a
procedure to it, as in apply, get approved, get acknowledged, where
the GIAC is online exams... open book etc.

I took my GIAC last year as well (GCUX) and I have to say I was quite
excited as SANS is regarded as one of the best. I will go to another
SANS course this year but the level of people that went to that
particular course was WAY WAY WAY!! below anything I would have
thought. I mean people "started playing with linux last thursday" and
went to a GCUX course? Also the material wasnt really THAT great, at
least if you have quite a few years Unix experience.

I agree that GIACs are very good and the teacher (Hal) was extremely
good. Also the other teachers really know what they are doing and they
are great knowledge pools after class or in breaks. But the rest of
the time you go with the lowest common denominator in the class.But
regarding a GIAC higher then a CISSP, maybe in your opinion, not in
the industries'.

My 2 cents, but I have been wrong in the past so I can of course be
now and if I am I apologize already.

And as far as experience goes, 14+ years, you name it, i have probably
done it (except programming :)...



On 3/14/07, Kim Guldberg <kim () bufferzone dk> wrote:
Ohhhh yes, Big time

CISSP is a broad common body of knowledge certification with no depth at
all. IMHO anybody with 3 weeks time to spend, a reasonable head, a heart
for reading and remembering can pass a CISSP.

GIAC certifications requires knowledge, skill and understanding and has
depth. GIAC certifications are practical as well as theoretical.

A CISSP certification is a foundation certification that will lead to a
entry level job in the IT security industry or a non technical job, i.e.
sales or marketing, unless you have other expert level technical
education in witch case a CISSP will serve as an introduction into an IT
security job

GIAC will lead you to an expert level job, i.e. firewall analyst,
forensic analyst and the likes

Kim Guldberg

andrews () rbacomm com skrev:
> Does the GIAC/GSEC certification have value for someone with the CISSP
> certification?
> I am planning on getting my CISSP this year, but I may have a chance
> to go for the GSEC a bit earlier.  Would that add any value, or is it
> a waste of time if I can attain the CISSP?
> Brad

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]