mailing list archives
RE: [ok] Certifications
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 22 Nov 2004 06:37:47 -0600
While I gotta agree that experience is what counts, what (if
any) specialist certs should a tertiary student, with a
special interest in security, use to underpin their prac?
P.S. If I'm too ignorant to warrant a civil answer, like
being told to go to the movies, my apologies in advance so no
Not everyone on this list are crude brainless kiddies Paul (though too many
are ;) Having said that, let me address your main point. With a number of
letters behind my name (will have to drop the CCDA to accommodate my
upcoming GSNA), I feel qualified to answer your question.
For some reason the CISSP is considered one of the most prestigious certs.
I describe it as a river a mile wide and 6 inches deep. However, I found it
relatively easy to obtain with no schooling required, as were all my other
certs, except for the GSEC that required an 8x12-hour day intensive SANS
class (in my case complemented with a co-ordinated national meeting of
military IS people and keynote by Richard Clarke, who I respect very much).
I tell people that you come out of that either scared to death or with a
brain, two hat-sizes bigger.
Most GIAC certs are very technical in nature. I describe them as being a
quarter-mile wide and 20 feet deep. Although I passed the GSEC on first try,
the test was much more difficult than the CISSP. That is why I decided to
pursue my GSNA as opposed to a CISA. And in that one 6-day class, I
shoe-horned enough stuff in my brain to keep me busy for months. Well worth
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
Full-Disclosure - We believe in it.