Firewall Wizards mailing list archives
Re: certification of skill
From: Bill_Royds () pch gc ca
Date: Tue, 12 Feb 2002 12:28:57 -0500
I have both a CISSP and SANS GCIA so I guess I can be unbiased. As others have said, they have different purposes. Like most traditional certifications, the CISSP is just a written test with some prerequisites (3 years security experience at present, including a degree after the end of this year). It does not test the experience but covers a broad enough area that it requires a lot of study to achieve. It also requires ongoing learning and participation in security fora to stay certified. SANS certifications are quite a bit different. They include a couple of tests (often networking plus speciality), but these can't be written until a ~50 page practical paper is submitted and passed. Although one could possibly write the practical without heavy experience, it is very unlikely, since the questions involve analyzing situations that the student has been involved in. For example, the Firewalls and Perimeter Protection cert requires one to specify a system to connect a corporation to the Internet, specifying routers, router ACLs, firewalls, firewall rule sets, network topology etc. and then to report on tests of flow through the design. Even if a student had little previous experience, this practical itself would ensure some real world knowledge. If someone achieved honours status on this, you could be pretty certain that they had some clue about network security design. But the best certification of skill is a résumé that indicates development of significant projects, discovery and solution of significant problems and complements from satisfied employers and customers. That piece of paper is more valuable than any sort of letters after your name. Bill Royds B.Math, GCIA, CISSP ..... Acting System Administrator, Canadian Heritage Information Network (819) 994-1200 X 239 |-------------------------+-------------------------+-------------------------| | | Drew | | | | <simonis () myself com> | To: | | | | firewall-wizards@nfr.n| | | 02/12/02 09:45 AM | et | | | | cc: | | | | (bcc: Bill | | | | Royds/HullOttawa/PCH/C| | | | A) | | | | Subject: | | | | Re: [fw-wiz] | | | | certification of skill| |-------------------------+-------------------------+-------------------------| Eric Globe wrote:
Hi Which is better: CISSP or SANS qualifications (eg. level-1)
Again and again and again... This question seems to be the "are we there yet" of the security industry these days. No matter how many times it has been answered, it will be inevitably asked again. So let me have at it, in a nutshell... They both have their merits, but they both also have their defects. CISSP (which I hold) is more of a policy, managerial type cert. SANS is more of a technical cert, but has less (but growing fast) awareness among the HR community. Make up your own mind, or google for one of the lengthy threads in many places to have your mind made up for you. -Ds _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- certification of skill Eric Globe (Feb 12)
- Re: certification of skill Marcus J. Ranum (Feb 12)
- Re: certification of skill Drew (Feb 12)
- Re: certification of skill Frederick M Avolio (Feb 12)
- Re: certification of skill R. DuFresne (Feb 12)
- Re: certification of skill Tony Howlett (Feb 12)
- Exchange 2000 in DMZ ? Bara Zani (Feb 12)
- Re: Exchange 2000 in DMZ ? Chuck Swiger (Feb 13)
- <Possible follow-ups>
- Re: certification of skill Bill_Royds (Feb 12)
- Re: certification of skill Chad Schieken (Feb 13)
- Re: certification of skill Paul Robertson (Feb 13)