Fwd: Looking for a little help

[j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)]

Hello,

To follow up on what Chris wrote, I just don't see a huge demand out there
for the SANS certifications.  Maybe there is and I am just not seeing it (or
blissfully ignorant of it!).  In the industry, the best known certs, and
those that appear (rightly or wrongly) to be considered the gold standard
are the CISSP, CISA, and CISM.  Granted these are more management level
certs and less hands on, but many employers don't seem to be making that
distinction.

Also as Chris alludes to, once you have some of these major certifications,
the law of diminishing returns kicks in and obtaining additional ones
becomes less and less valuable.  You also have the factor of additional
experience and reputation (hopefully good!) that lessens the values of certs
over time.  You have to do a cost/benefit analysis.  It may not be worth the
money and time to get that additional cert.

The true value of certs can be debated round and round (and have been on
this list several times).  Unfortunately for many (again rightly or wrongly)
they are sometimes necessary to get your foot in the door.  I am sure there
are many woefully unqualified individuals with a string of impressive
certifications after there name as there are highly qualified uber elite
kung fu security specialists who have none.

Well that is my opinion for what it is worth!

Jody

 

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Clymer
Sent: Wednesday, February 10, 2010 2:26 PM
To: PaulDotCom Security Weekly Mailing List
Cc: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Fwd: Looking for a little help

Mick, can you link or describe any of these GSE type jobs?  Somehow  
ive just never seen them. The challenge of going GSE sounds like a lot  
of fun...i just havent yet convinced myself that all that hard work  
and money would really benefit my career any more then dedicating the  
same effort and less $$$ elsewhere.

There are few enough GSE level technical folks out there that today at  
least they generally have no issues finding jobs without the cert.

Problem for SANS is some employers will pay for domain specific  
courses certs, few will spring for the GSE and its a sizable personal  
commitment. Ive self funded a few exams, but those all cost under $600.

Honestly, i could argue for days about certs.  I have a love/hate  
relationship with them, i still cant make up my mind if theyre helping  
our industry become more or less mature

Sent from my iPhone

On Feb 10, 2010, at 12:32 PM, Michael Douglas <mick at pauldotcom.com>  
wrote:

> Disclaimer: I'm not a SANS instructor but I do play as a junior one at
> community events.  As such, I don't have much of an insider's view on
> this cert...
>
> Here's my take on this:
> The GSE is the uber cert.  It's meant to be like the CCIE is... for
> someone who wants to remain deeply technical and earn the very top
> salary in our industry this is the way to go.  All the postings I see
> where GSE is even mentioned are stone cold NINJA level.
>
> The current GSE reqs are here:
> http://www.giac.org/certifications/gse.php#prereq
>
> As for why more/all SANS instructors don't have it?  My guess (and
> this is only a guess) is that they don't need it... if it's not needed
> they'll spend the time/effort instead on teaching classes -- which is
> probably in SANS overall better interest. (Heck it's in our industry's
> interest too... I'd rather see several hundereds of people get better
> at infosec than just a handful of ninjas made.  True it's not an
> either/or choice, but humor me OK?)  Also I'd be interested to see how
> GIAC/SANS would address conflict of interest issues...  It might make
> it a little fishy if a super majority of the cert holders are
> "internal" to the organization.
>
> Finally, market forces being what they are, I think the case for the
> GSE is such that it isn't for everyone.  If you're highly motivated,
> have some talent, and want to make serious coin, the GSE is for you.
> True the GSE is costly to get, but you can shave the monetary expense
> greatly by TA'ing the classes you need.  The true costs I see are
> time... and it is a significant investment... but the payoffs (at
> least from where I'm sitting) appear to be quite nice indeed.
>
> At some point a few years out, I might go for the GSE... I know I want
> to get other GIAC certs.  I guess the biggest thing I don't get is
> that in light of all the pros for this cert that more folks don't
> attempt it.  Yes it's hard to get... but that's by design.  We do not
> value that which is easily obtained (don't know if I'm quoting someone
> or not)
>
> My take on this distilled all the way down is this:  If you're on the
> fence about the GSE, freaking do it already.  If you're at a point
> where you can consider grasping the brass ring, why would you not?
>
> <end of ramble>
>
> - Mick
>
>
>
>
> On Wed, Feb 10, 2010 at 11:04 AM, Chris Clymer <cclymer at gmail.com>  
> wrote:
> > Problem for me is that the GSE is f'ing expensive, i dont believe  
> > the certs
> > i have count in more than a minor way (GPEN & GWAPT) and ive never  
> > seen it
> > on a job app.
> > Great accomplishment if you can swing it, but i question the ROI.   
> > As far as
> > i can tell most SANS instructors dont even have it.
> > I was on the email chain about revising GSE requirements, and i  
> > still cant
> > tell what i would need to do to get it. As a SANS instructor, is it  
> > any more
> > clear to you?
> >
> > Sent from my iPhone
> > On Feb 9, 2010, at 8:23 AM, John Strand <strandjs at gmail.com> wrote:
> >
> > This is odd....  Chris wants to take the GSE exam and needs to have  
> > some
> > more people sign up or the test is going to get canceled.
> >
> > Well, the challenge is out.  Get out and and sign up for the GSE.
> >
> > Look, I am one of the first people to say that many tech  
> > certifications in
> > and of themselves mean little.  However, in many situations they are
> > required to get and maintain the job you want...  When you look at  
> > many of
> > the cool jobs in security they are asking for SANS certs... Why?  
> > Because
> > they mean something.
> >
> > This one means even more. This industry needs to have a cert where if
> > someone has it we can say with a high degree of certainty that they  
> > know
> > what the hell they are talking about on a wide variety of topics in
> > security. GSE is that cert.
> >
> > I also know that many of you collect SANS certs like Pokymon  
> > cards...  GSE
> > is a nice cap.
> >
> >
> > ---------- Forwarded message ----------
> > From: Chris Mohan <christopher.mohan at gmail.com>
> > Date: Tue, Feb 9, 2010 at 3:48 AM
> > Subject: Looking for a little help
> > To: strandjs at gmail.com, jstrand at sans.org
> >
> >
> > Hello John,
> >
> > I'm after a little bit, well possibility a lot, of help from you.
> >
> > I've decided attempt the GSE exam this year. That's not the problem,
> > although a touch of insanity and delusion on my part perhaps.  The  
> > problem
> > is that only one other person has also signed up, despite GIAC  
> > changing the
> > requirements.
> >
> > The bit of help I'm after is for you and the folks at Pauldotcom to  
> > put out
> > the challenge to other saner folk to step up with me and get on to  
> > the GSE
> > track.
> >
> > If an English bloke, living in Australia that works with Windows -  
> > and the
> > fully featured firewall that is ISA - can try for the GSE, then I'd  
> > hope for
> > at least five of your ex-students or PDC listeners to take that  
> > step with
> > me.
> >
> > There seems to be a massive fear factor about the GSE exams, so  
> > I've started
> > off a blog, witty entitled http://gse.chris-mohan.com to chart my  
> > attempt
> > and break down some of that GSE FUD.
> >
> > As Paul and Larry first put me on the path to SANS training, back in
> > December of 2005, it would be a neat twist of fate if they could  
> > help out by
> > getting me some brilliant people to be part of the final two day  
> > practical
> > exam.
> >
> > I'd love to be in the room in Las Vegas working with some great  
> > minds to
> > nail the last day's challenge. You and the guys either know or can  
> > reach
> > these people and can inspire them to give it a try.
> >
> > To quote a chick with bagels on her head "This is our most  
> > desperate hour.
> > Help me, Obi-Wan Kenobi; you're my only hope"
> >
> > A desperate, somewhat over-dramatic plea from the Sunny shores of  
> > Sydney
> >
> > Chris
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com