PaulDotCom mailing list archives
Fwd: Looking for a little help
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Sat, 13 Feb 2010 00:40:42 -0500
Hello, To follow up on what Chris wrote, I just don't see a huge demand out there for the SANS certifications. Maybe there is and I am just not seeing it (or blissfully ignorant of it!). In the industry, the best known certs, and those that appear (rightly or wrongly) to be considered the gold standard are the CISSP, CISA, and CISM. Granted these are more management level certs and less hands on, but many employers don't seem to be making that distinction. Also as Chris alludes to, once you have some of these major certifications, the law of diminishing returns kicks in and obtaining additional ones becomes less and less valuable. You also have the factor of additional experience and reputation (hopefully good!) that lessens the values of certs over time. You have to do a cost/benefit analysis. It may not be worth the money and time to get that additional cert. The true value of certs can be debated round and round (and have been on this list several times). Unfortunately for many (again rightly or wrongly) they are sometimes necessary to get your foot in the door. I am sure there are many woefully unqualified individuals with a string of impressive certifications after there name as there are highly qualified uber elite kung fu security specialists who have none. Well that is my opinion for what it is worth! Jody -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Clymer Sent: Wednesday, February 10, 2010 2:26 PM To: PaulDotCom Security Weekly Mailing List Cc: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Fwd: Looking for a little help Mick, can you link or describe any of these GSE type jobs? Somehow ive just never seen them. The challenge of going GSE sounds like a lot of fun...i just havent yet convinced myself that all that hard work and money would really benefit my career any more then dedicating the same effort and less $$$ elsewhere. There are few enough GSE level technical folks out there that today at least they generally have no issues finding jobs without the cert. Problem for SANS is some employers will pay for domain specific courses certs, few will spring for the GSE and its a sizable personal commitment. Ive self funded a few exams, but those all cost under $600. Honestly, i could argue for days about certs. I have a love/hate relationship with them, i still cant make up my mind if theyre helping our industry become more or less mature Sent from my iPhone On Feb 10, 2010, at 12:32 PM, Michael Douglas <mick at pauldotcom.com> wrote:
Disclaimer: I'm not a SANS instructor but I do play as a junior one at community events. As such, I don't have much of an insider's view on this cert... Here's my take on this: The GSE is the uber cert. It's meant to be like the CCIE is... for someone who wants to remain deeply technical and earn the very top salary in our industry this is the way to go. All the postings I see where GSE is even mentioned are stone cold NINJA level. The current GSE reqs are here: http://www.giac.org/certifications/gse.php#prereq As for why more/all SANS instructors don't have it? My guess (and this is only a guess) is that they don't need it... if it's not needed they'll spend the time/effort instead on teaching classes -- which is probably in SANS overall better interest. (Heck it's in our industry's interest too... I'd rather see several hundereds of people get better at infosec than just a handful of ninjas made. True it's not an either/or choice, but humor me OK?) Also I'd be interested to see how GIAC/SANS would address conflict of interest issues... It might make it a little fishy if a super majority of the cert holders are "internal" to the organization. Finally, market forces being what they are, I think the case for the GSE is such that it isn't for everyone. If you're highly motivated, have some talent, and want to make serious coin, the GSE is for you. True the GSE is costly to get, but you can shave the monetary expense greatly by TA'ing the classes you need. The true costs I see are time... and it is a significant investment... but the payoffs (at least from where I'm sitting) appear to be quite nice indeed. At some point a few years out, I might go for the GSE... I know I want to get other GIAC certs. I guess the biggest thing I don't get is that in light of all the pros for this cert that more folks don't attempt it. Yes it's hard to get... but that's by design. We do not value that which is easily obtained (don't know if I'm quoting someone or not) My take on this distilled all the way down is this: If you're on the fence about the GSE, freaking do it already. If you're at a point where you can consider grasping the brass ring, why would you not? <end of ramble> - Mick On Wed, Feb 10, 2010 at 11:04 AM, Chris Clymer <cclymer at gmail.com> wrote:Problem for me is that the GSE is f'ing expensive, i dont believe the certs i have count in more than a minor way (GPEN & GWAPT) and ive never seen it on a job app. Great accomplishment if you can swing it, but i question the ROI. As far as i can tell most SANS instructors dont even have it. I was on the email chain about revising GSE requirements, and i still cant tell what i would need to do to get it. As a SANS instructor, is it any more clear to you? Sent from my iPhone On Feb 9, 2010, at 8:23 AM, John Strand <strandjs at gmail.com> wrote: This is odd.... Chris wants to take the GSE exam and needs to have some more people sign up or the test is going to get canceled. Well, the challenge is out. Get out and and sign up for the GSE. Look, I am one of the first people to say that many tech certifications in and of themselves mean little. However, in many situations they are required to get and maintain the job you want... When you look at many of the cool jobs in security they are asking for SANS certs... Why? Because they mean something. This one means even more. This industry needs to have a cert where if someone has it we can say with a high degree of certainty that they know what the hell they are talking about on a wide variety of topics in security. GSE is that cert. I also know that many of you collect SANS certs like Pokymon cards... GSE is a nice cap. ---------- Forwarded message ---------- From: Chris Mohan <christopher.mohan at gmail.com> Date: Tue, Feb 9, 2010 at 3:48 AM Subject: Looking for a little help To: strandjs at gmail.com, jstrand at sans.org Hello John, I'm after a little bit, well possibility a lot, of help from you. I've decided attempt the GSE exam this year. That's not the problem, although a touch of insanity and delusion on my part perhaps. The problem is that only one other person has also signed up, despite GIAC changing the requirements. The bit of help I'm after is for you and the folks at Pauldotcom to put out the challenge to other saner folk to step up with me and get on to the GSE track. If an English bloke, living in Australia that works with Windows - and the fully featured firewall that is ISA - can try for the GSE, then I'd hope for at least five of your ex-students or PDC listeners to take that step with me. There seems to be a massive fear factor about the GSE exams, so I've started off a blog, witty entitled http://gse.chris-mohan.com to chart my attempt and break down some of that GSE FUD. As Paul and Larry first put me on the path to SANS training, back in December of 2005, it would be a neat twist of fate if they could help out by getting me some brilliant people to be part of the final two day practical exam. I'd love to be in the room in Las Vegas working with some great minds to nail the last day's challenge. You and the guys either know or can reach these people and can inspire them to give it a try. To quote a chick with bagels on her head "This is our most desperate hour. Help me, Obi-Wan Kenobi; you're my only hope" A desperate, somewhat over-dramatic plea from the Sunny shores of Sydney Chris _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Fwd: Looking for a little help John Strand (Feb 09)
- Fwd: Looking for a little help Chris Clymer (Feb 10)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Chris Clymer (Feb 10)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Jody & Jennifer McCluggage (Feb 12)
- Fwd: Looking for a little help Chris Mohan (Feb 13)
- Fwd: Looking for a little help iamnowonmai (Feb 13)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Chris Clymer (Feb 10)