RE: Security Certs

["David J. Jackson" <djackson () netdmz com>]

Hello all.

Like with most technical jobs, many people see certifications as a waste.  Experience is where people are typically 
picked out.  However, I must say that going through the GSEC process from SANS was one of the most involved 
certifications I've ever taken.  If you don't know your stuff, you don't pass.  That's the truth.  The SANS GSEC 
Certification like most of the other certs from SANS, is down in the trenches using hacking and security concepts and 
tools.  Some of the other certifications are at much higher conceptual levels.  I've heard a CISSP say that the CISSP 
concepts are at a 30,000 Foot view of security, and of course the GSEC is right down in the trenches.  The Security+ I 
would say is around the same conceptual level of the CISSP, but not as difficult.

I'm working on my Security+ cert now, which should be a breeze since I just got my GSEC Cert a few weeks ago.  Good 
luck with your certifications, and remember it won't really help to have them unless you know how to use the 
information you've learned.

David Jackson, GSEC


-----Original Message-----
From: Nigel.Hedges () iag com au [mailto:Nigel.Hedges () iag com au]
Sent: Tuesday, September 30, 2003 4:07 PM
To: security-basics () securityfocus com
Subject: RE: Security Certs



**************************************************************************

Note: This e-mail is subject to the disclaimer contained at the bottom
of this message.

**************************************************************************
:

Hi,

I generally agree with Steve's comments. I have obtained CISSP, CISA,
Security+ and I must say the benefit have been more in the knowledge gained
and confirmed during the  journey of acquiring the certs, rather than
simply obtaining "the letters".

Security+ is a little more technical than the others, but requires less
experience to qualify and obtain than the other certs. If you think CISSP
requirements are stiff, CISA is much the same.

I perceive high value in the SANS courses, and it'd be great to hear
peoples comments about it.

Nigel H






|---------+---------------------------->
|         |           "Steve W.        |
|         |           Manzuik"         |
|         |           <steve@entrenchte|
|         |           ch.com>          |
|         |                            |
|         |           01/10/2003 05:03 |
|         |           AM               |
|         |                            |
|---------+---------------------------->
  
> ------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                     
         |
  |       To:       DANIEL SIMPSON <DANSIMPS () uat edu>, Meritt James <meritt_james () bah com>                        
               |
  |       cc:       "Brian G." <brian () fireflydigitalmedia com>, security-basics () securityfocus com                 
               |
  |       Subject:  RE: Security Certs                                                                                  
         |
  
> ------------------------------------------------------------------------------------------------------------------------------|



The CISSP requirements are not all that stiff if you have industry
experience.  Not sure about the Microsoft Security cert as I have never
looked at it.  But the Security+ certification from CompTIA is targeted
towards IT folks who want to move into security.  It is a good starting
point.  There is also Sans.

I personally don't hold a lot of value in any of the certs and when hiring
people I couldn't care less what letters are behind their name but what
skills they have and what kind of attitude they have.  Although I highly
doubt this is the norm..

-S

> -----Original Message-----
> From: DANIEL SIMPSON [mailto:DANSIMPS () uat edu]
> Sent: Monday, September 29, 2003 5:48 PM
> To: Meritt James
> Cc: Brian G.; security-basics () securityfocus com
> Subject: RE: Security Certs
>
> I was checking out CISSP requirements, looks pretty stiff.
>
> What is this Microsoft security + cert? Any value to it


---------------------------------------------------------------------------
----------------------------------------------------------------------------






:
********************************************************************************

The information transmitted in this message and attachments (if any)
is intended only for the person or entity to which it is addressed.  
The message may contain confidential and/or privileged material.  
Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon this information, by persons or entities
other than the intended recipient is prohibited.  

If you have received this in error, please contact the sender and delete this
e-mail and associated material from any computer.

The intended recipient of this e-mail may only use, reproduce, disclose or
distribute the information contained in this e-mail and any attached files,
with the permission of the sender.

This message has been scanned for viruses and cleared by MailMarshal.

********************************************************************
:

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------