Security Basics mailing list archives

RE: GIAC Dilution

From: "Matthew Jenkins" <Matthew.Jenkins () tmctechnologies com>
Date: Fri, 25 Mar 2005 09:59:50 -0500

http://www.giac.org/practicals/termination.php

According to SANS, there are going to be a lot of changes to the GIAC
certification process.  However, it is my opinion that they should not
have removed the practical until after changes were made to the exam
process.

Unfortunately, GIAC also agrees that exam-based certifications (i.e.
without the writing) is what the marketplace wants.  Unfortunately, what
most employers do not take account for is that if their employees and/or
contractors cannot effectively communicate, the work they will perform
is in vain.  Written corrspondance in the form of e-mails, memorandeums,
reports, etc. is a key part of business.  This is especially true for
global businesses where the upper management team(s) exist in various
countries.  I do not feel that SANS should be in the business of
teaching English classes.  However, if their students cannot effectively
communicate what they have learned, how are they going to communicate
their findings to their employeer and/or clients?

Perhaps the practical was not the most effective method for testing
students' written skills.  However, I believe that it is part of SANS'
responsibility to the industry to make sure their students can
communicate what they have learned.  In my opinion, SANS should consider
making one or more parts of their exam written if they are not going to
require the practical.

Matt

-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm () ornl gov] 
Sent: Thursday, March 24, 2005 6:56 AM
To: Aman Raheja; security-basics () securityfocus com
Cc: Depp, Dennis M.
Subject: RE: GIAC Dilution

I do not think this was soley about money.  Looking at the number of
students vs. the number of certifications handed out for GIAC, something
is wrong.  The practical (while an excellent idea) has become bloated to
the point they are more a determination of stubbornness rather than
knowledge.  GIAC's primary goal is to increase the security knowledge.
Did the practical increase the knowledge of individuals who attempted
it?  Probably.  Is this the best method to increase their knowledge?
Probably not.

GIAC is in a transition.  I don't think this will be a paper cert.  Will
more people attempt and gain GIAC certification?  I hope so.  Will this
dilute the cert?  Mayber, but it also could have the opposite effect.
Because there are so few GIAC certified secrity professionals, the
certification does not have the same visibility outside the security
world as other certifications.  CISSP is a great example.  How can GIAC
gain this visibility.  One way is to get qualified people to attempt the
certification process.  Writing is not something most IT professionals
have high on their "Fun things I like to do list."  There has to be a
better way.  A multiple choice test might not be the answer, but there
are other alternative.  A test where the canidate is given a senario and
must base his answers on the given senario might be a better way to test
a person's knowledge. 

Just my $.02

Dennis

Current thread:

Re: GIAC Dilution, (continued)
- - - Re: GIAC Dilution Vladamir (Mar 24)
    - Re: GIAC Dilution Aman Raheja (Mar 24)
    - Re: GIAC Dilution Vladamir (Mar 24)
    - Re: GIAC Dilution Daniel Miessler (Mar 28)
    - Re: GIAC Dilution Michael Bartha (Mar 29)
- Re: GIAC Dilution Don Parker (Mar 18)
- RE: GIAC Dilution Depp, Dennis M. (Mar 24)
- RE: GIAC Dilution Paris E. Stone (Mar 24)
- RE: GIAC Dilution Joshua Berry (Mar 24)
- Re: GIAC Dilution Don Parker (Mar 28)
- RE: GIAC Dilution Matthew Jenkins (Mar 28)
- RE: GIAC Dilution Charlie Winckless (Mar 28)