Security Basics mailing list archives
RE: GIAC Dilution
From: "Matthew Jenkins" <Matthew.Jenkins () tmctechnologies com>
Date: Fri, 25 Mar 2005 09:59:50 -0500
http://www.giac.org/practicals/termination.php According to SANS, there are going to be a lot of changes to the GIAC certification process. However, it is my opinion that they should not have removed the practical until after changes were made to the exam process. Unfortunately, GIAC also agrees that exam-based certifications (i.e. without the writing) is what the marketplace wants. Unfortunately, what most employers do not take account for is that if their employees and/or contractors cannot effectively communicate, the work they will perform is in vain. Written corrspondance in the form of e-mails, memorandeums, reports, etc. is a key part of business. This is especially true for global businesses where the upper management team(s) exist in various countries. I do not feel that SANS should be in the business of teaching English classes. However, if their students cannot effectively communicate what they have learned, how are they going to communicate their findings to their employeer and/or clients? Perhaps the practical was not the most effective method for testing students' written skills. However, I believe that it is part of SANS' responsibility to the industry to make sure their students can communicate what they have learned. In my opinion, SANS should consider making one or more parts of their exam written if they are not going to require the practical. Matt -----Original Message----- From: Depp, Dennis M. [mailto:deppdm () ornl gov] Sent: Thursday, March 24, 2005 6:56 AM To: Aman Raheja; security-basics () securityfocus com Cc: Depp, Dennis M. Subject: RE: GIAC Dilution I do not think this was soley about money. Looking at the number of students vs. the number of certifications handed out for GIAC, something is wrong. The practical (while an excellent idea) has become bloated to the point they are more a determination of stubbornness rather than knowledge. GIAC's primary goal is to increase the security knowledge. Did the practical increase the knowledge of individuals who attempted it? Probably. Is this the best method to increase their knowledge? Probably not. GIAC is in a transition. I don't think this will be a paper cert. Will more people attempt and gain GIAC certification? I hope so. Will this dilute the cert? Mayber, but it also could have the opposite effect. Because there are so few GIAC certified secrity professionals, the certification does not have the same visibility outside the security world as other certifications. CISSP is a great example. How can GIAC gain this visibility. One way is to get qualified people to attempt the certification process. Writing is not something most IT professionals have high on their "Fun things I like to do list." There has to be a better way. A multiple choice test might not be the answer, but there are other alternative. A test where the canidate is given a senario and must base his answers on the given senario might be a better way to test a person's knowledge. Just my $.02 Dennis
Current thread:
- Re: GIAC Dilution, (continued)
- Re: GIAC Dilution Vladamir (Mar 24)
- Re: GIAC Dilution Aman Raheja (Mar 24)
- Re: GIAC Dilution Vladamir (Mar 24)
- Re: GIAC Dilution Daniel Miessler (Mar 28)
- Re: GIAC Dilution Michael Bartha (Mar 29)