Re: certification of skill

[Bill_Royds () pch gc ca]

I have both a CISSP and SANS GCIA so I guess I can be unbiased.
As others have said, they have different purposes.

Like most traditional certifications, the CISSP is just a written test with some
prerequisites (3 years security experience at present, including a degree after
the end of this year). It does not test the experience but covers a broad enough
area that it requires a lot of study to achieve. It also requires ongoing
learning and participation in security fora to stay certified.

SANS certifications are quite a bit different. They include  a couple of tests
(often networking plus speciality), but these can't be written until a ~50 page
practical paper is submitted and passed. Although one could possibly write the
practical without heavy experience, it is very unlikely, since the questions
involve analyzing situations that the student has been involved in.
  For example, the Firewalls and Perimeter Protection cert requires one to
specify a system to connect a corporation to the Internet, specifying routers,
router ACLs, firewalls, firewall rule sets, network topology etc. and then to
report on tests of flow through the design. Even if  a student had little
previous experience, this practical itself would ensure some real world
knowledge. If someone achieved honours status on this, you could be pretty
certain that they had some clue about network security design.

But the best certification of skill is a résumé that indicates development of
significant projects, discovery and solution of significant problems and
complements from satisfied employers and customers. That piece of paper is more
valuable than any sort of letters after your name.



Bill Royds B.Math, GCIA, CISSP .....
Acting System Administrator,
Canadian Heritage Information Network
(819) 994-1200 X 239

|-------------------------+-------------------------+-------------------------|
|                         |   Drew                  |                         |
|                         |   <simonis () myself com>  |           To:           |
|                         |                         |   firewall-wizards@nfr.n|
|                         |   02/12/02 09:45 AM     |   et                    |
|                         |                         |           cc:           |
|                         |                         |   (bcc: Bill            |
|                         |                         |   Royds/HullOttawa/PCH/C|
|                         |                         |   A)                    |
|                         |                         |           Subject:      |
|                         |                         |   Re: [fw-wiz]          |
|                         |                         |   certification of skill|
|-------------------------+-------------------------+-------------------------|






Eric Globe wrote:
> Hi
>
> Which is better: CISSP or SANS qualifications (eg. level-1)

Again and again and again...  This question seems to be the "are we
there yet" of the security industry these days.  No matter how
many times it has been answered, it will be inevitably asked again.

So let me have at it, in a nutshell...

They both have their merits, but they both also have their defects.
CISSP (which I hold) is more of a policy, managerial type cert.
SANS is more of a technical cert, but has less (but growing fast)
awareness among the HR community.

Make up your own mind, or google for one of the lengthy threads
in many places to have your mind made up for you.

-Ds
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards