PaulDotCom mailing list archives
Fwd: Looking for a little help
From: iamnowonmai at gmail.com (iamnowonmai)
Date: Sat, 13 Feb 2010 22:14:57 -0500
I'm intending to sit for the written exam this year, and do the practical in '11. I won't be traveling to AUS to do it, sorry about that! :) iamnowonmai On Sat, Feb 13, 2010 at 7:41 PM, Chris Mohan <christopher.mohan at gmail.com>wrote:
Hello All, I thought it was worthwhile just adding my vague responses to some of the topics below, in the hope of convincing you or a friend to sign up to the GSE with me. Without a critical mass of people having the GSE certification, it's not going to go anywhere and SANS will have to drop it. Then we're stuck with industry bench marks qualifications that fail to prove anything more than you can pass exams on academic topics. Yes, that's more than a touch sweeping but when I see hands on security jobs requiring CISSP, CISA, and CISM, I despair that HR/management has once again written the job advert and they're just the expected, ill-informed industry base line. So why not get a some certifications up on the board we can aspire to that have real world value that can be measured? If you have spent the time, energy and cash to get pre-requisites for the GSE exam, is it only fear stopping you from attempting it? I see the same terror when people approach the offensive security exams or Cisco's final hands-on labs. Surely, this should be something to relish, challenging your abilities and proving then in a real world situation in front of your peers? Yes, I'm as nervous as heck and may crash and burn horribly, but if I do, that's life and that's an experience to not be forgotten. Cost for the GSE: Yup it's a truck load of money, most of which has been mine. I have offset that dramatically by doing the SAN work study and a meagre attempt at mentoring SANS courses. However, if I was going was going to do a CCIE, it's around the same cost, plus I'd be hiring out rack of kit for practice. The GSE lab fits nicely on my laptop :-) For the GSE exam itself, I wrote a business case from my boss in the advantages having me attempt the GSE. They agreed to pay for the exam fees, but I pick up travel and accommodation to the States. Did I mention the Oz dollar isn't particularly strong again the US dollar most of the time. Is there a good camp site in Las Vegas or can I sleep under slot machines? Time: Good grief, why did no-one warn me about this in the first place? It's a lot of time so far and I'm only squaring up for the multiple choice. I'm spending about an hour a day revising and reviewing. Playing with the tools and challenges from the books is pure geek fun, but factor in about six hours a week. As I work in a pure Windows environment, most of my time pain come from the *nix world. Can't we all simply agree Mr Gates is the true light and then sign over 30% of all pay checks to him now? No? Oh... None of this time is wasted as I improved my only skills and knowledge, which equates (hopefully) to increased market worth. Yes, it means juggling some of the junk out of my life to make time of the study. I, sadly, now don't watch the Biggest Loser or the Bachelor anymore. I refuse to give up House and 24, the occasional drinks after work and having a life though. Why: Not for the bragging right or the supposed air of superiority have shiny certs. This is to challenge myself and to see if I can work/survive/enjoy working at the GSE level. In Oz, SANS certs don't have great market penetration yet, so I don't think job offers will take my mail box by storm. The real ROI would really be the differentiator at review or interview times, and, more importantly, when I need to apply my security knowledge and abilities. Being able to walk the walk hands down beats any sort of posturing, swagger or impressive initials after your name. Ability gets recognised faster than empty hot air when action is required. All I'm hoping for is a few people to take this exam with me. To be able to study and learn with and from other is an amazing boost and motivator. The IT security industry is still very young, and certs may not be the best way forward, but currently they are all we have. Why not get a few top end ones universally recognised as worthwhile and valid by people both inside and outside of the industry? Go on, sign up - you know you want to! Chris -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jody & Jennifer McCluggage Sent: Saturday, 13 February 2010 4:41 PM To: 'PaulDotCom Security Weekly Mailing List' Subject: Re: [Pauldotcom] Fwd: Looking for a little help Hello, To follow up on what Chris wrote, I just don't see a huge demand out there for the SANS certifications. Maybe there is and I am just not seeing it (or blissfully ignorant of it!). In the industry, the best known certs, and those that appear (rightly or wrongly) to be considered the gold standard are the CISSP, CISA, and CISM. Granted these are more management level certs and less hands on, but many employers don't seem to be making that distinction. Also as Chris alludes to, once you have some of these major certifications, the law of diminishing returns kicks in and obtaining additional ones becomes less and less valuable. You also have the factor of additional experience and reputation (hopefully good!) that lessens the values of certs over time. You have to do a cost/benefit analysis. It may not be worth the money and time to get that additional cert. The true value of certs can be debated round and round (and have been on this list several times). Unfortunately for many (again rightly or wrongly) they are sometimes necessary to get your foot in the door. I am sure there are many woefully unqualified individuals with a string of impressive certifications after there name as there are highly qualified uber elite kung fu security specialists who have none. Well that is my opinion for what it is worth! Jody -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Clymer Sent: Wednesday, February 10, 2010 2:26 PM To: PaulDotCom Security Weekly Mailing List Cc: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Fwd: Looking for a little help Mick, can you link or describe any of these GSE type jobs? Somehow ive just never seen them. The challenge of going GSE sounds like a lot of fun...i just havent yet convinced myself that all that hard work and money would really benefit my career any more then dedicating the same effort and less $$$ elsewhere. There are few enough GSE level technical folks out there that today at least they generally have no issues finding jobs without the cert. Problem for SANS is some employers will pay for domain specific courses certs, few will spring for the GSE and its a sizable personal commitment. Ive self funded a few exams, but those all cost under $600. Honestly, i could argue for days about certs. I have a love/hate relationship with them, i still cant make up my mind if theyre helping our industry become more or less mature Sent from my iPhone On Feb 10, 2010, at 12:32 PM, Michael Douglas <mick at pauldotcom.com> wrote:Disclaimer: I'm not a SANS instructor but I do play as a junior one at community events. As such, I don't have much of an insider's view on this cert... Here's my take on this: The GSE is the uber cert. It's meant to be like the CCIE is... for someone who wants to remain deeply technical and earn the very top salary in our industry this is the way to go. All the postings I see where GSE is even mentioned are stone cold NINJA level. The current GSE reqs are here: http://www.giac.org/certifications/gse.php#prereq As for why more/all SANS instructors don't have it? My guess (and this is only a guess) is that they don't need it... if it's not needed they'll spend the time/effort instead on teaching classes -- which is probably in SANS overall better interest. (Heck it's in our industry's interest too... I'd rather see several hundereds of people get better at infosec than just a handful of ninjas made. True it's not an either/or choice, but humor me OK?) Also I'd be interested to see how GIAC/SANS would address conflict of interest issues... It might make it a little fishy if a super majority of the cert holders are "internal" to the organization. Finally, market forces being what they are, I think the case for the GSE is such that it isn't for everyone. If you're highly motivated, have some talent, and want to make serious coin, the GSE is for you. True the GSE is costly to get, but you can shave the monetary expense greatly by TA'ing the classes you need. The true costs I see are time... and it is a significant investment... but the payoffs (at least from where I'm sitting) appear to be quite nice indeed. At some point a few years out, I might go for the GSE... I know I want to get other GIAC certs. I guess the biggest thing I don't get is that in light of all the pros for this cert that more folks don't attempt it. Yes it's hard to get... but that's by design. We do not value that which is easily obtained (don't know if I'm quoting someone or not) My take on this distilled all the way down is this: If you're on the fence about the GSE, freaking do it already. If you're at a point where you can consider grasping the brass ring, why would you not? <end of ramble> - Mick On Wed, Feb 10, 2010 at 11:04 AM, Chris Clymer <cclymer at gmail.com> wrote:Problem for me is that the GSE is f'ing expensive, i dont believe the certs i have count in more than a minor way (GPEN & GWAPT) and ive never seen it on a job app. Great accomplishment if you can swing it, but i question the ROI. As far as i can tell most SANS instructors dont even have it. I was on the email chain about revising GSE requirements, and i still cant tell what i would need to do to get it. As a SANS instructor, is it any more clear to you? Sent from my iPhone On Feb 9, 2010, at 8:23 AM, John Strand <strandjs at gmail.com> wrote: This is odd.... Chris wants to take the GSE exam and needs to have some more people sign up or the test is going to get canceled. Well, the challenge is out. Get out and and sign up for the GSE. Look, I am one of the first people to say that many tech certifications in and of themselves mean little. However, in many situations they are required to get and maintain the job you want... When you look at many of the cool jobs in security they are asking for SANS certs... Why? Because they mean something. This one means even more. This industry needs to have a cert where if someone has it we can say with a high degree of certainty that they know what the hell they are talking about on a wide variety of topics in security. GSE is that cert. I also know that many of you collect SANS certs like Pokymon cards... GSE is a nice cap. ---------- Forwarded message ---------- From: Chris Mohan <christopher.mohan at gmail.com> Date: Tue, Feb 9, 2010 at 3:48 AM Subject: Looking for a little help To: strandjs at gmail.com, jstrand at sans.org Hello John, I'm after a little bit, well possibility a lot, of help from you. I've decided attempt the GSE exam this year. That's not the problem, although a touch of insanity and delusion on my part perhaps. The problem is that only one other person has also signed up, despite GIAC changing the requirements. The bit of help I'm after is for you and the folks at Pauldotcom to put out the challenge to other saner folk to step up with me and get on to the GSE track. If an English bloke, living in Australia that works with Windows - and the fully featured firewall that is ISA - can try for the GSE, then I'd hope for at least five of your ex-students or PDC listeners to take that step with me. There seems to be a massive fear factor about the GSE exams, so I've started off a blog, witty entitled http://gse.chris-mohan.com to chart my attempt and break down some of that GSE FUD. As Paul and Larry first put me on the path to SANS training, back in December of 2005, it would be a neat twist of fate if they could help out by getting me some brilliant people to be part of the final two day practical exam. I'd love to be in the room in Las Vegas working with some great minds to nail the last day's challenge. You and the guys either know or can reach these people and can inspire them to give it a try. To quote a chick with bagels on her head "This is our most desperate hour. Help me, Obi-Wan Kenobi; you're my only hope" A desperate, somewhat over-dramatic plea from the Sunny shores of Sydney Chris _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100213/51ed0ab9/attachment.htm
Current thread:
- Fwd: Looking for a little help John Strand (Feb 09)
- Fwd: Looking for a little help Chris Clymer (Feb 10)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Chris Clymer (Feb 10)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Jody & Jennifer McCluggage (Feb 12)
- Fwd: Looking for a little help Chris Mohan (Feb 13)
- Fwd: Looking for a little help iamnowonmai (Feb 13)
- Fwd: Looking for a little help Michael Douglas (Feb 10)
- Fwd: Looking for a little help Chris Clymer (Feb 10)