PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Looking for a little help

From: iamnowonmai at gmail.com (iamnowonmai)
Date: Sat, 13 Feb 2010 22:14:57 -0500
I'm intending to sit for the written exam this year, and do the practical in
'11. I won't be traveling to AUS to do it, sorry about that! :)
iamnowonmai

On Sat, Feb 13, 2010 at 7:41 PM, Chris Mohan <christopher.mohan at gmail.com>wrote:


Hello All,

I thought it was worthwhile just adding my vague responses to some of the
topics below, in the hope of convincing you or a friend to sign up to the
GSE with me.

Without a critical mass of people having the GSE certification, it's not
going to go anywhere and SANS will have to drop it. Then we're stuck with
industry bench marks qualifications that fail to prove anything more than
you can pass exams on academic topics. Yes, that's more than a touch
sweeping but when I see hands on security jobs requiring CISSP, CISA, and
CISM, I despair that HR/management has once again written the job advert
and
they're just the expected, ill-informed industry base line. So why not get
a
some certifications up on the board we can aspire to that have real world
value that can be measured?

If you have spent the time, energy and cash to get pre-requisites for the
GSE exam, is it only fear stopping you from attempting it? I see the same
terror when people approach the offensive security exams or Cisco's final
hands-on labs. Surely, this should be something to relish, challenging your
abilities and proving then in a real world situation in front of your
peers?
Yes, I'm as nervous as heck and may crash and burn horribly, but if I do,
that's life and that's an experience to not be forgotten.

Cost for the GSE:
Yup it's a truck load of money, most of which has been mine. I have offset
that dramatically by doing the SAN work study and a meagre attempt at
mentoring SANS courses.
However, if I was going was going to do a CCIE, it's around the same cost,
plus I'd be hiring out rack of kit for practice. The GSE lab fits nicely on
my laptop :-)
For the GSE exam itself, I wrote a business case from my boss in the
advantages having me attempt the GSE. They agreed to pay for the exam fees,
but I pick up travel and accommodation to the States.
Did I mention the Oz dollar isn't particularly strong again the US dollar
most of the time. Is there a good camp site in Las Vegas or can I sleep
under slot machines?

Time:
Good grief, why did no-one warn me about this in the first place?
It's a lot of time so far and I'm only squaring up for the multiple choice.
I'm spending about an hour a day revising and reviewing. Playing with the
tools and challenges from the books is pure geek fun, but factor in about
six hours a week.
As I work in a pure Windows environment, most of my time pain come from the
*nix world. Can't we all simply agree Mr Gates is the true light and then
sign over 30% of all pay checks to him now? No? Oh...
None of this time is wasted as I improved my only skills and knowledge,
which equates (hopefully) to increased market worth. Yes, it means juggling
some of the junk out of my life to make time of the study. I, sadly, now
don't watch the Biggest Loser or the Bachelor anymore. I refuse to give up
House and 24, the occasional drinks after work and having a life though.

Why:
Not for the bragging right or the supposed air of superiority have shiny
certs.
This is to challenge myself and to see if I can work/survive/enjoy working
at the GSE level. In Oz, SANS certs don't have great market penetration
yet,
so I don't think job offers will take my mail box by storm.
The real ROI would really be the differentiator at review or interview
times, and, more importantly, when I need to apply my security knowledge
and
abilities. Being able to walk the walk hands down beats any sort of
posturing, swagger or impressive initials after your name. Ability gets
recognised faster than empty hot air when action is required.

All I'm hoping for is a few people to take this exam with me. To be able to
study and learn with and from other is an amazing boost and motivator. The
IT security industry is still very young, and certs may not be the best way
forward, but currently they are all we have. Why not get a few top end ones
universally recognised as worthwhile and valid by people both inside and
outside of the industry?

Go on, sign up - you know you want to!

Chris



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jody &
Jennifer
McCluggage
Sent: Saturday, 13 February 2010 4:41 PM
To: 'PaulDotCom Security Weekly Mailing List'
Subject: Re: [Pauldotcom] Fwd: Looking for a little help

Hello,

To follow up on what Chris wrote, I just don't see a huge demand out there
for the SANS certifications.  Maybe there is and I am just not seeing it
(or
blissfully ignorant of it!).  In the industry, the best known certs, and
those that appear (rightly or wrongly) to be considered the gold standard
are the CISSP, CISA, and CISM.  Granted these are more management level
certs and less hands on, but many employers don't seem to be making that
distinction.

Also as Chris alludes to, once you have some of these major certifications,
the law of diminishing returns kicks in and obtaining additional ones
becomes less and less valuable.  You also have the factor of additional
experience and reputation (hopefully good!) that lessens the values of
certs
over time.  You have to do a cost/benefit analysis.  It may not be worth
the
money and time to get that additional cert.

The true value of certs can be debated round and round (and have been on
this list several times).  Unfortunately for many (again rightly or
wrongly)
they are sometimes necessary to get your foot in the door.  I am sure there
are many woefully unqualified individuals with a string of impressive
certifications after there name as there are highly qualified uber elite
kung fu security specialists who have none.

Well that is my opinion for what it is worth!

Jody



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Chris Clymer
Sent: Wednesday, February 10, 2010 2:26 PM
To: PaulDotCom Security Weekly Mailing List
Cc: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Fwd: Looking for a little help

Mick, can you link or describe any of these GSE type jobs?  Somehow
ive just never seen them. The challenge of going GSE sounds like a lot
of fun...i just havent yet convinced myself that all that hard work
and money would really benefit my career any more then dedicating the
same effort and less $$$ elsewhere.

There are few enough GSE level technical folks out there that today at
least they generally have no issues finding jobs without the cert.

Problem for SANS is some employers will pay for domain specific
courses certs, few will spring for the GSE and its a sizable personal
commitment. Ive self funded a few exams, but those all cost under $600.

Honestly, i could argue for days about certs.  I have a love/hate
relationship with them, i still cant make up my mind if theyre helping
our industry become more or less mature

Sent from my iPhone

On Feb 10, 2010, at 12:32 PM, Michael Douglas <mick at pauldotcom.com>
wrote:


Disclaimer: I'm not a SANS instructor but I do play as a junior one at
community events.  As such, I don't have much of an insider's view on
this cert...

Here's my take on this:
The GSE is the uber cert.  It's meant to be like the CCIE is... for
someone who wants to remain deeply technical and earn the very top
salary in our industry this is the way to go.  All the postings I see
where GSE is even mentioned are stone cold NINJA level.

The current GSE reqs are here:
http://www.giac.org/certifications/gse.php#prereq

As for why more/all SANS instructors don't have it?  My guess (and
this is only a guess) is that they don't need it... if it's not needed
they'll spend the time/effort instead on teaching classes -- which is
probably in SANS overall better interest. (Heck it's in our industry's
interest too... I'd rather see several hundereds of people get better
at infosec than just a handful of ninjas made.  True it's not an
either/or choice, but humor me OK?)  Also I'd be interested to see how
GIAC/SANS would address conflict of interest issues...  It might make
it a little fishy if a super majority of the cert holders are
"internal" to the organization.

Finally, market forces being what they are, I think the case for the
GSE is such that it isn't for everyone.  If you're highly motivated,
have some talent, and want to make serious coin, the GSE is for you.
True the GSE is costly to get, but you can shave the monetary expense
greatly by TA'ing the classes you need.  The true costs I see are
time... and it is a significant investment... but the payoffs (at
least from where I'm sitting) appear to be quite nice indeed.

At some point a few years out, I might go for the GSE... I know I want
to get other GIAC certs.  I guess the biggest thing I don't get is
that in light of all the pros for this cert that more folks don't
attempt it.  Yes it's hard to get... but that's by design.  We do not
value that which is easily obtained (don't know if I'm quoting someone
or not)

My take on this distilled all the way down is this:  If you're on the
fence about the GSE, freaking do it already.  If you're at a point
where you can consider grasping the brass ring, why would you not?

<end of ramble>

- Mick




On Wed, Feb 10, 2010 at 11:04 AM, Chris Clymer <cclymer at gmail.com>
wrote:

Problem for me is that the GSE is f'ing expensive, i dont believe
the certs
i have count in more than a minor way (GPEN & GWAPT) and ive never
seen it
on a job app.
Great accomplishment if you can swing it, but i question the ROI.
As far as
i can tell most SANS instructors dont even have it.
I was on the email chain about revising GSE requirements, and i
still cant
tell what i would need to do to get it. As a SANS instructor, is it
any more
clear to you?

Sent from my iPhone
On Feb 9, 2010, at 8:23 AM, John Strand <strandjs at gmail.com> wrote:

This is odd....  Chris wants to take the GSE exam and needs to have
some
more people sign up or the test is going to get canceled.

Well, the challenge is out.  Get out and and sign up for the GSE.

Look, I am one of the first people to say that many tech
certifications in
and of themselves mean little.  However, in many situations they are
required to get and maintain the job you want...  When you look at
many of
the cool jobs in security they are asking for SANS certs... Why?
Because
they mean something.

This one means even more. This industry needs to have a cert where if
someone has it we can say with a high degree of certainty that they
know
what the hell they are talking about on a wide variety of topics in
security. GSE is that cert.

I also know that many of you collect SANS certs like Pokymon
cards...  GSE
is a nice cap.


---------- Forwarded message ----------
From: Chris Mohan <christopher.mohan at gmail.com>
Date: Tue, Feb 9, 2010 at 3:48 AM
Subject: Looking for a little help
To: strandjs at gmail.com, jstrand at sans.org


Hello John,

I'm after a little bit, well possibility a lot, of help from you.

I've decided attempt the GSE exam this year. That's not the problem,
although a touch of insanity and delusion on my part perhaps.  The
problem
is that only one other person has also signed up, despite GIAC
changing the
requirements.

The bit of help I'm after is for you and the folks at Pauldotcom to
put out
the challenge to other saner folk to step up with me and get on to
the GSE
track.

If an English bloke, living in Australia that works with Windows -
and the
fully featured firewall that is ISA - can try for the GSE, then I'd
hope for
at least five of your ex-students or PDC listeners to take that
step with
me.

There seems to be a massive fear factor about the GSE exams, so
I've started
off a blog, witty entitled http://gse.chris-mohan.com to chart my
attempt
and break down some of that GSE FUD.

As Paul and Larry first put me on the path to SANS training, back in
December of 2005, it would be a neat twist of fate if they could
help out by
getting me some brilliant people to be part of the final two day
practical
exam.

I'd love to be in the room in Las Vegas working with some great
minds to
nail the last day's challenge. You and the guys either know or can
reach
these people and can inspire them to give it a try.

To quote a chick with bagels on her head "This is our most
desperate hour.
Help me, Obi-Wan Kenobi; you're my only hope"

A desperate, somewhat over-dramatic plea from the Sunny shores of
Sydney

Chris


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100213/51ed0ab9/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: