Re: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???

From: cwright@bdosyd.com.au
Date: Wed Dec 19 2007 - 02:52:31 EST


('binary' encoding is not supported, stored as-is) Sorry Erin, but there was an error, the paper gives a Gold cert. Other then this I agree with you.

Platinum is another thing with multiple Golds and then several days and nights of sadistic torture. Having done this I will state it as such. (Hi Charles: and co.:)

Other then this I do agree. I think that there needs to be a differntiator in the acronim. Maybe GSEC-S for silver and GSEC for Gold? I know that this would make it easier to get my staff to complete their paper submissions (they get time off with pay, so there is little to stop them in my oppinion). However, they still mostly stop at silver and I would have to say from the giac site that most people stop at silver. The odds seem to be distributed arround 1 in 6 people going to Gold last I checked.

OSSTMM tests are the only ones I would put on a par with SANS/GIAC. They are more focuced though, whereas SANS have a wider range. Pete's offering makes a good counterpoint to GIAC and if you have the money OSSTMM and GIAC Gold are a strong pair.

CISSP/is management. CEH is intro or beginner level.

Regards,
Dr Craig Wright (GSE-Compliance)

________________________________________
From: Erin Carroll [amoeba@amoebazone.com]
Sent: Wednesday, 19 December 2007 5:23 PM
To: Craig Wright; pen-test@securityfocus.com
Subject: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???

I rarely chime in on the certification threads but I'm going to have to
agree with Craig here for the most part. The SANS tests are thorough and
relatively current. However, as another poster pointed out, they used to be
much harder to obtain as in the murky past there was a requirement for the
certs for passing the test *and* publishing a whitepaper for peer review.
Nowadays that's a platinum level cert.

However, the majority of the more well-known certifications aren't exactly
shabby either, it just depends on what you want to get out of your time.
Each have their strengths in terms of subject matter taught or concepts
explored. Focus on the courses/certs that place greater importance in the
"hands-on show me what you've learned" aspect. I haven't had the chance to
try the OSSTMM tests from isecom but I've heard some good things about the
work Pete et al are doing. When it comes down to it, find something that
lights your fire and pursue it. The best training course or certificate in
the universe isn't going to help you if the material bores you out of your
mind and you don't constantly use what you've learned :)

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of
> cwright@bdosyd.com.au
> Sent: Tuesday, December 18, 2007 8:31 PM
> To: pen-test@securityfocus.com
> Subject: Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
>
> Hi,
> My vote goes with SANS/GIAC. Take the GSE GIAC Platinum level
> tests and then you really are being tested.
>
> Having 20 something GIAC certs and most of the major other
> ones, I think I am rather unique in being able to compare
> these from experiance.
>
> In this, my money goes to the SANS GIAC ones.
>
> Regards,
> Dr Craig S Wright (GSE-Compliance)
>
> --------------------------------------------------------------
> ----------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:17 EDT