Yeah, I realized after I hit submit that I should have specified I was
referring to very early on when there was no Silver/Gold/Platinum for SANS
certifications, just a single cert level. Unless I'm confusing SANS with
another one of the old-school security certs... This is why I should avoid
posting or moderating the list after midnight. I knew our resident aussie
would chime in with a correction :P
While I'm not exactly an old-timer yet, I've been in the IT industry for
over 20 years now and it's amazing to me just how far we've come in some
respects and how some things still remain the same. Despite the maturation
of some security niches and the heightened awareness of security in general,
it's still almost as easy to penetrate systems as it was back in the early
(to me) days... only the viable vectors have changed. Sometimes I miss
remote fingerd exploits. Now get off my lawn you danged kids!
--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of
cwright@bdosyd.com.au
Sent: Tuesday, December 18, 2007 11:53 PM
To: pen-test@securityfocus.com
Subject: Re: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
Sorry Erin, but there was an error, the paper gives a Gold
cert. Other then this I agree with you.
Platinum is another thing with multiple Golds and then
several days and nights of sadistic torture. Having done this
I will state it as such. (Hi Charles: and co.:)
Other then this I do agree. I think that there needs to be a
differntiator in the acronim. Maybe GSEC-S for silver and
GSEC for Gold? I know that this would make it easier to get
my staff to complete their paper submissions (they get time
off with pay, so there is little to stop them in my
oppinion). However, they still mostly stop at silver and I
would have to say from the giac site that most people stop at
silver. The odds seem to be distributed arround 1 in 6 people
going to Gold last I checked.
OSSTMM tests are the only ones I would put on a par with
SANS/GIAC. They are more focuced though, whereas SANS have a
wider range. Pete's offering makes a good counterpoint to
GIAC and if you have the money OSSTMM and GIAC Gold are a strong pair.
CISSP/is management. CEH is intro or beginner level.
Regards,
Dr Craig Wright (GSE-Compliance)
________________________________________
From: Erin Carroll [amoeba@amoebazone.com]
Sent: Wednesday, 19 December 2007 5:23 PM
To: Craig Wright; pen-test@securityfocus.com
Subject: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
I rarely chime in on the certification threads but I'm going
to have to agree with Craig here for the most part. The SANS
tests are thorough and relatively current. However, as
another poster pointed out, they used to be much harder to
obtain as in the murky past there was a requirement for the
certs for passing the test *and* publishing a whitepaper for
peer review.
Nowadays that's a platinum level cert.
However, the majority of the more well-known certifications
aren't exactly shabby either, it just depends on what you
want to get out of your time.
Each have their strengths in terms of subject matter taught
or concepts explored. Focus on the courses/certs that place
greater importance in the "hands-on show me what you've
learned" aspect. I haven't had the chance to try the OSSTMM
tests from isecom but I've heard some good things about the
work Pete et al are doing. When it comes down to it, find
something that lights your fire and pursue it. The best
training course or certificate in the universe isn't going to
help you if the material bores you out of your mind and you
don't constantly use what you've learned :)
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of
cwright@bdosyd.com.au
Sent: Tuesday, December 18, 2007 8:31 PM
To: pen-test@securityfocus.com
Subject: Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
Hi,
My vote goes with SANS/GIAC. Take the GSE GIAC Platinum level tests
and then you really are being tested.
Having 20 something GIAC certs and most of the major other ones, I
think I am rather unique in being able to compare these from
experiance.
In this, my money goes to the SANS GIAC ones.
Regards,
Dr Craig S Wright (GSE-Compliance)
--------------------------------------------------------------
----------
--------------------------------------------------------------
----------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
--------------------------------------------------------------
----------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
