Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: GIAC Dilution

from [Matthew Jenkins] Network Security [Permanent Link]
Subject: RE: GIAC Dilution
Date: Fri, 25 Mar 2005 09:59:50 -0500 
http://www.giac.org/practicals/termination.php

According to SANS, there are going to be a lot of changes to the GIAC
certification process.  However, it is my opinion that they should not
have removed the practical until after changes were made to the exam
process.

Unfortunately, GIAC also agrees that exam-based certifications (i.e.
without the writing) is what the marketplace wants.  Unfortunately, what
most employers do not take account for is that if their employees and/or
contractors cannot effectively communicate, the work they will perform
is in vain.  Written corrspondance in the form of e-mails, memorandeums,
reports, etc. is a key part of business.  This is especially true for
global businesses where the upper management team(s) exist in various
countries.  I do not feel that SANS should be in the business of
teaching English classes.  However, if their students cannot effectively
communicate what they have learned, how are they going to communicate
their findings to their employeer and/or clients?

Perhaps the practical was not the most effective method for testing
students' written skills.  However, I believe that it is part of SANS'
responsibility to the industry to make sure their students can
communicate what they have learned.  In my opinion, SANS should consider
making one or more parts of their exam written if they are not going to
require the practical.

Matt

-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm@ornl.gov] 
Sent: Thursday, March 24, 2005 6:56 AM
To: Aman Raheja; security-basics@securityfocus.com
Cc: Depp, Dennis M.
Subject: RE: GIAC Dilution

I do not think this was soley about money.  Looking at the number of
students vs. the number of certifications handed out for GIAC, something
is wrong.  The practical (while an excellent idea) has become bloated to
the point they are more a determination of stubbornness rather than
knowledge.  GIAC's primary goal is to increase the security knowledge.
Did the practical increase the knowledge of individuals who attempted
it?  Probably.  Is this the best method to increase their knowledge?
Probably not.

GIAC is in a transition.  I don't think this will be a paper cert.  Will
more people attempt and gain GIAC certification?  I hope so.  Will this
dilute the cert?  Mayber, but it also could have the opposite effect.
Because there are so few GIAC certified secrity professionals, the
certification does not have the same visibility outside the security
world as other certifications.  CISSP is a great example.  How can GIAC
gain this visibility.  One way is to get qualified people to attempt the
certification process.  Writing is not something most IT professionals
have high on their "Fun things I like to do list."  There has to be a
better way.  A multiple choice test might not be the answer, but there
are other alternative.  A test where the canidate is given a senario and
must base his answers on the given senario might be a better way to test
a person's knowledge. 

Just my $.02

Dennis
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hashing Functions, Micheal Espinola Jr
Next by Date:  Open Ports on Cisco Router, bob bob
Previous by Thread:  Re: GIAC Dilution, Don Parker
Next by Thread:  RE: GIAC Dilution, Charlie Winckless
Indexes:  [Date] [Thread] [Top] [All Lists]