GIAC/SANS Certification Changes? 27
venom600 wonders: "SANS and GIAC have recently changed their certification requirements, no longer requiring a practical assignment be completed in order to be certified. This has created some discussion around the value of their certifications moving forward.
In addition, SANS recently asked current certified individuals (in an email) to provide quotes about the value of their certifications for an upcoming brochure. Since the requirements have changed, the value of the certification has changed as well, making any quotes an unfair assessment of value. This brings me to my question: What IT security certifications are left (if any) that actually provide value to you?"
CISSP (Score:3, Informative)
Re:CISSP (Score:3, Insightful)
I always thought of the GIAC as the gold standard for security, but when getting a complete credential set costs tens of thousands of dollars just to take the classes, it seems a little extreme compared to the CISSP, which can
None. (Score:2, Insightful)
Essentially, I judge applicants based on how I perceive their level of talent during the interview. I'm more
Re:None. (Score:2)
Can I hire you? (insert more grins here)
Re:None. (Score:2, Interesting)
> instrument in the arsenal?
Well, I don't know that I'd put it THAT way.
I know some very bright people who just don't get along well with testing environments. These people are simply never going to be certified as anything, but it takes about five minutes of conversation to figure out that they really do know their stuff.
On the other hand, I also know a few people with stacks of certifications that... well, let's just say I wouldn't hire them, or recommend that anyon
Re:None. (Score:3, Interesting)
The last degree that I completed was for a computer graphics and design program and I found that without any certifications I was able to troubleshoot and repair the lab computers that the "IT Specialist/MIS Department" was just going to reclone or send in for replacement.
Solid problem solving skills seem to be something that quite
Re:None. (Score:3, Insightful)
However, not all IT certifications should be treated the same - to acquire some of them you must practically prove your expertise and that alone gives better indication of the person's suitability for particular job. Therefore this (GIAC/SANS decision) can't be a good thing.
Re:None. (Score:2)
Perhaps I'm misreading you, but it seems like you may almost have some bias against people with certs. There's plenty of people out there who have certs because their management instructed sent them off for the training/certification, so it's not always a plot to get cash.
that authority figure may or may not have given you a rigorous testing to determine your
Re:None. (Score:1)
> some bias against people with certs.
A bit. A bit. Just a bit.
Seriously, it's not the certification I have trouble with; it's the sort of person who waves it around. I think a certification is the sort of thing you pull out when you need it, not something you stick at the end of your name for brownie points.
Unfortunately, that's what you have to do for a lot of employers, and there's no way for the applicant to know I'm actually put off by certifications... so I'
Easy... (Score:1, Funny)
CISSP - GIAC (Score:3, Funny)
Set the bar. "You must be this tall to ride the Giant Dipper".
GIAC
Demonstrated application. "Your stuff could be safe with me.
A Harvard MBA doesn't translate into a tier-1 CEO. There are no guarantees. But CISSP and GIAC are decent evaluation tools for assessing candidates and associates.
Security+ shows someone is looking in the right direction.
TheRegister... (Score:1)
Certs (Score:2, Interesting)
Real world exp. is the real certification in my book, show me someone who has been up for 72 hours working on team or alone to fix a server or network issue who resolves the issue. That individual or team that tackles problems like that will get a job working with me before anyone who has a degree or cert.
Self-taught knowledge shows me that the person took on the challenge of
Theory and practical need to go hand in hand (Score:2)
This is a rather underhand unless they make it perfectly open that the degree has changed in this way , to use a crude example its like using a rave review of crunchynut conrflakes to describe cornflakes(my imagination is ap
No more certs for me... (Score:3, Interesting)
But seriously.
I used to have a good half-dozen certifications active at any given time ("real" ones, not just the generic A+ crap). But after awhile I began to notice that people were much more impressed by what I'd done in the real world and I slowly started letting them lapse. The last one expired about four years ago and to be quite honest I don't think a single customer has noticed or cared. And it sure saves me a lot of time and hassle!
But then again I suppose it depends on your background. If you're fresh out of college then they would be a Very Good Thing to have for at least some number of years.
As practically everyone else has observed... (Score:2)
Most janitor get paid for picking up paper. How com
Re:As practically everyone else has observed... (Score:2)
That's why you teach the skills to analyze and find the latest blackhat stuff, not how to find specific attacks. If you know how to look at packets at the hex level and know how to write your own snort (or IDS of choice) rules, then you have the skills to cope with the new threats that emerge.
Followup paperwork too time consuming... (Score:2)
However, even though I passed all the exams needed for GIAC [giac.org] certification, the follow on requirement to submit papers simply did not fit my work schedule. As the only system administrator for a small startup, I simply did not have time to write papers. So, the requirement they appear to be dropping was the requirement that blocke
Re:Followup paperwork too time consuming... (Score:2)
See how far taking graduate level classes at a decent University gets you if you don't do the dissertation. [Hint: It won't get you an advanced degree.]
They could just make an Apprentice, Journeyman and Master certificate if they wanted, with the Apprentice not needing to publish. Instead they are caving.
-Charles