Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: security cert

From: "MeaCulpa" <meaculpa () punkass com>
Date: Sun, 13 Apr 2003 09:57:48 +0200
From: crawford charles [mailto:biv0uac17 () hotmail com] 
Has GIAC changed?  As I remember, the firewall exam required 
knowledge of Cisco IOS CLI -- that is, your answers had to be 
written explicitly in terms of Cisco ACLs, etc, and correct 
syntax was an exam criterion.  This does not qualify as 
"vendor neutral" to my mind.  Granted, it helps to speak the 
language of the industry gorilla, but it's a poor evaluation 
method for general concepts.

Not sure. First week of May I will take the GCFW exams. Are you
referring to the practical or the MPC exams? The practical requires you
to write a router configuration so your network can be connected to the
Internet or another network. I happen to know IOS, but if one would not,
one could use the cisco config maker, grab the router config guide from
the NSA and without too much knowledge one could write up a nice config,
which is pretty secure. If it's for the MPC exams, then I agree, they
should not ask IOS questions, but rather focus on the way IP, TCP, UDP,
ICMP and the rest work, and how a firewall can help in mitigating risks.


All in all, on topic again, it depends on what you want to accomplish
with a certification. I take them for fun (since my employer pays for
it) and it never looks bad on a resume (when combined with some real
world practice of course).

Mea



C.


From: MeaCulpa [mailto:meaculpa () punkass com]
Sent: Saturday, April 12, 2003 2:13 PM
To: 'Paris Stone'; 'Ravi K'; security-basics () securityfocus com
Subject: RE: security cert


 >Hello-
 >I was wondering if there are any security certifications
that are not
 >specific to any product/s. One that tests the general 
understanding of  >the security concepts in general. Most of 
the certifications I have  >heard of are more IT oriented. 
Any specifically for telecom??

For the general concepts four certifications come to my mind:

CISSP / SSCP (by isc(2))
TICSA (by trusecure)
Security+ (Comptia)
CIW Security pro (by CIW)

For in-depth technical certifications GIAC would be good.

Of the mentioned certifications I think highly of GIAC given 
the practicals they have to make. It just gives that little 
edge over an MPC exam. CISSP is lotsa theory and only MPC 
exam. However, they cover an enormous amount of material, so 
it could be pretty ok. After I get two GIAC certifications I 
will attend the CISSP exam as well...

Mea



_________________________________________________________________





-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: