Penetration Testing mailing list archives
RE: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Wed, 19 Dec 2007 20:47:46 -0800
Yeah, I realized after I hit submit that I should have specified I was referring to very early on when there was no Silver/Gold/Platinum for SANS certifications, just a single cert level. Unless I'm confusing SANS with another one of the old-school security certs... This is why I should avoid posting or moderating the list after midnight. I knew our resident aussie would chime in with a correction :P While I'm not exactly an old-timer yet, I've been in the IT industry for over 20 years now and it's amazing to me just how far we've come in some respects and how some things still remain the same. Despite the maturation of some security niches and the heightened awareness of security in general, it's still almost as easy to penetrate systems as it was back in the early (to me) days... only the viable vectors have changed. Sometimes I miss remote fingerd exploits. Now get off my lawn you danged kids! -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of cwright () bdosyd com au Sent: Tuesday, December 18, 2007 11:53 PM To: pen-test () securityfocus com Subject: Re: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Sorry Erin, but there was an error, the paper gives a Gold cert. Other then this I agree with you. Platinum is another thing with multiple Golds and then several days and nights of sadistic torture. Having done this I will state it as such. (Hi Charles: and co.:) Other then this I do agree. I think that there needs to be a differntiator in the acronim. Maybe GSEC-S for silver and GSEC for Gold? I know that this would make it easier to get my staff to complete their paper submissions (they get time off with pay, so there is little to stop them in my oppinion). However, they still mostly stop at silver and I would have to say from the giac site that most people stop at silver. The odds seem to be distributed arround 1 in 6 people going to Gold last I checked. OSSTMM tests are the only ones I would put on a par with SANS/GIAC. They are more focuced though, whereas SANS have a wider range. Pete's offering makes a good counterpoint to GIAC and if you have the money OSSTMM and GIAC Gold are a strong pair. CISSP/is management. CEH is intro or beginner level. Regards, Dr Craig Wright (GSE-Compliance) ________________________________________ From: Erin Carroll [amoeba () amoebazone com] Sent: Wednesday, 19 December 2007 5:23 PM To: Craig Wright; pen-test () securityfocus com Subject: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? I rarely chime in on the certification threads but I'm going to have to agree with Craig here for the most part. The SANS tests are thorough and relatively current. However, as another poster pointed out, they used to be much harder to obtain as in the murky past there was a requirement for the certs for passing the test *and* publishing a whitepaper for peer review. Nowadays that's a platinum level cert. However, the majority of the more well-known certifications aren't exactly shabby either, it just depends on what you want to get out of your time. Each have their strengths in terms of subject matter taught or concepts explored. Focus on the courses/certs that place greater importance in the "hands-on show me what you've learned" aspect. I haven't had the chance to try the OSSTMM tests from isecom but I've heard some good things about the work Pete et al are doing. When it comes down to it, find something that lights your fire and pursue it. The best training course or certificate in the universe isn't going to help you if the material bores you out of your mind and you don't constantly use what you've learned :)-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of cwright () bdosyd com au Sent: Tuesday, December 18, 2007 8:31 PM To: pen-test () securityfocus com Subject: Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Hi, My vote goes with SANS/GIAC. Take the GSE GIAC Platinum level tests and then you really are being tested. Having 20 something GIAC certs and most of the major other ones, I think I am rather unique in being able to compare these from experiance. In this, my money goes to the SANS GIAC ones. Regards, Dr Craig S Wright (GSE-Compliance) -------------------------------------------------------------- ------------------------------------------------------------------------ ---------- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: GCIA, GSEC, GCIH, CISSP, CEH ???, (continued)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Cristian Serban (Dec 20)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Jim Clausing (Dec 20)
- RE: GCIA, GSEC, GCIH, CISSP, CEH ??? Chadha, Sachin (Dec 23)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Terry Cutler (Dec 18)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Jason Thompson (Dec 18)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? cwright (Dec 18)
- RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Erin Carroll (Dec 18)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? infolookup (Dec 19)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? xelerated (Dec 19)
- RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Erin Carroll (Dec 18)
- Re: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? cwright (Dec 19)
- RE: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Erin Carroll (Dec 19)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? cwright (Dec 20)