RE: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???

["Erin Carroll" <amoeba () amoebazone com>]

Yeah, I realized after I hit submit that I should have specified I was
referring to very early on when there was no Silver/Gold/Platinum for SANS
certifications, just a single cert level. Unless I'm confusing SANS with
another one of the old-school security certs... This is why I should avoid
posting or moderating the list after midnight. I knew our resident aussie
would chime in with a correction :P

While I'm not exactly an old-timer yet, I've been in the IT industry for
over 20 years now and it's amazing to me just how far we've come in some
respects and how some things still remain the same. Despite the maturation
of some security niches and the heightened awareness of security in general,
it's still almost as easy to penetrate systems as it was back in the early
(to me) days... only the viable vectors have changed. Sometimes I miss
remote fingerd exploits. Now get off my lawn you danged kids!


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 


> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of 
> cwright () bdosyd com au
> Sent: Tuesday, December 18, 2007 11:53 PM
> To: pen-test () securityfocus com
> Subject: Re: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
>
> Sorry Erin, but there was an error, the paper gives a Gold 
> cert. Other then this I agree with you. 
>
> Platinum is another thing with multiple Golds and then 
> several days and nights of sadistic torture. Having done this 
> I will state it as such. (Hi Charles: and co.:)
>
> Other then this I do agree. I think that there needs to be a 
> differntiator in the acronim. Maybe GSEC-S for silver and 
> GSEC for Gold? I know that this would make it easier to get 
> my staff to complete their paper submissions (they get time 
> off with pay, so there is little to stop them in my 
> oppinion). However, they still mostly stop at silver and I 
> would have to say from the giac site that most people stop at 
> silver. The odds seem to be distributed arround 1 in 6 people 
> going to Gold last I checked.
>
> OSSTMM tests are the only ones I would put on a par with 
> SANS/GIAC. They are more focuced though, whereas SANS have a 
> wider range. Pete's offering makes a good counterpoint to 
> GIAC and if you have the money OSSTMM and GIAC Gold are a strong pair.
>
> CISSP/is management. CEH is intro or beginner level.
>
> Regards,
> Dr Craig Wright (GSE-Compliance)
>
> ________________________________________
> From: Erin Carroll [amoeba () amoebazone com]
> Sent: Wednesday, 19 December 2007 5:23 PM
> To: Craig Wright; pen-test () securityfocus com
> Subject: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
>
> I rarely chime in on the certification threads but I'm going 
> to have to agree with Craig here for the most part. The SANS 
> tests are thorough and relatively current. However, as 
> another poster pointed out, they used to be much harder to 
> obtain as in the murky past there was a requirement for the 
> certs for passing the test *and* publishing a whitepaper for 
> peer review.
> Nowadays that's a platinum level cert.
>
> However, the majority of the more well-known certifications 
> aren't exactly shabby either, it just depends on what you 
> want to get out of your time.
> Each have their strengths in terms of subject matter taught 
> or concepts explored. Focus on the courses/certs that place 
> greater importance in the "hands-on show me what you've 
> learned" aspect. I haven't had the chance to try the OSSTMM 
> tests from isecom but I've heard some good things about the 
> work Pete et al are doing. When it comes down to it, find 
> something that lights your fire and pursue it. The best 
> training course or certificate in the universe isn't going to 
> help you if the material bores you out of your mind and you 
> don't constantly use what you've learned :)
>
>
>
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of 
> > cwright () bdosyd com au
> > Sent: Tuesday, December 18, 2007 8:31 PM
> > To: pen-test () securityfocus com
> > Subject: Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ???
> >
> > Hi,
> > My vote goes with SANS/GIAC. Take the GSE GIAC Platinum level tests 
> > and then you really are being tested.
> >
> > Having 20 something GIAC certs and most of the major other ones, I 
> > think I am rather unique in being able to compare these from 
> > experiance.
> >
> > In this, my money goes to the SANS GIAC ones.
> >
> > Regards,
> > Dr Craig S Wright (GSE-Compliance)
> >
> > --------------------------------------------------------------
> > ----------
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> --------------------------------------------------------------
> ----------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------