Miessler views GSEC cert with more favor than CISSP

Miessler views GSEC cert with more favor than CISSP

3 Comments on Miessler views GSEC cert with more favor than CISSP

Daniel Miessler has posted a pretty good breakdown of the differences between the GSEC cert and the CISSP cert.  He is coming at it from the aspect of which one involves more technical savvy. 

Without a doubt the GSEC is the more technical of the two.  I have both, and the GSEC was infinitely more technical and required much more study and dedication.  Yes, it is open book.  But you try to read through those books and find all the correct answers in the time allotted (of course, if you have the old PDF files, you stand a better chance).

The CISSP was difficult just because of the sheer magnitude of it and the number of different areas you have to have knowledge of.  But as Daniel says, you can cram for that and then forget it.  The GSEC really does not work that way.

So for the most part, I agree with Daniel’s post in its intended premise, which is that GSEC is more technical in nature.  However, both serve different purposes, so I believe both are valuable.

Vet

About the author:

My name is Michael Farnum. I am a Practice Principal at HP Fortify on Demand. I live in Tomball, Texas. I have been in the IT and InfoSec field since 1994. I am the founder and chairperson of HouSecCon, THE Houston Information Security Conference. These are MY words, not my employer's or anyone else's.

3 Comments

  1. DO  - January 21, 2008 - 3:51 pm
    /

    I have been in the industry for more than seven years now… the CISSP exam took me less than 1.5 hours, including double-checking my answers and work. It is a fairly simple exam… I learned nothing in the bootcamp (and made everyone save the teacher angry because I knew all of the answers and he and I kept going into in-depth discussions).

    The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to “prevent” them. The only somewhat correct answer is to check the range and offset, but even that’s not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge.

    Also, just to weigh in on the CCNA thing (I agree it’s completely different), I took the CCNA 1/2/3/4 route through Cisco’s Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn’t learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense… the English was completely messed up).

    My ultimate point is that certifications should mean nothing to you… it’s the knowledge. Anyone can pass an exam (I know CISSPs who couldn’t tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge…. I know CCNAs who couldn’t either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don’t help you grow… when companies figure this out, we’ll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living).

  2. elamb  - August 31, 2007 - 3:00 pm
    /

    The GSEC sound interesting, but I’d definitely go for CISSP first because more employers
    are looking for it.

    @Monster looking for CEH:
    http://jobsearch.monster.com/Search.aspx?q=CEH&cy=us&brd=1&re=0&jsnonreg=1&pg=1

    @Monster looking for GSEC (45 pages – many also looking for CISSP)
    http://jobsearch.monster.com/Search.aspx?q=GSEC&sid=%2D1&cnme=&rad=20&cy=us&brd=1&re=&JSNONREG=1

    @monster looking for CISSP (1680 pages)
    http://jobsearch.monster.com/Search.aspx?q=CISSP&cy=us&brd=1&re=0&jsnonreg=1&pg=1

    @Monster looking for Security+ (5000 pages!!.. but doesn’t pay as good)
    http://jobsearch.monster.com/Search.aspx?q=Security%2B&cy=us&brd=1&re=0&jsnonreg=1&pg=1

  3. LonerVamp  - August 31, 2007 - 8:37 am
    /

    I’d definitely go for the GSEC if my company would pay for it. The cost of it is otherwise personally prohibitive thus far. (As I get farther away from my college debt, though, that changes…)

Back to Top