Comments on: Miessler views GSEC cert with more favor than CISSP http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/ Commentary on the State of Information Security Thu, 02 Feb 2012 20:22:19 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: DO http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/comment-page-1/#comment-21511 DO Mon, 21 Jan 2008 20:51:59 +0000 http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/#comment-21511 I have been in the industry for more than seven years now... the CISSP exam took me less than 1.5 hours, including double-checking my answers and work. It is a fairly simple exam... I learned nothing in the bootcamp (and made everyone save the teacher angry because I knew all of the answers and he and I kept going into in-depth discussions). The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to "prevent" them. The only somewhat correct answer is to check the range and offset, but even that's not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge. Also, just to weigh in on the CCNA thing (I agree it's completely different), I took the CCNA 1/2/3/4 route through Cisco's Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn't learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense... the English was completely messed up). My ultimate point is that certifications should mean nothing to you... it's the knowledge. Anyone can pass an exam (I know CISSPs who couldn't tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge.... I know CCNAs who couldn't either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don't help you grow... when companies figure this out, we'll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living). I have been in the industry for more than seven years now… the CISSP exam took me less than 1.5 hours, including double-checking my answers and work. It is a fairly simple exam… I learned nothing in the bootcamp (and made everyone save the teacher angry because I knew all of the answers and he and I kept going into in-depth discussions).

The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to “prevent” them. The only somewhat correct answer is to check the range and offset, but even that’s not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge.

Also, just to weigh in on the CCNA thing (I agree it’s completely different), I took the CCNA 1/2/3/4 route through Cisco’s Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn’t learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense… the English was completely messed up).

My ultimate point is that certifications should mean nothing to you… it’s the knowledge. Anyone can pass an exam (I know CISSPs who couldn’t tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge…. I know CCNAs who couldn’t either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don’t help you grow… when companies figure this out, we’ll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living).

]]> By: elamb http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/comment-page-1/#comment-19769 elamb Fri, 31 Aug 2007 20:00:11 +0000 http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/#comment-19769 The GSEC sound interesting, but I'd definitely go for CISSP first because more employers are looking for it. @Monster looking for CEH: http://jobsearch.monster.com/Search.aspx?q=CEH&cy=us&brd=1&re=0&jsnonreg=1&pg=1 @Monster looking for GSEC (45 pages - many also looking for CISSP) http://jobsearch.monster.com/Search.aspx?q=GSEC&sid=%2D1&cnme=&rad=20&cy=us&brd=1&re=&JSNONREG=1 @monster looking for CISSP (1680 pages) http://jobsearch.monster.com/Search.aspx?q=CISSP&cy=us&brd=1&re=0&jsnonreg=1&pg=1 @Monster looking for Security+ (5000 pages!!.. but doesn't pay as good) http://jobsearch.monster.com/Search.aspx?q=Security%2B&cy=us&brd=1&re=0&jsnonreg=1&pg=1 The GSEC sound interesting, but I’d definitely go for CISSP first because more employers
are looking for it.

@Monster looking for CEH:
http://jobsearch.monster.com/Search.aspx?q=CEH&cy=us&brd=1&re=0&jsnonreg=1&pg=1

@Monster looking for GSEC (45 pages – many also looking for CISSP)
http://jobsearch.monster.com/Search.aspx?q=GSEC&sid=%2D1&cnme=&rad=20&cy=us&brd=1&re=&JSNONREG=1

@monster looking for CISSP (1680 pages)
http://jobsearch.monster.com/Search.aspx?q=CISSP&cy=us&brd=1&re=0&jsnonreg=1&pg=1

@Monster looking for Security+ (5000 pages!!.. but doesn’t pay as good)
http://jobsearch.monster.com/Search.aspx?q=Security%2B&cy=us&brd=1&re=0&jsnonreg=1&pg=1

]]> By: LonerVamp http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/comment-page-1/#comment-19764 LonerVamp Fri, 31 Aug 2007 13:37:21 +0000 http://infosecplace.com/blog/2007/08/31/miessler-views-gsec-cert-with-more-favor-than-cissp/#comment-19764 I'd definitely go for the GSEC if my company would pay for it. The cost of it is otherwise personally prohibitive thus far. (As I get farther away from my college debt, though, that changes...) I’d definitely go for the GSEC if my company would pay for it. The cost of it is otherwise personally prohibitive thus far. (As I get farther away from my college debt, though, that changes…)

]]>