Slashdot Mirror

← Back to Stories (view on slashdot.org)

GIAC/SANS Certification Changes?

Posted by Cliff on from the values-in-practicality dept.

venom600 wonders: "SANS and GIAC have recently changed their certification requirements, no longer requiring a practical assignment be completed in order to be certified. This has created some discussion around the value of their certifications moving forward. In addition, SANS recently asked current certified individuals (in an email) to provide quotes about the value of their certifications for an upcoming brochure. Since the requirements have changed, the value of the certification has changed as well, making any quotes an unfair assessment of value. This brings me to my question: What IT security certifications are left (if any) that actually provide value to you?"

3 of 27 comments (clear)

  1. None. by CDarklock · · Score: 2, Insightful

    When hiring, I'm not really impressed by certifications. To me, a certification means you stopped working long enough to play games with an authority figure -- usually in the hopes of getting more money -- and that authority figure may or may not have given you a rigorous testing to determine your eligibility for the certification. It's not just the certification that matters, it's where you got it.

    Essentially, I judge applicants based on how I perceive their level of talent during the interview. I'm more interested in the flavor of a resume than I am in the experience and skills listed on it; I can *get* you experience and skills, but I can't get you talent -- let alone the basic ability to "fit in" at my company.

    --
    Microsoft cheerleader, blue flag waving, you got a problem with that?
    1. Re:None. by hdparm · · Score: 2, Insightful
      Trouble with this is that most jobs these days are advertised through agencies, exclusivelly. To get the interview alone, you need at least few acronyms after your name.

      However, not all IT certifications should be treated the same - to acquire some of them you must practically prove your expertise and that alone gives better indication of the person's suitability for particular job. Therefore this (GIAC/SANS decision) can't be a good thing.

  2. Re:CISSP by Mattcelt · · Score: 2, Insightful

    I have to second this... The CISSP is becoming the de facto certification for infosec folks to have. I think a large part of the perceived value is the time requirement (3+ years and a B.S./B.A. or 4+ years) for hands-on security work before you can even apply for the certification.

    I always thought of the GIAC as the gold standard for security, but when getting a complete credential set costs tens of thousands of dollars just to take the classes, it seems a little extreme compared to the CISSP, which can be done in a single course (or if you're brave, just by taking the test).

    I also think the practical part was a good thing for the GIAC, and something the CISSP could benefit from. There are too many people out there with "book smarts" and no practical knowledge, and they dilute the certification and its value to those of us who really know the ins and outs of the subject matter.