I'm intending to sit for the written exam this year, and do the practical in '11. I won't be traveling to AUS to do it, sorry about that! :) iamnowonmai
On Sat, Feb 13, 2010 at 7:41 PM, Chris Mohan <[email protected]>wrote: > Hello All, > > I thought it was worthwhile just adding my vague responses to some of the > topics below, in the hope of convincing you or a friend to sign up to the > GSE with me. > > Without a critical mass of people having the GSE certification, it's not > going to go anywhere and SANS will have to drop it. Then we're stuck with > industry bench marks qualifications that fail to prove anything more than > you can pass exams on academic topics. Yes, that's more than a touch > sweeping but when I see hands on security jobs requiring CISSP, CISA, and > CISM, I despair that HR/management has once again written the job advert > and > they're just the expected, ill-informed industry base line. So why not get > a > some certifications up on the board we can aspire to that have real world > value that can be measured? > > If you have spent the time, energy and cash to get pre-requisites for the > GSE exam, is it only fear stopping you from attempting it? I see the same > terror when people approach the offensive security exams or Cisco's final > hands-on labs. Surely, this should be something to relish, challenging your > abilities and proving then in a real world situation in front of your > peers? > Yes, I'm as nervous as heck and may crash and burn horribly, but if I do, > that's life and that's an experience to not be forgotten. > > Cost for the GSE: > Yup it's a truck load of money, most of which has been mine. I have offset > that dramatically by doing the SAN work study and a meagre attempt at > mentoring SANS courses. > However, if I was going was going to do a CCIE, it's around the same cost, > plus I'd be hiring out rack of kit for practice. The GSE lab fits nicely on > my laptop :-) > For the GSE exam itself, I wrote a business case from my boss in the > advantages having me attempt the GSE. They agreed to pay for the exam fees, > but I pick up travel and accommodation to the States. > Did I mention the Oz dollar isn't particularly strong again the US dollar > most of the time. Is there a good camp site in Las Vegas or can I sleep > under slot machines? > > Time: > Good grief, why did no-one warn me about this in the first place? > It's a lot of time so far and I'm only squaring up for the multiple choice. > I'm spending about an hour a day revising and reviewing. Playing with the > tools and challenges from the books is pure geek fun, but factor in about > six hours a week. > As I work in a pure Windows environment, most of my time pain come from the > *nix world. Can't we all simply agree Mr Gates is the true light and then > sign over 30% of all pay checks to him now? No? Oh... > None of this time is wasted as I improved my only skills and knowledge, > which equates (hopefully) to increased market worth. Yes, it means juggling > some of the junk out of my life to make time of the study. I, sadly, now > don't watch the Biggest Loser or the Bachelor anymore. I refuse to give up > House and 24, the occasional drinks after work and having a life though. > > Why: > Not for the bragging right or the supposed air of superiority have shiny > certs. > This is to challenge myself and to see if I can work/survive/enjoy working > at the GSE level. In Oz, SANS certs don't have great market penetration > yet, > so I don't think job offers will take my mail box by storm. > The real ROI would really be the differentiator at review or interview > times, and, more importantly, when I need to apply my security knowledge > and > abilities. Being able to walk the walk hands down beats any sort of > posturing, swagger or impressive initials after your name. Ability gets > recognised faster than empty hot air when action is required. > > All I'm hoping for is a few people to take this exam with me. To be able to > study and learn with and from other is an amazing boost and motivator. The > IT security industry is still very young, and certs may not be the best way > forward, but currently they are all we have. Why not get a few top end ones > universally recognised as worthwhile and valid by people both inside and > outside of the industry? > > Go on, sign up - you know you want to! > > Chris > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jody & > Jennifer > McCluggage > Sent: Saturday, 13 February 2010 4:41 PM > To: 'PaulDotCom Security Weekly Mailing List' > Subject: Re: [Pauldotcom] Fwd: Looking for a little help > > Hello, > > To follow up on what Chris wrote, I just don't see a huge demand out there > for the SANS certifications. Maybe there is and I am just not seeing it > (or > blissfully ignorant of it!). In the industry, the best known certs, and > those that appear (rightly or wrongly) to be considered the gold standard > are the CISSP, CISA, and CISM. Granted these are more management level > certs and less hands on, but many employers don't seem to be making that > distinction. > > Also as Chris alludes to, once you have some of these major certifications, > the law of diminishing returns kicks in and obtaining additional ones > becomes less and less valuable. You also have the factor of additional > experience and reputation (hopefully good!) that lessens the values of > certs > over time. You have to do a cost/benefit analysis. It may not be worth > the > money and time to get that additional cert. > > The true value of certs can be debated round and round (and have been on > this list several times). Unfortunately for many (again rightly or > wrongly) > they are sometimes necessary to get your foot in the door. I am sure there > are many woefully unqualified individuals with a string of impressive > certifications after there name as there are highly qualified uber elite > kung fu security specialists who have none. > > Well that is my opinion for what it is worth! > > Jody > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Chris Clymer > Sent: Wednesday, February 10, 2010 2:26 PM > To: PaulDotCom Security Weekly Mailing List > Cc: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Fwd: Looking for a little help > > Mick, can you link or describe any of these GSE type jobs? Somehow > ive just never seen them. The challenge of going GSE sounds like a lot > of fun...i just havent yet convinced myself that all that hard work > and money would really benefit my career any more then dedicating the > same effort and less $$$ elsewhere. > > There are few enough GSE level technical folks out there that today at > least they generally have no issues finding jobs without the cert. > > Problem for SANS is some employers will pay for domain specific > courses certs, few will spring for the GSE and its a sizable personal > commitment. Ive self funded a few exams, but those all cost under $600. > > Honestly, i could argue for days about certs. I have a love/hate > relationship with them, i still cant make up my mind if theyre helping > our industry become more or less mature > > Sent from my iPhone > > On Feb 10, 2010, at 12:32 PM, Michael Douglas <[email protected]> > wrote: > > > Disclaimer: I'm not a SANS instructor but I do play as a junior one at > > community events. As such, I don't have much of an insider's view on > > this cert... > > > > Here's my take on this: > > The GSE is the uber cert. It's meant to be like the CCIE is... for > > someone who wants to remain deeply technical and earn the very top > > salary in our industry this is the way to go. All the postings I see > > where GSE is even mentioned are stone cold NINJA level. > > > > The current GSE reqs are here: > > http://www.giac.org/certifications/gse.php#prereq > > > > As for why more/all SANS instructors don't have it? My guess (and > > this is only a guess) is that they don't need it... if it's not needed > > they'll spend the time/effort instead on teaching classes -- which is > > probably in SANS overall better interest. (Heck it's in our industry's > > interest too... I'd rather see several hundereds of people get better > > at infosec than just a handful of ninjas made. True it's not an > > either/or choice, but humor me OK?) Also I'd be interested to see how > > GIAC/SANS would address conflict of interest issues... It might make > > it a little fishy if a super majority of the cert holders are > > "internal" to the organization. > > > > Finally, market forces being what they are, I think the case for the > > GSE is such that it isn't for everyone. If you're highly motivated, > > have some talent, and want to make serious coin, the GSE is for you. > > True the GSE is costly to get, but you can shave the monetary expense > > greatly by TA'ing the classes you need. The true costs I see are > > time... and it is a significant investment... but the payoffs (at > > least from where I'm sitting) appear to be quite nice indeed. > > > > At some point a few years out, I might go for the GSE... I know I want > > to get other GIAC certs. I guess the biggest thing I don't get is > > that in light of all the pros for this cert that more folks don't > > attempt it. Yes it's hard to get... but that's by design. We do not > > value that which is easily obtained (don't know if I'm quoting someone > > or not) > > > > My take on this distilled all the way down is this: If you're on the > > fence about the GSE, freaking do it already. If you're at a point > > where you can consider grasping the brass ring, why would you not? > > > > <end of ramble> > > > > - Mick > > > > > > > > > > On Wed, Feb 10, 2010 at 11:04 AM, Chris Clymer <[email protected]> > > wrote: > >> Problem for me is that the GSE is f'ing expensive, i dont believe > >> the certs > >> i have count in more than a minor way (GPEN & GWAPT) and ive never > >> seen it > >> on a job app. > >> Great accomplishment if you can swing it, but i question the ROI. > >> As far as > >> i can tell most SANS instructors dont even have it. > >> I was on the email chain about revising GSE requirements, and i > >> still cant > >> tell what i would need to do to get it. As a SANS instructor, is it > >> any more > >> clear to you? > >> > >> Sent from my iPhone > >> On Feb 9, 2010, at 8:23 AM, John Strand <[email protected]> wrote: > >> > >> This is odd.... Chris wants to take the GSE exam and needs to have > >> some > >> more people sign up or the test is going to get canceled. > >> > >> Well, the challenge is out. Get out and and sign up for the GSE. > >> > >> Look, I am one of the first people to say that many tech > >> certifications in > >> and of themselves mean little. However, in many situations they are > >> required to get and maintain the job you want... When you look at > >> many of > >> the cool jobs in security they are asking for SANS certs... Why? > >> Because > >> they mean something. > >> > >> This one means even more. This industry needs to have a cert where if > >> someone has it we can say with a high degree of certainty that they > >> know > >> what the hell they are talking about on a wide variety of topics in > >> security. GSE is that cert. > >> > >> I also know that many of you collect SANS certs like Pokymon > >> cards... GSE > >> is a nice cap. > >> > >> > >> ---------- Forwarded message ---------- > >> From: Chris Mohan <[email protected]> > >> Date: Tue, Feb 9, 2010 at 3:48 AM > >> Subject: Looking for a little help > >> To: [email protected], [email protected] > >> > >> > >> Hello John, > >> > >> I'm after a little bit, well possibility a lot, of help from you. > >> > >> I've decided attempt the GSE exam this year. That's not the problem, > >> although a touch of insanity and delusion on my part perhaps. The > >> problem > >> is that only one other person has also signed up, despite GIAC > >> changing the > >> requirements. > >> > >> The bit of help I'm after is for you and the folks at Pauldotcom to > >> put out > >> the challenge to other saner folk to step up with me and get on to > >> the GSE > >> track. > >> > >> If an English bloke, living in Australia that works with Windows - > >> and the > >> fully featured firewall that is ISA - can try for the GSE, then I'd > >> hope for > >> at least five of your ex-students or PDC listeners to take that > >> step with > >> me. > >> > >> There seems to be a massive fear factor about the GSE exams, so > >> I've started > >> off a blog, witty entitled http://gse.chris-mohan.com to chart my > >> attempt > >> and break down some of that GSE FUD. > >> > >> As Paul and Larry first put me on the path to SANS training, back in > >> December of 2005, it would be a neat twist of fate if they could > >> help out by > >> getting me some brilliant people to be part of the final two day > >> practical > >> exam. > >> > >> I'd love to be in the room in Las Vegas working with some great > >> minds to > >> nail the last day's challenge. You and the guys either know or can > >> reach > >> these people and can inspire them to give it a try. > >> > >> To quote a chick with bagels on her head "This is our most > >> desperate hour. > >> Help me, Obi-Wan Kenobi; you're my only hope" > >> > >> A desperate, somewhat over-dramatic plea from the Sunny shores of > >> Sydney > >> > >> Chris > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
