sans gsec

Discussion in 'IT and Computer-Related Degrees' started by scubasteveiu, Aug 3, 2006.

  1. scubasteveiu

    scubasteveiu New Member

    Anyone in the midwest thinking of doing this cert?
  2. Jigamafloo

    Jigamafloo New Member

    Could you be more specific, and post a Web link? I found this one: , but I'm not sure if this is what you're referring to.

  3. scubasteveiu

    scubasteveiu New Member

  4. scubasteveiu

    scubasteveiu New Member

  5. scubasteveiu

    scubasteveiu New Member

    Just passed both tests for the GSEC.

    Not easy, not cheap, but well worth the effort and resources.
  6. sentinel

    sentinel New Member

    Master of Science in Information Assurance

    Steve, I notice you completed the MSIA degree at Capitol College. How was your experience with Capitol College?
  7. scubasteveiu

    scubasteveiu New Member


    I can not say enough good things about the school. Are you thinking about doing the MSIA?

    The only real downside - name recognition. Not many know about the school, however you would be surprised how many know of Capitol in the security circles.

    Also, what is a plus for me, may be a negative for others ... the classes are live lecture over the web.

    I have done a couple other posts about the school. Dig those up too. If you have any specific questions - let me know.
  8. sentinel

    sentinel New Member

    I have been contemplating the MSIA. I anticipate breaking into the security field may be somewhat difficult despite significant experience in the IT industry working primarily in the area of enterprise-scale identity management and secure electronic communications systems. Any advice?
  9. scubasteveiu

    scubasteveiu New Member

    I did a post about this exact topic here:

    Also, be sure to take a look at the TaoSecurity blog here :

    There you will find a post about "Starting Out in Digital Security" - those two postings should get you started.

    In short, yes - it s difficult. You have to really want to do it, and be ready to get your foot in the door. What I mean is that you must study (almost to the point of making it another job) just so you can be good enough to apply!

    I spent a lot of resources to get my foot in the door. I flubbed two interviews internally before I finally landed a position in InfoSec. During those three years (the duration from interview one to interview three) I completed my Security+, 33 graduate credit hours for my MSIA, 42 credit hours for my MBA, paid for SANS / GIAC GSEC out of pocket, completed my PMP, and founded IndySec. The rough number for that madness was around $40K (much of the .edu work paid for by my employer) -- I like to stay busy.

    When I found out about my current position I already had an offer with another company in a non InfoSec discipline. That offer would have paid $40K MORE than my current position --- I turned it down just for the chance to interview again. I interviewed and got the job.

    To me, I feel as if I have the best job in the building. I love my work. My career is not really work to me.

    Why did I share all of that nonsense --- ? I wanted to share part of what I went through to land that position. You have to really want it. Anything is attainable if you work at it enough.

    Read those two blog postings - - - I will see what else I can find. Let me know if you have any other questions.

  10. lspahn

    lspahn New Member

    I think stephen hit the nail on the head. Infosec as a whole is a ongoing process. You never know enough, and there are always weak areas in your personal arsenal. I have financed my BS, CISSP, CEH, MCSE, and CCNA. I got corporate sponsership for Sec+, EnCe, CBCP, and the upcoming GCIH. I am also planning to attend capitol to round out the package.

    You are always working, but thats easy for people who love the subject. I am incredibily excited about going to SANS Detroit 07 for the GCIH. I have 2 other classes schedule for the next 12 months (Encase and MBCP). Im paying for 1 of those.You have to love the material to keep up, period. If its a job, not a passion, I dont see how anyone would have the drive or resolve to keep pace with those that do.

    There is also alot of draw to security due to the preception of high salaries. While I guess we can debate salary, the influx is without a doubt. That also pushes the level of qualifications up further to remain competitive. And this is were SOME certs and the MS provide a huge advantage

    IMHO of course...

  11. lspahn

    lspahn New Member

    SANS Edu Update...

    Didnt know if anyone had seen this:

    Accreditation Questions
    How do the credit hours determine the amount of time spent in classroom and lab instruction ?

    While we are not an accredited University and are unable to offer "official" credits, the credit hours are set up to help you determine the amount of time you will spend in classroom and lab. The fewer credits means a shorter course.

    One-half credit hour is given for each 6 hours of classroom time. Our 6 -day courses that have 36 hours of class are given 3 credit hours. If the course has Bootcamp ( evening training), another credit hour is given. A 2-day course is 1 credit and a 1-day course is .5 credit hour.

    When will you be accredited?

    SANS Technology Institute is licensed through the State of Maryland, by the Maryland Higher Education Commission, to grant master degrees. We also have applied to be a candidate for accreditation with the Middle States Commission on Higher Education (MSCHE). We will be seeking accreditation from MSCHE when we complete the candidacy period and graduate the first class of students.This process takes time, and we are actively pursuing it.

    Which region will you be accredited in ?

    We will seek accreditation in the Middle States Accreditation region. We are also seeking to accredit GIAC via ANSI.

    Will The SANS Technology Institute be a NSA Center of Academic Excellence ?

    We will look into it as soon as we complete accreditation.
  12. scubasteveiu

    scubasteveiu New Member

    They should have FULL Middle States Accreditation in the first half of 2007 - per the director of the program.

    That means I can use my tuition reimbursement for SANS training ... now, that does leave the distinction between SANS U and just taking a course from SANS.
  13. lspahn

    lspahn New Member

    And, will SANS courses be transferable to other schools??? I can get my employer to pay for SANS classes, but not college. This would be a good work around.
  14. TEKMAN

    TEKMAN Semper Fi!


    Since you are in the IT security. How would you rank the following certification?

    ISC2 - CISSP
    Cisco - CCSP
    ECouncil - CEH
    CompTIA - Security+

    I want to go for CISSP, but I think I am not ready yet. Therefore, I would like to choose CEH before going to CISSP.

    Thanks in advanced.
  15. siersema

    siersema Member

    I'm no security guru, but I do like to take certs. In my opinion take a look at what is wanted out there by employers, and when in doubt go with big names. I have not yet taken the CEH test, but I will since I took the course. My employer paid for it, I thought it would be interesting. It was at that. It was essentially a 'hacker' class about varoius tools you could use to hack. The detail on actual defense and real security for a network was a bit lacking. From the test prep I've done it seems like there's a lot of focus on command line switches for various utilities. I'm always bothered by these types of questions as they don't prove any actual knowledge in the subject, just knowledge of a specific utility that you could have easily used the help file to figure out in the real world. In my opinion future employers may see this cert as a joke and will snicker at the thought of an 'Ethical Hacker'. It is for this reason that even EC-Council has the exact same cert for Government employees, but with a different name. Off topic, but also of interest. EC-Council is trying to create their own University they will of course take their own certifications for credits. They are not accredited, though I doubt they could be yet since they don't actually offer any courses at this time.
  16. scubasteveiu

    scubasteveiu New Member


    I am new to Infosec - so, please consider the source.

    In my opinion, there is no way to rank those certs.

    I know many people who take the Security+ exam as a primer for the CISSP. The CISSP is much more difficult, but the Sec+ can been seen as a stepping stone and confidence builder for some.

    My advice, if you just obtained your 2 - 4 years of experience* for the CISSP and want confidence boost, then take the Sec+ (if you do not have it already). If you are a Security Manager with 4 + years - just take the CISSP.

    Speaking of managers, the CISSP is a management cert. I will say it again -- the CISSP is a MANAGER cert! The SSCP is actually geared to be more technical. However, technical or not, manager or not, the CISSP will get you a lot more resume action.

    The SANS GIAC GSEC training / cert is top notch. You go over the 10 domains, you have hands on labs and instructor led training. It isn't cheap, bit it is worth it -- for sure. If you have the money, but maybe not your 4 years for the CISSP - start here.

    CEH - if you are doing pen testing, go for it. I will get to it eventually. Also, if you are a consultant, you might find this of value.

    Cisco - CCSP - I have no experience with this cert.

    * full time information security experience. credit given for other certs and or education. view the isc2 website for more info.


  17. scubasteveiu

    scubasteveiu New Member

    From what I have read, the cert and related training attempts to give a systematic approach to system foot printing, scanning, enum, hacking ...

    There is an exam cram 2 book for CEH that is really good. I own it and it is pretty well written.

    As far as your comment "The detail on actual defense and real security for a network was a bit lacking." is completely accurate. The class is not defensive in nature, it is purely offensive. It is then up to you, should you choose, to take what you have learned and turn it into a balanced, defense in depth approach to systems security.

    You need to understand the tools and the switches, so it shouldn't be a shock to see them on the exam. Take any IT exam and you will find the same thing.

    The name change was merely because the ol US of A didn't like the term hacker. Sigh. Us 'yanks' requested it.

  18. lspahn

    lspahn New Member

  19. siersema

    siersema Member

    True to an extent, I found there Certified Hacking Forensic Investigator course to be more along these lines than the CEH course though.

    What makes this even more interesting is that the clone test with a new name for the Government is called Certified Network Defense Architect. You wouldn't think this test would focus on a purely offensive nature.

    A shock? No, but to much of a focus, if the test prep was any indication. Also I know I didn't say which certs I have so I guess I could understand the "Take any IT exam.." comment. For the record I currently hold MCP, MOS, MCSA, MCSE, A+, Net+, i-net+, Linux+, e-biz+, CCDA, CCA, CNA, AIX Operations/Specialist/Technical Expert, EMCA, HDA, ITIL, and multiple others. With the exception of the AIX Operations exam, which seemed to have a fascination with how to do every little thing you could do with VI and other interesting command line things like a backwards search of files looking only for a capital letter with grep, very few had a specific request for many command line switches for specific utilities.

    Maybe after I actually take the CEH test I will appreciate it more. I was a little dissapointed by CEH. Also, if you look at taking ECSA it's almost the same test/class as CEH, but suposidly a much easier test. CHFI was interesting and more what I was expecting.

Share This Page