[TriLUG] SANS Security certification

[Jos Purvis]

Byarlay, Wayne A. wrote:
> Greetings Triluggers, Midwest lurker here,
>
> Are any of you familiar with the SANS organization, and their various
> certifications? If so, what is your opinion? 
>   
Disclaimer: I've been involved with the SANS organization for a long 
time (author, certification grader, attendee, although not instructor).

That out of the way, I like the SANS certifications. If you're looking 
at security work, SANS are good technical certifications to have, and 
they're starting to show up on more and more job listings alongside 
longstanding certs like the CISSP. Having just been through the whole 
job search process in security, I can tell you that the CISSP is still a 
more valuable cert (especially in terms of money), but the SANS certs 
will often get you through the "HR firewall" just as well, and more 
employers are recognizing them these days as a plus.

The SANS courses tend to reflect more technical than theoretical 
content, although they have a wealth of new certs now and have realigned 
the GSEC curriculum to align perfectly with the CISSP domains (meaning 
that taking the GSEC curriculum will typically prepare you decently well 
for taking the CISSP as well). The CISSP tends to be described as an 
inch deep and a mile wide, whereas the SANS individual curricula tend to 
be just the opposite--perhaps a foot wide and a mile deep, as it were. 
The certification process is easier than it used to be, as they're 
trying to encourage growth, but it's nowhere near a cakewalk, so plan to 
spend some time working on it after taking the course.

If you have specific questions about the certification process, what's 
involved, the history of the certs, or more of my personal opinions on 
the subject (so I don't bore everyone), I'd be happy to share them with 
any interested offline--just drop me an email.

    Cheers,

    Jos