[TriLUG] SANS Security certification

[Jos Purvis]

Kevin Flanagan wrote:
> I took the Security Essentials class last summer, how useful you find 
> it would depend greatly on your experience.  I have had many years of 
> experience as a systems admin, engineer, etc.  I found the class a 
> complete waste of time.  However, if you don't have loads of 
> experience, and are trying to break ground with HR filters etc, then 
> it may do you well.
I agree: the GSEC course has been a problem child for a long time. It 
frequently appeals to management-types who want to understand general 
security problems and concepts a little better, although I have heard 
from some that instructor quality on it can vary. It depends on how much 
technical and security experience you've had: the more you've had, the 
more redundant that class will be. I found the Unix and IDS curricula 
more useful, although I have a higher tolerance for redundancy than some.
> When test time came, a few weeks after class, I was even more 
> annoyed.  I don't see the value in seeing if I can memorize, or look 
> up the parameters that you pass to NMAP.  If the questions were more 
> oriented towards, "Under what circumstances would you use NMAP, and 
> what kind of output would you expect to get?", then I would see the 
> value.  Hopefully we all know about man or /?, mailing lists, etc.
This has been a recurring point of discussion on the advisory boards for 
the certifications. The problem boils down to how to grade exams: it's 
expensive to pay people to grade exams, but machines have a *lot* of 
trouble grading questions like the one you pose above. I still feel like
the exams are too heavily slanted towards questions of the "what flags 
would produce this effect" type, but I've made my opinions known to them 
on that point more than once.

       --Jos