[TriLUG] SANS Security certification
Jos Purvis
purvis at melete.org
Sat Jan 27 12:37:59 EST 2007
Kevin Flanagan wrote:
> I took the Security Essentials class last summer, how useful you find
> it would depend greatly on your experience. I have had many years of
> experience as a systems admin, engineer, etc. I found the class a
> complete waste of time. However, if you don't have loads of
> experience, and are trying to break ground with HR filters etc, then
> it may do you well.
I agree: the GSEC course has been a problem child for a long time. It
frequently appeals to management-types who want to understand general
security problems and concepts a little better, although I have heard
from some that instructor quality on it can vary. It depends on how much
technical and security experience you've had: the more you've had, the
more redundant that class will be. I found the Unix and IDS curricula
more useful, although I have a higher tolerance for redundancy than some.
> When test time came, a few weeks after class, I was even more
> annoyed. I don't see the value in seeing if I can memorize, or look
> up the parameters that you pass to NMAP. If the questions were more
> oriented towards, "Under what circumstances would you use NMAP, and
> what kind of output would you expect to get?", then I would see the
> value. Hopefully we all know about man or /?, mailing lists, etc.
This has been a recurring point of discussion on the advisory boards for
the certifications. The problem boils down to how to grade exams: it's
expensive to pay people to grade exams, but machines have a *lot* of
trouble grading questions like the one you pose above. I still feel like
the exams are too heavily slanted towards questions of the "what flags
would produce this effect" type, but I've made my opinions known to them
on that point more than once.
--Jos
More information about the TriLUG
mailing list