Posted by on March 13, 2005

SANS/GIAC is dropping the practical assignments for their certifications.

I hold two SANS certs, the GSEC and the GCIH. You can click on the buttons on the left hand column to learn about them. For both of these I had to complete a practical assignment which was a paper on a particular topic. Under the PAPERS section on the left column you can find mine. These practicals are what set SANS apart from the rest of the certification world. They required practicals for every certification…not just the more senior certs like Cisco and others do. A SANS Certified professional could be considered a DEMONSTRATED PROFESSIONAL in the security world because of the practical. But no more.

I sent the following letter to SANS regarding the issue:
While I bow to the vision of the SANS/GIAC leadership, I can’t help but think this is a bad idea. The practicals are what has set SANS/GIAC apart from the other certs. Has there been any thought given to keeping the practicals as an option for certification? This would effectively allow what you want while providing those who want the additional challenge, and recognition, to move ahead of the rest of the pack.

I could whine about the many hours I put into both of my GIAC certs and the pride I take in attaining them but that would only serve to demonstrate my love of whining. What I can say is that the lack of available time to complete these certs is simply a cop out. My day job regularly requires 80hr weeks. My consulting business also takes a substantial amount of my time. I still managed to complete both certs…didn’t sleep much but I completed them. The point is holding a GIAC cert demonstrates not only a certian level of expertise but also a committment to a goal. Passing the exams was a CAKE WALK compared to fulfilling the requirements of the practical assignments. No matter how difficult you make the exams nothing will replace the challenge and the required mastery of the material that the practical assignments held.

Count me in the “Respectfully Dissenting” column.
I’m profoundly saddened by this…okay…”profound” may be a strong word but the thought of the SANS certs becoming anything close to the MCSE as far as overall reputation just sickens me.

I still believe there is only one REAL certification track for serious security professionals and that is SANS/GIAC.

Last modified on March 13, 2005

Categories: InfoSec

« | Home | »

Comments are closed.

%d bloggers like this: