Re: Again on certification

From: Johannes B. Ullrich (
Date: 04/22/02

Date: Mon, 22 Apr 2002 11:55:16 -0400 (EDT)
From: "Johannes B. Ullrich" <>
To: "Angelo Perniola" <>

I think with respect to Information/Computer Security, there
are two places to look at:

- SANS ( GIAC certifications. A number of different

- ISC2 ( CISSP certification.

A quick comparison (disclaimer: I work for SANS):

The SANS GIAC certifications are available in a number of different
subject areas and at different 'levels'. The 'Security Essentials'
is the all-around introduction to information security. Other
certifications like the Firewall or Unix Certs. provide ask for
a more detailed 'hands on' knowledge.

CISSP on the other hand covers a very broad range of information
security knowledge. It goes way beyond computer security (e.g.
phsyical security, fire prevention). In my opion, CISSP is targeting
more management folks than hands techies.

There are a number of vendor specific certifications as well (Cisco,
Microsoft, Novell, Checkpoint...). However, they don't do you much
good unless you are working with that specific equipment. They are
a good thing to ask for once you have a job and your employer is
using this particular equipment. For now, you are most likely better
of with a non-vendor specific certification.

-------                    Join
                          Distributed Intrusion Detection System