RE: The Value of GIAC/GSEC Certification

I have completed GIAC certs in both sides of the divide - ie pre and post the changes to certification.

They never removed the practical. They changed all existing certs to automatically be Gold, as these have both a test and prac. They also changed the order - ie from prac than test to test than prac. I was in the process of taking one of the certs when this changed. At this point a choice was given and I did the old way - paper first.

So the prac never disapeared - they just added levels - ie silver and gold. The test is to see what level of cert is held. A Silver is just the test and the number of certified people has incresed significantly if this is all one checks.

The Gold certs are still rare and the ones that are valuable.

However, many people do not know the difference and thus they do not look at the silver and gold as having distinct values.

So Silver GIAC is purely exam based. Gold GIAC is no differnt other than the order of the testing.



From: listbounce@xxxxxxxxxxxxxxxxx on behalf of Don Parker
Sent: Sat 24/03/2007 9:20 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: The Value of GIAC/GSEC Certification

Indeed the practical portion was done away with and then brought back after
a lot of bitching was done. You may want to read the column on Securityfocus
I wrote about it actually :-)

That column pretty much sums up my feeling on GIAC now.



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Tony UcedaVélez
Sent: Tuesday, March 20, 2007 10:25 AM
To: 'Johnston Mark (UK)'; andrews@xxxxxxxxxxx;
Subject: RE: The Value of GIAC/GSEC Certification

Agree with everything Mark noted, however, I believe they did away with the
practical as of roughly 2 years ago. It may be only relevant to only some
of the GIAC certifications, but I distinctly remember seeing that the
practical was retired for various GIAC certs.

If this still holds true, its regrettable b/c the practical was indeed a
huge aspect in truly learning about a security disciplined compared to the
traditional multiple choice Q&A that you get with the exam portion and other
security examinations.

Overall, I highly recommend the cert along with partaking in an actual boot
camp prior to the cert. Like Mark said, great way to intermingle with some
of the top security professionals today.


Tony UcedaVélez, CISM, CISA, GIAC
VerSprite, LLC
(office) 678.938.3434
(email) tonyuv[at]versprite[dot]com

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Johnston Mark (UK)
Sent: Thursday, March 15, 2007 5:06 AM
To: andrews@xxxxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: The Value of GIAC/GSEC Certification

Hey there,

The biggest distinguishing factor between the 2 certifications is that for
the GIAC certs, you need to complete a practical. This is where I believe
the value comes in, as to be able to pass you must have the practical
knowledge. Take for example the GCFW ... when I did it you needed to design
a secure network, and display the configurations for the particular
components that you used. Then you had to show an attack on a previously
designed network.

If you participate in the courses, you'll also get to meet some of the top
guys in the security industry ... like Eric Cole, Stephen Northcutt Chris


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of andrews@xxxxxxxxxxx
Sent: 14 March 2007 13:36
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: The Value of GIAC/GSEC Certification

Does the GIAC/GSEC certification have value for someone with the CISSP

I am planning on getting my CISSP this year, but I may have a chance to go
for the GSEC a bit earlier. Would that add any value, or is it a waste of
time if I can attain the CISSP?


This electronic message contains information from O2 which may be privileged
or confidential. The information is intended to be for the use of the
individual(s) or entity named above. If you are not the intended recipient
be aware that any disclosure, copying distribution or use of the contents of
this information is prohibited. If you have received this electronic message
in error, please notify us by telephone or email (to the numbers or address
below) immediately.
O2 (UK) Limited 260 Bath Road, Slough, Berkshire SL1 4DX Registered in
England and Wales: 1743099. VAT number: GB 778 6037 85

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.

Relevant Pages

    ... the materials and touched the technology. ... trough a certification process and get certified. ... I am proud to be a certified security professional:) ... Certs are sort of new to the scene. ...
    ... You've got a B.S. in infosys, yet due to the certs, you have to go get them to break through the HR barrier. ... You've put in ~4 years, paid thousands, and have been given all the basics, you should be hired and tutored and begin your career. ... Luckily the school also teaches Security++, and he's good with XP so he switches to that instead, and uses a cheat sheet to pass. ... it's normal to see a test king poking out from the study guide of a lot of students in certification classes. ...
  • Re: [Full-Disclosure] Certifications
    ... > A certification like the CISSP is NOT an in depth certification. ... Does this makes him a security ... GIACs actually demonstrate you know what ... >>today due largely to some certs would tend to disagree. ...
    ... Subject: CISSP-ISSMP ... it's normal to see a test king poking out from the study guide of a lot of students in certification classes. ... If the guy has a buttload of certs, but 4 months experience doing simple telephone support work give him a chance, ask good questions, find out if he really knows his stuff, if he does, hire him. ... Many 'security jobs' are nothing shy than that of an overly glorified ...
  • RE: GIAC Dilution
    ... GIAC is in a transition. ... more people attempt and gain GIAC certification? ... I was planning to take this exam as well. ... would have the same market value - both being only exam based certs. ...