You want to turn the wrenches take a SANS exam, you want to have a broad range of knowledge focus on the CISSP. Let’s not even bring the CEH into this conversation let alone the Security+

You want to turn the wrenches take a SANS exam, you want to have a broad range of knowledge focus on the CISSP. Let’s not even bring the CEH into this conversation let alone the Security+

That’s funny. Go to usajobs.gov and do a search on CISSP and then go back and do a search on GIAC or GSEC and you will find 1 result and that 1 result for GIAC states that a CISSP is required. By the way, the CISSP search gave me 93 results.

‘Besides the GSEC must be taken every 4 years where the CISSP is a lifelong certification.’ Where are you getting this info from? You have to earn CPE credits after you pass the CISSP to maintain the cert or you have to retake it 3 years later. Unless you consider 3 years a lifetime, please update your resources.

I passed Security+ in 15 minutes after studying for the CISSP.

That’s funny. Go to usajobs.gov and do a search on CISSP and then go back and do a search on GIAC or GSEC and you will find 1 result and that 1 result for GIAC states that a CISSP is required. By the way, the CISSP search gave me 93 results.

‘Besides the GSEC must be taken every 4 years where the CISSP is a lifelong certification.’ Where are you getting this info from? You have to earn CPE credits after you pass the CISSP to maintain the cert or you have to retake it 3 years later. Unless you consider 3 years a lifetime, please update your resources.

I passed Security+ in 15 minutes after studying for the CISSP.

The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to “prevent” them. The only somewhat correct answer is to check the range and offset, but even that’s not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge.

Also, just to weigh in on the CCNA thing (I agree it’s completely different), I took the CCNA 1/2/3/4 route through Cisco’s Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn’t learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense… the English was completely messed up).

My ultimate point is that certifications should mean nothing to you… it’s the knowledge. Anyone can pass an exam (I know CISSPs who couldn’t tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge…. I know CCNAs who couldn’t either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don’t help you grow… when companies figure this out, we’ll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living).

The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to “prevent” them. The only somewhat correct answer is to check the range and offset, but even that’s not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge.

Also, just to weigh in on the CCNA thing (I agree it’s completely different), I took the CCNA 1/2/3/4 route through Cisco’s Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn’t learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense… the English was completely messed up).

My ultimate point is that certifications should mean nothing to you… it’s the knowledge. Anyone can pass an exam (I know CISSPs who couldn’t tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge…. I know CCNAs who couldn’t either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don’t help you grow… when companies figure this out, we’ll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living).

I’ve seen your name on SANS for the GSEC and am awaiting confirmation from ISACA on the CISA.

I’ve seen your name on SANS for the GSEC and am awaiting confirmation from ISACA on the CISA.

Enjoy the world, it will be different a nanosecond from now

SD Dietz