..interesting. I didn't know SANS had gotten anti-CISSP?! I guess it's been a while since I attended one of their conferences (last was SANS '98) and I was a guvvie (note spelling!) contractor (non-CISSP) at the time.
Personal view/experience: CISSP -- Security Expert. Great cert to cap off a long career (in my case 18 plus years in COMSEC/COMPUSEC/INFOSEC/ST&E/CT&E/ID/IR) without taking a Master's. Great for consulting, whether Big-5 or other commercial company. Indicates expertise/provides credibility that opens doors for consultants. Great for enhancing probability of successful application to "C I/S O" positions. GIAC: Analyst. Most useful for the Counterpane/Vigillinx/MSP de jour. Might be helpful cert for garden variety management consultants, but, by and large, they can't stay current with the latest attacks (for reasons of billability) and remain highly paid for long... For CIO/CSO's they probably have or need several on their staffs, so they probably don't need this cert, though they might want to pursue it. As far as maintaining/earning CPE's... If you're a consultant, try to land a speaking engagement or two at your local Infragard (blatant plug), ISACA or other professional association chapter (financial services societies are big on this). Write a white paper (or two) and try to get it published (internally or in an industry mag). Remember, if you do any training/teaching of your junior or peer consulting staff (or clients!), that counts too! (That reminds me, I have some CPE's to submit...) Big conferences are difficult. I've had more success landing gigs as a "booth dude" than an attendee in the past year... My .02, JF Joe Faraone, CISSP Enterprise Security Solutions Practice Center of Excellence Unisys Corporation [EMAIL PROTECTED] [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 5:55 AM To: [EMAIL PROTECTED] Subject: Re: Article: 10 Hottest Certifications for 2002 > Finally, the certification was originally designed > for and by federal gov't types...govvies. Many of > the questions when I took the exam in '99 were > heavily weighted toward the Rainbow Series, > particularly the Orange and Red books. The CPEs > are heavily weighted toward govvies, as well...I > don't know many commercial consulting firms that > can have their employees running off to > conferences and doing other things that they can't > bill to, all to get these CPE points. Oh, I don't know...I'm a 'govvie' and I'm just a couple of hours short of recertification for CISSP without attending a single conference. I will admit, though, that all certifications in the InfoSec field that I've investigated (not just CISSP) are pretty darned self-serving. They tend to be highly competitive with one another, and to me that just hurts us in the overall picture. Certs should ideally be complementary or reinforcing, not mutually exclusive. I'd be a lot more inclined to pursue GIAC (I'm a big fan of SANS) if they weren't so frankly anti-CISSP. I'm sure GIAC folks find the reverse to be true. Instead of competing against one another, it would be nice to see some cooperation and a concerted attempt for each to fill in the gaps left by the other. Cheers, RGF Robert G. Ferrell, CISSP http://rferrell.home.texas.net/rgflit.html [EMAIL PROTECTED]
