SANS GIAC cert

Anybody have this? Besides the SANS materials, are there any study materials or books for this? I do not see any books there, unlike for the CISSP.

"Besides the SANS materials, are there any study materials or books for this?"

AFAIK, there are no current materials for the GSEC except for SANS's stuff.

the situation is different for the CISSP, and I would recommend you get that first if you meet the experience requirements.

the GSEC Gold is a better/more informative cert, but CISSP has more cash value.

GSEC Silver (no essay) isn't really any different.

OK Thanks. I am going to get my CISSP, probably in November. So far, the CISSP materials impress me much more as a management cert than a security cert. As far as the pure security parts, it's not much more than the Security+. I don't really need any of them for the money, just to learn more about a field that I'm not as strong in relative to others.

if you want to REALLY learn security, fuck certs. None of them are worth a shit, except maybe some of the ultra-specialized SANS ones.

buy some books, browse the good security sites, set up a home test lab, and start learning.

tell me what you are interested in, what your skillset is, and I can recommend books.

If you just want to learn, don't get certs. The sole purpose of certs is to get you past HR screens and to an interview.

CISSP is for mark ass herbs.

http://taosecurity.blogspot.com/2005/06/cissp-any-value-few-of-you-wrote-me.html

Seriously, ask Andrew how much of his job involves shit from the CISSP.

"I'm going to put this in terms even a CISSP can understand." - GOBBLES

if you still want to blow money on stuff, consider getting some training at professional cons like BlackHat, the professional version of Interzone, etc.

it costs serious cash, and you'll want to get work to cover it if possible, but it can get you bootstrapped in a hurry via some excellent teachers.

you'll want to do that after you have established a base in the subject, however.

" if you want to REALLY learn security, fuck certs."

Well that's the thing. I'm not looking to get into security, so I'm not looking to learn in depth. Learning security in depth would take away time that I should be improving my crappy programming or database skills or else my basketball game. Even the lowly CISSP is about 1/2-2/3 new material to me. Figured might as well have something on my resume to mark it.

asdf - that's cool, but getting certs and actually learning are different things. :)

"asdf - that's cool, but getting certs and actually learning are different things. :)"

It's the same when you're not that advanced in a field. Obviously you and Yao are way past that in security.

" Seriously, ask Andrew how much of his job involves shit from the CISSP."

My job doesn't involve that much anymore from the LPI 2, MCSE, CCNP, or any degrees either. But every so often I work on something where I am glad I saw the concept before. That's all I'm looking for here.

"It's the same when you're not that advanced in a field. Obviously you and Yao are way past that in security."

ok.

I'm not trying to be snide here, but what you learn on the CISSP, and what would actually probably be useful to you, doing your job as a scientific server cluster group manager (IIRC), are most likely two different things.

I am not 100% sure of this, because I have never done your job.

I'm not operating under the expectation that you will go into security as your chosen field, simply that you will work doing security work as part of your main job.

"But every so often I work on something where I am glad I saw the concept before. That's all I'm looking for here."

fair enough.

"but what you learn on the CISSP, and what would actually probably be useful to you, doing your job as a scientific server cluster group manager (IIRC),"

I get put on a bunch of other projects too. We're building out a new server room, and from the CISSP prep, now I (finally) know what the architect is talking about when he says "preaction" fire sprinklers. Which is good because our facilities guy doesn't know.
Also the management portion is useful to me as well.

Looking at it a different way, there is a good reason they make you pass undergrad Organic chemistry even if you're going to publish papers in Inorganic chemistry. At some point, you have to know the basic concepts of Organic chem. Might as well have your transcript reflect you passed the course.