.

The value of GSE

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Oct 04, 2010 6:56 am

The value of GSE

The GIAC Security Expert (GSE) is, from what I understand, the hardest certification to obtain from SANS/GIAC. In order to get it, you have to earn several other certifications, including "gold" ones where you have to write research papers.
http://www.giac.org/certifications/gse.php

But if you look closely at the link above, it seems that only 22 individuals currently have this certification, compare to tens of thousands owning a "normal" SANS/GIAC cert. This is obviously a very big cert to have!

But other than for personal knowledge, is it worth the time/money/effort? What if you put your energy on, let's say, CEH/CISSP/CISA/GPEN/OSCP/CCNA? I know these certs serve different goals, but combined, they are probably as time consuming than GSE.

It seems to me that, although owning a GSE (and all its sub-certifications) would be very good, having other certifications may be better for you because they are more "known" by employers.

Obviously, it all depends on what is your goal with certs. But I think that for most of us, it is to help us find the job we want to do.

What do you guys think?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 04, 2010 8:53 am

Re: The value of GSE

I can tell you that the GSE is very valuable if you are going to be working as a Federal Gov't contractor or as a Federal employee but probably doesn't hold as much weight in the private sector.

This is just speculation on my part, but I bet if you were to look into all the people that hold the GSE that they pretty much do already hold non-GIAC certifications like the CCIE/RHCE/CISSP/etc.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Oct 04, 2010 9:16 am

Re: The value of GSE

they pretty much do already hold non-GIAC certifications

That is certainly true!

But if you compare other certification paths, is it that valuable? Again, only 22 guys have it right now...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Oct 04, 2010 10:57 am

Re: The value of GSE

SANS certs are very well respected in the government and private sector, so  no doubt it is valuable.

The GSE can be achieved in different ways, therefore you have certain freedom to build your path according to your needs/wishes. However, these certs are more on the technical side, so if your pursuing a managerial position, maybe it's not the best path.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Oct 04, 2010 11:06 am

Re: The value of GSE

@mambru: I understand GSE very well and indeed, it's quite a achievement! But at the same time, it requires a fairely big chunk of your life. For a pentester for example, would it be better to follow another path?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 04, 2010 12:03 pm

Re: The value of GSE

For a pentester for example, would it be better to follow another path?


In my opinion, yes, the GSE is not for someone that is pursuing a "specialist" career path such as pentester, forensic investigator, etc. etc. I see the GSE as a "generalist" certification. Although the certs that you must obtain in order to sit for the GSE are "specialist" certs, the overall body of knowledge that the GSE encompasses is pretty broad. So, I would see a GSE holder in more of a security architect type position than a Sr. Penetration Tester. Now, I'm not saying that studying for and passing the GSE precludes you from being a Sr. Penetration Tester, but the GSE certification will help you in a "generalist" career path more than a "specialist" career path.

For what it's worth, I am not speaking from any personal experience...I have not sat for the GSE and in fact do not even hold the pre-reqs...this is just my halfway informed opinion...

I'd love to hear from a GSE holder if there is one on these forums.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Oct 04, 2010 12:20 pm

Re: The value of GSE

  Code:
it requires a fairely big chunk of your life


and a big chunk of your economy as well ;)

I don't agree with ziggy_567, IMHO GSE is a valid path for a Pen Tester. You could achieve it through certs like GPEN, GWAPT, GAWN, GREM which comprise essentials topics for a Pen Tester.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 04, 2010 12:29 pm

Re: The value of GSE

@mambru

The pre-reqs for the GSE can be accomplished by primarily pentesting certs as you stated, but that doesn't change the fact that the written/practical focuses mostly on the material from the GCIA/GCIH/GSEC tracks.

As I said, a pentester could definitely obtain the GSE, but I think you get more bang for your buck with the GSE if you're following a different career path.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 04, 2010 12:45 pm

Re: The value of GSE

I'll be attempting this in 2011 with a (now ex-) coworker of mine. We're starting to put a blog together with notes, lab setups, sample captures, etc. It's mostly just rambling at this point though. I have a month or two of college classes I have to wrap up before I can commit a lot of time to it, but I'm going put an enormous amount of time into it starting in December or January. I'm pursuing this primarily because it's 1) a challenge, and 2) once you obtain it, you can renew all your GIAC certs by passing the GSE written exam once every four years.

Chris Mohan took a stab at it this year, and he's posted some thoughts on his blog: www.chris-mohan.com I can only imagine how excruciating the 30-day wait would be, ugh...
The day you stop learning is the day you start becoming obsolete.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Oct 04, 2010 1:54 pm

Re: The value of GSE

This is all good guys, but no one seems to answer my main question! ;)

Is it worth the effort compare to other certs?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 04, 2010 2:07 pm

Re: The value of GSE

Is it worth the effort compare to other certs?


With all due respect, that is a very personal question!  ;D

Like dynamik, I think it would be worth it for the challenge of it and the fact that I don't have to renew ALL my GIAC certs. All I have to do is pass the written every four years.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 04, 2010 2:28 pm

Re: The value of GSE

mambru wrote:
  Code:
it requires a fairely big chunk of your life


and a big chunk of your economy as well ;)

I don't agree with ziggy_567, IMHO GSE is a valid path for a Pen Tester. You could achieve it through certs like GPEN, GWAPT, GAWN, GREM which comprise essentials topics for a Pen Tester.


I missed this; that's actually not true. The exam is structured around the GCIH and GCIA. Windows and Linux skills are also required with either the GSEC or both GCUX and GCWN. I wouldn't necessarily call it a generalist certification, but it's definitely focused on IA and IH and not pen testing. While you can substitute additional 500-level certifications for the required gold papers, it's not going to change the focus of the exam even if you decide to do something like GPEN and GWAPT. That's not to say that type of knowledge wouldn't be useful on the exam, but again, it's not the focus. There were rumors of a GSE for penetration testing that included GPEN, GAWN, and GWAPT, but I asked recently and was told there were currently no plans for it.

H1t M0nk3y wrote:Is it worth the effort compare to other certs?


Honestly, probably not. The only times I've seen it mentioned on job applicant wish lists have been in a ridiculous context, such as, "GIAC or GSE certified." Like you've observed, there have only been a couple dozen since it started in 2003. I'm doing it for personal reasons and because I want to feel like I'm part of an exclusive geek club ;)

If you're pursuing certifications because you want mass recognition, this probably isn't the one to go after. I wouldn't expected the masses who aren't in-the-know (read: hiring managers) to even be aware of it, but they'd probably think you could walk on water if you told them you were a CCIE.

Or, I'm just telling you that to discourage you to keep the numbers low. Who knows...? ::)
The day you stop learning is the day you start becoming obsolete.
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Oct 04, 2010 3:34 pm

Re: The value of GSE

@dynamik

Please don't misunderstand me.  I'm not saying GSE can be build upon pen testing certs exclusively, I know GSEC, GCIH and GCIA are the core for GSE, but you can include GPEN, GWAPT, GAWN, which are directly related to pen testers. And GSEC, GCIH and GCIA comprises the basic skills any security guy should have, even a pen tester.

That's why I think GSE is worth the effort, personally I don't pursue certs because their renown, but because what they offer to teach me and skills I can acquire.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Oct 04, 2010 6:04 pm

Re: The value of GSE

With all due respect, that is a very personal question!

It is indeed a very personal question that you can answer anonymously through your nickname "ziggy_567 "...  :D

Honestly, probably not. The only times I've seen it mentioned on job applicant wish lists have been in a ridiculous context, such as, "GIAC or GSE certified." Like you've observed, there have only been a couple dozen since it started in 2003. I'm doing it for personal reasons and because I want to feel like I'm part of an exclusive geek club


That's the kind of answer I was looking for, thanks dynamik!

That's why I think GSE is worth the effort, personally I don't pursue certs because their renown, but because what they offer to teach me and skills I can acquire.

I agree with you mambru! I see two main advantages of certs in general:
1) It is like a learning plan to help and guide me in a perticular field;
2) It helps me tell recruters that I know a few things in the field.

So for me GSE (and its "sub-certs") :
1) It is a huge learning plan, incredible for personal experience!!!
2) Like dynamik mentioned, not a lot of people know about it.

While for me, something like CEH/OSCP/CISSP/CCNA:
1) It is a huge learning plan, incredible for personal experience!!!
2) A lot of people know about them

So you guys know where my heart belongs...  :)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Wed Oct 13, 2010 12:40 am

Re: The value of GSE

Hello H1t M0nk3y,

A resounding YES to your question: Is the GSE worth the time/money/effort?

I didn't do it for the glory, fame or to get a pay rise. I did it to learn and wow, did I learn.

I’m one of ziggy_567’s generalists, pretty much focused on the defensive side, but there are some super smart offensive guys that are GSE’s, so it is up to the person taking the exam to work out the personal value. The people taking the GSE with me were a very diverse group. The only real definition I would place on them is they are all driven, seasoned security professionals with a desire to test and push themselves.

I’ve got a number of other qualifications and always on the lookout for inspiring trainers and courseware to make me want learn. The GSE is a long term goal, rather short to mid-term one, so by all means take and excel in CEH/CISSP/CISA/GPEN/OSCP/CCNA etc, but once you completed them it is great to have somewhere else to aim for, should that be the path you want to follow.

As a career advantage, it definitely helps you stand out. If you’re going for a security role and the interviewer doesn’t know what a GSE is or says about your abilities, then I’d suggest you’re applying for the wrong role. Again this is a big picture, long term career certification.

My simple analogy; this is a CCIE/MBA for the security industry that is recognised as hands on ability. SANS is market leader for corporate security education and for good reason, in my opinion, so this level of testing and certification isn’t for everyone.  Other companies may come along and offer similar levels of exams, and I hope they do, but the security industry needs to have clear examples for non-industry people to differentiate ability and knowledge.

I know enough networking folk to realise that certs don’t make the engineer, it’s skill, knowledge, ability and experience that do. Practical exams test those four areas, so you prove firsthand that it’s not book or braindump smarts, and that’s praiseworthy in my book. The GSE has a soft skills component, so while it is a very technical exam, being a back office, exploit-coding god without impersonal skills means you’re likely to fail. It is vital to be a good, or even great, communicator as a security professional or your message fails on uncaring ears and you fail.

Money is a big issue, but I’d say any taught education costs. Once someone else stops paying for your education, you really have to be motivated to expend time and energy never mind the money. SANS is focused toward companies and organisations willing to pay for good training, so hopefully work will pick up the tab for most of the training. If you’re doing this out of your own pocket, do what I did – apply as a SANS work study volunteer:  http://www.sans.org/security-training/volunteer.php

I hope that lots of people step up and challenge the GSE exam, to better themselves, continually push the industry to keep current and give others something to aim for being. Like anything the more people that are GSE’s the more they’ll be in demand. Cisco’s CCIE program started in 1993, considered as one of the hardest exam certifications, has over 22 thousand certified CCIEs nearly twenty years on. You decide if this is due to people want to excel and prove their skills or market demand. Or both :-)

A minor correction to your original post, there’s 29 people who are GSEs - now ;-)
Next

Return to Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software