» Certification - Roger's Information Security Blog

Posts tagged ‘Certification’

ECCouncil C|CISO Certification

September 22, 2011, 10:52 am

The ECCouncil announced C|CISO a new certification for Cheif Information Security Officers (CISO) and those who want to be CISOs.

The certification is focused on five domains:

Governance (Policy, Legal & Compliance)
IS Management Controls and Auditing Management (Projects, Technology & Operations)
Management – Projects and Operations
Information Security Core Competencies
Strategic Planning & Finance

As you can tell from my “about” page, I’m not against certification. I’m taking a rather cynical view on this one. It seem designed to shear the sheep whose career aspiration is wrapped into one sentence. “I want to be a CISO.” You see them at Gartner conferences in their suits.

When talking about certification vs education vs experience there can be arguments about technical positions and hireability. I can’t imagine a time when a CISO candidate needs to worry about having this certification or they wont get by HR. (that is the definition of ’you dont want that job anyway’). Skills in those domains are necessary for a CISO. You prove those skills in the interview and references not with a piece of paper.

Tags: Certification
Category: General | Comment

GSE Multiple Choice Exam

January 10, 2011, 3:57 pm

I passed the first part of the GSE today. The GIAC Security Expert (GSE) consists of a multiple choice exam, this is what I passed today, and a two-day lab.

The certification bulletin for the exam portion of the GSE is a bit light. I’m not sure that page is actually linked anywhere. It is missing the number of questions (150), passing score (75%) and length of time allowed (3 hours). The exam bulletin lists the prerequisite certifications (GSEC, GCIH and GCIA) as the test objectives. I would suggest looking at the exam bulletin for each of those quite carefully. Consider these certifications your practice tests. There are no GSE practice tests.

In preparing, one of the first things I did was re-read Preparing for the GSE. Kevin Bong’s advice on preparing for the multiple choice exam applies to all GIAC tests. If you’re smart you’ll follow this advice on all certs and not have to redo the indexes. I don’t follow his advice exactly.

When preparing, the first thing I do is create an Excel doc and create headers for Term, Book, Page, and definition. Under cell formating, you’ll want to enable word wrap on the term and definition columns. The page column needs to be treated as text if you have any old style SANS books that number using the section-page method (e.g. 2-35). Otherwise Excel will think you’re entering a formula.

I next go through the book page by page, entering terms and key concepts. I use the definition field as much as possible so during the test, I may quickly be able to gather the answer without opening the book.

After I’ve made it through all the books, I’ll review the test goals in the certification bulletin. In the case of the GSE, that would be the certification bulletins for the GSEC, GCIH and GCIA. Review each item and make sure it is covered in your glossary. If you did a good job, you shouldn’t have to add too many things to the glossary/index. The last thing you do before the test is sort into alphabetical order and print (preferably doublesided and stapled)

Depending on the course and the age of your books, you may not have a table of contents. I have books with no table of contents, table of contents that are wrong, and table of contents without page numbers. Take the time to create your own table of contents. If you get a question you don’t know, and it’s not in your index, then you’ll be able to find the correct section that much more easily.

Next I printed all of the SANS Cheat Sheets I could find: Netcat Cheat Sheet by Ed Skoudis, Google Hacking and Defense Cheat Sheet, Intrusion Discovery Cheat Sheets for Linux and Windows, IPv6 TCP/IP and tcp dump Pocket Reference Guide, Windows Command Line Cheat Sheet by Ed Skoudis, Misc Tools Cheat Sheet by Ed Skoudis, TCP/IP AND tcpdump Pocket Reference Guide .

I printed out the wikipedia page for the SIP protocol and the MAN pages for SNORT, netcat, syslogd, tcpdump. I also printed out the headers spreadsheet from Mike Poor. I also had the Nmap Network Scanning book by Fyodor but that is abit of overkill.

Where I take the exams they tend to not lump SANS test takers in with genpop. I guess they’ve had experiences with us flipping through the book and disturbing other people. So instead of taking the test in a cubicle, we take them at a L shaped desk. Plenty of room to organize the open-book portion of the exam. The limitation on the amount of things you can bring in remains the same. This can be kind of rough because the test is drawn from 3 courses. I found the SANS bookbag to hold a good amount of things, and I think it falls under the “bookbag” size limit.

So that’s it for part one. The next GSE lab is scheduled for Orlando at the end of March.

Tags: Certification, GIAC, GSE, SANS
Category: General | 8 Comments

Passed the GSEC

October 25, 2010, 2:02 pm

I passed the GSEC (GIAC Security Essentials Certification) this morning. It is a multiple choice format test with 180 questions.

I had been considering taking Security Essentials at SANS CDI in Washington DC. On the one hand, at this point in my career shouldn’t I be able to pass this certification without the conference. On the other hand, there are always things you don’t know and it would be nice to take another course with Eric Cole. SANS has a 50 question test to determine if you are ready for the course or if you don’t need the course. I scored well enough that I decided to challenge the exam. Challenging a SANS exam means instead of taking the conference, or purchasing the self-study option, you pay to take the exam and you get two practice exams. You don’t get the workbooks when you challenge an exam.

Without the SEC-401 books, I looked at other ways to make sure I got the score I wanted. The most help was my SANS CISSP+S workbooks. In 2005, I took SANS version of a CISSP prep course. I highly recommend that course for the CISSP. While it is the one SANS conference track focused on helping you pass a certification, it also tries to give you knowledge that is applicable to work. There is significant overlap between the CISSP and GSEC so those workbooks came in handy.

I also purchased GSEC: The How to Pass on your First Try Certification Study Guide by William Manning. As it says on the first page, the book is not intended to replace the SANS workbooks. I was hoping to use it as a reference but I found it lacking even for that. The built-in index isn’t very good. It give you page numbers where the term was used, so its hard to find the one page where it was really defined well. You’ll need to build your own index for the exam. I also found the book completely lacking in its coverage of Windows Linux and VOIP. If you do insist on buying this, both the first and second edition are available on Amazon. Make sure you get the updated version.

I went after the GSEC because it’s a prerequisite for the GSE. I’ve seen others complain about that. “Why have to get a lower level certification when you’ve completed a higher level certification.” SANS response is that the Unix and Windows components of the GSEC make it unique. They do offer an alternative of taking the Unix and Windows certifications separately. What I find kind of funny is the SANS Cyber-Guardian program has a prerequisite of a GSEC but a CISSP can be substituted in that program. (Although the Cyber-Guardians must attempt a GSE so I guess a GSEC really is required)

Tags: Certification, GIAC, SANS
Category: General | Comment

Step Back I’m Certified – GCIA

June 18, 2010, 3:58 pm

Today I passed the GIAC Certified Intrusion Analyst (GCIA). The blog title refers to a Dilbert strip that I keep on the wall with my certifications. As I recall Certification Man says to Dilbert “Step back from that server, I’m certified!” In the next panel he says, “funny, that’s all I recall from the certification classes”.

The GCIA is the certification associated with the SANS Security 503 course “Intrusion Detection in Depth” that I took in April.

I think getting the certification is something tangible for management to show the training is worthwhile. Other than that, it doesn’t mean much unless you’re looking for another job.

I’ve worked with ISS RealSecure and some Cisco IDSM-2 modules. I was interested in learning a bit about Snort. Also the GCIA is a prerequesite for the GSE.

Tags: Certification, IDS, SANS
Category: General | 3 Comments

GIAC: Going for the Gold

August 24, 2009, 6:43 pm

“Step back, I’m certified.” I just passed the test for the GIAC Certified Forensic Analyst (GCFA). So I’m certified at the Silver level. I was happy to pass and happy to get the score I was shooting for.
The GIAC certifications now have a Silver and Gold level. Back when I first received my GCWN there was only the Gold level. The Silver level certification is what you receive when you pass the test. The Gold level is attained by additionally writing a practical (technical paper).
When this requirement was changed, Richard Bejtlich of TaoSecurity blogged “Of course students will perform this assignment. Who would want to drop $3000-$4000+ and end up with a “Silver Certification?”.
I think time has proven that wrong. If I’d blogged about that I back then I would have disagreed with him concluding most people would stop at Silver. Silver gets GCFA on the resume. My experience shows that Human Resources and HIring Managers do not understand certifications. They often dont bother to verify that they were really earned. In addition to not verifying them, they dont know what they mean. I’ve seen resume after resume claim MCSE. MCSE in what? Windows NT 4.0? This says to me that HR and Hiring Managers wont know the difference between a GIAC Silver and a GIAC Gold unless I take the time to explain it to them. GIAC Gold wont help get me through the HR resume filter. Once I make it to the Hiring Manager and future co-workers, the emphasis should be on skills not credentials; can I actually do forensics.
It looks to me like the market agrees with me. Unless the SANS listing of certified professionals is horribly out of date, no one has obtained a Gold GCFA in about 9 months. People haven’t gone Gold regularly since the requirement was dropped.
I’m a sucker for resume bling, so most likely I’ll be dropping my $300 for the Gold attempt . Or maybe I should just spend that on a professional resume writer.

Tags: Certification, SANS
Category: General | Comment

Social Skills and the Security Professional

February 9, 2009, 4:49 pm

Just how important is it for the Security Professional to have social skills?
It seems like a broken record. In addition to having degrees, certifications and experience. We are now supposed to glide seamlessly into the board room and converse equally well about business units and legal briefs. Its not enough to be technically competent, you’ve got to have a good golf game.
At Shmoocon in the closing plenary an audience member asked for a talk next year on preparing a 30 second security elevator talk. If you’re not familiar with the concept, it is that you have a brief elevator ride with an exec. You have their ear. How do you sell security before the door closes. My VP always asks “are we secure” when I see him. I’ve been told by my Infosec brethren that the answer is yes. Personally I think the answer is “HELL NO as long as users have local admin rights”. Or perhaps a joke, “you aren’t in handcuffs yet, so we must be doing something right.”.
Bill Brenner of CSO online obtained a good quote from the Hoff, Chris Hoff of Unisys and the Rational Security blog.

“The notion that everyone involved in security needs to be able to put themselves out there, get up and give a presentation to the board of directors is ridiculous. We still need skilled operators in the trenches, continuing to do what they do in the basement. Do I want to discourage someone who is fantastic at pen testing by telling them their career will be limited if they can’t put together a PowerPoint presentation for the board?

Tags: Certification, Shmoocon
Category: General | 2 Comments

Step Back, I’m certified

January 27, 2009, 10:52 pm

I’m referring to one of my favorite Dilbert strips in the title of this entry.
I passed the Certified Ethical Hacker ECO-350 exam this morning.
There seems to be a few set reactions to the CEH.
1. “Not the H(acker) word”. These are the same people who get upset when colleges teach their students how to defend a network or system, by teaching them how to break into it. They probably think they are safer in a gun free zone.
2. HR departments and recruiters seem to love the cert.
3. Some think its a poser cert. I dont know about that. I think its a beginner cert, and I found it really easy. As with any certification the quality of the person holding the cert is not guaranteed.
4. Some think EC-Council (the group administrating the CEH) is a scam. That is traced back to a blog post by securitymonkey in 2006. Personally I think he makes a poor case.
The CEH does not require the classroom training or purchasing study material from them. Most of my studying is in being an information security professional for many years. There are a couple things that I’d point to as particularly helpful.
1. Sensepost – Hacking by the Numbers at Blackhat. That was at the first Blackhat Federal. I forget the year.
2. A Masters level course at James Madison University in which the semester was essentially a capture the flag/ defend the flag exercise. That was in 2006 (man time flies).
3. Read the Official CEH book.
I dont necessarily like getting too many certs, but its one way to demonstrate continued learning and development to management types. Unfortunately, I think career wise I’d be better off with a soft skills certification than any more technical ones. Anyone have any suggestions that wouldn’t cause me to submit comic strip ideas to Dilbert because it is so absurd?

Tags: Certification
Category: General | 5 Comments

Renewing GCWN

June 16, 2008, 2:46 pm

I renewed my GIAC certification in Securing Windows today. When renewing a GIAC for the renewal fee you also get access to course materials (mp3s and the course books). I found it a bit dificult to listen to the MP3s. I did notice that when I took the course live I think there was some “you need to know this” where as this time around the only guidance toward the test was “everything in the workbooks.”
GIAC certifications now require proctored tests. They are still open book, but you can’t use electronic books. The answer isn’t as easy to find when you can’t just find it by searching PDF files. The test is 150 questions and you have a four hour limit.
I struggled a bit with IPSec, RRAS and PKI, but did fine over all. I’m glad I don’t have to do that again for another four years.

Tags: Certification
Category: Offtopic | Comment

CISSP Renewed

June 8, 2008, 1:33 pm

Its hard to believe that three years have passed since I got my CISSP certification. It renewal time. I sent off my annual payment to ISC2 and I’m well past the minimum required Continuing Professional Education credits (CPEs).
Here’s a link to an interesting blog entry, Do you Still Value your CISSP.I love the opening story.

Tags: Certification, CISSP
Category: General | 2 Comments

Managing Emotions Under Pressure – part 2

May 22, 2008, 9:28 pm

This is part 2 of a series posts reflecting on a Fred Pryor class titled Managing Your Emotions Under Pressure.
There is more pressure than ever in the workplace. There is just a lot of information to absorb and a lot of tasks to perform. Most of my readers will understand that. They use RSS feeds to sip from the firehose of information that is the Internet. Many of my readers will like me be in Information Security. We’ve got to stay one step ahead of a motivated attacker and protect the business even when the users don’t want to be protected.
Pressure can lead to overreacting emotionally. Overreacting emotionally can have great negative effect on the career.
We’re supposed to be always learning and building our skills. Skills aren’t just picking up another certification, or studying up on the benefits/drawbacks of bitlocker when compared to GuardianEdge. Skills include managing your emotions.
Doing so isn’t easy. Stephen Covey says it takes 6 times to learn and 21 times for it to become a habit. Making changes could be a lifelong effort.

Tags: Bitlocker, Certification, GuardianEdge
Category: Uncategorized | Comment

Roger's Information Security Blog