[Dshield] SANS going to proctored exams?

[Johannes Ullrich]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


I second the points made by Clement in this matter. Overall, I would
prefer a non-proctored / webcam option, but ANSI did not allow for it. I
have been involved in some aspects of GIAC's ANSI certification process
and from the little pieces I have seen, the effort has been painful but
worth it.

Right now, we have no way to tell if you actually took the exam, or paid
a friend to take it for you. This is not acceptable if we try to
establish a respected certification.

But the entire ANSI effort goes way beyond that. You may wonder why GIAC
has to become ANSI certified. The short answer: Important parts of the
community start to ask for it, because ANSI certification requires rigor
and consistency in designing the exams.

One of the parts I like most about ANSI is the overall approach to what
a certification is supposed to test: A certification is not supposed to
test if you paid attention in a particular course. Instead, a
certification should test if you are ready to do a particular job. This
starts with what ANSI calls a "job task analysis". GIAC has to enumerate
important job task a person has to master in order to do the job. This
in itself is a labor intensive and important process. Experts in the
field need to be polled and the community is asked to form a consensus
on what the particular job entails. Then exam questions are created to
test these particular skills. The exam questions themselves are tested
and reviewed. Finally, all exam results are carefully analyzed and
question quality is monitored carefully after the exam is finished.

So what do you get out of it: Better exams. Some of our past exam
questions have been lousy. The new system will provide for much more QA
before a question is ever used in an exam.

It was the first time I have been close to a certification process like
this. To some extend, it sounds redundant to have a "certified
certification". The part of the process that impressed me most was that
ANSI took a very hands-on look at our processes. Auditors performed
multi day site visits, and the GIAC team had to provide ongoing status
updates and detailed answers to requests from the auditors. This is not
a hand-waving paper exercise. The auditors went into a lot of details
and did much more then checking of check-boxes. They actually questioned
ever detail and verified how each procedure and policy affects real exams.

Yes, its inconvinient to have to travel to a test site. But read the
full announcement. There are a number of other options: Local colleges,
your HR department, SANS conferences and so on.





- --
Johannes Ullrich, SANS Institute, (www.sans.org)

Cyber Defense Initiative - Washington DC; 17 courses, Dec 11- 18
http://www.sans.org/info/15821
SANS Security 2008 - New Orleans, LA; 21 courses, Jan 11-19
http://www.sans.org/info/15826

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHWMMgPNuXYcm/v/0RA0blAJ9593DqUBEGMWG2+ZwDsY7axW9tfQCfcWhx
Naou1SQwxpysXGFMJGP28Ug=
=gkWG
-----END PGP SIGNATURE-----