[Dshield] SANS going to proctored exams?

[Raw, Randy]

Several of the people where I work are GIAC certified. We have made a
practice of getting ready for GIAC certs by indexing our massive stack
of SANS material electronically. It is a great way to prepare and study,
and helped tremendously during the test. We don't use Google to help
with the exams, but have made significant use of the electronic indexes
for searching. We have used those indexes later on with Incident
Response, Forensic investigation, etc as it is easier to search the
index for the proper book/page than trying to remember it from a class
you took 4 years ago.

That resource is now unavailable for testing. We feel like it will take
us a lot longer to take the exam and we are a little concerned that it
could cause problems with passing the tests as it takes a long time to
search 6 manuals to find the information. The brain can only retain so
much before the bits start to hit the floor. As someone else mentioned,
I would rather hire someone who can find the material, than hire a
person who might be able to memorize and regurgitate today and not be
able to find the answer tomorrow.

Is anyone else concerned about this?

Randy

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Dave Hull
Sent: Friday, December 07, 2007 11:19 AM
To: General DShield Discussion List
Subject: Re: [Dshield] SANS going to proctored exams?

On 12/7/07, Joel Esler <eslerj at gmail.com> wrote:
> You also have to remember that Certs on a resume gets you either put
in
> the "interview pile" or gets you past HR.  it's also used for salary
> negotiation.

Sadly, this does seem to be the case at many large orgs.

> Because it's not about if you have the certs.  It's "can you do the
> job".

Indeed and Johannes Ullrich's post in this thread addressed ANSI's
"job task analysis" emphasis. So it would seem that the ANSI
certification process should lend itself nicely to making sure cert
holders know something about what's required to get the job done.

> I know of people that have the CISSP that can't get out of a wet paper
bag.  Alot
> of them actually.
>
> But for that matter, I know people that have masters degrees in
Computer
> Science that have no idea what a 'packet' is.

Is a packet something I can use to get out of this wet paper bag?

I sat for the CISSP nearly two years ago. Studying for it was a chore,
more so than studying for either of the GIAC certs I hold, but the
knowledge gained broad not deep. The CISSP is a good thing to study
for if you want to get a feel for the world of info sec.

I've never talked to anyone who walked out of the CISSP exam room
feeling like they'd passed. Everyone I know felt drained and
uncertain. Spending hours having to pick the "most correct answer"
will do that to a person. Granted, I have a small sample size of a few
dozen, but I speculate that it scales up.

On the other hand, the GIAC exams I've taken have invigorated me, made
me feel more confident and certain of my abilities and knowledge. Not
to mention the knowledge gained is more readily applicable.

The proctored exams will not be as convenient, but for me, the
benefits will likely outweigh the inconvenience.

-- 
Dave Hull
CISSP, GCIH, GREM, SSP-MPA, CHFI
Trusted Signal, LLC
http://trustedsignal.com
Tel. 785.424.0832
_________________________________________
SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
SANS top instructors.  http://www.sans.org/info/9346