[Dshield] SANS going to proctored exams?

WebMaster at Commerco.Net WebMaster at Commerco.Net
Fri Dec 7 21:58:32 GMT 2007 

I'm hoping that I won't ruffle too many feathers with this and even 
more so, that I got the gist of the problem being discussed in this 
thread.  Saying that, here goes...

A little history...
A long time ago I worked for a major computing and instrumentation 
company (which since became two companies).  In those days, the 
company offered self-paced training to certify the reseller channel 
service and support people who were to perform warranty work on the 
company gear for their customers.  The company was concerned about 
the rising cost of warranty repair work seen through a number of 
metrics.  In order to address this issue, the company added direct 
field training of service and support folks to get as many trained 
properly as possible.

Given the team doing this was small and even though being a Premier 
Exec on United does have its advantages, I still thought it would be 
better to train large quantities through live Interactive broadcast 
based training.  So I invented that process for the company (borrowed 
in part from the BusinessLand model being used at the time).  For me, 
doing that was a matter of survival because our training team 
represented about 6 or so folks who flew a lot to present information 
to a channel of some 5,000 resellers on behalf of around 20 product 
divisions.  You never want to travel that much if you want to have a life.

Part of the problem the company had with the original self paced kits 
approach was that we were able to verify that some of the service and 
support folks did indeed gather in a room together and simply "group 
answered" the questions.  From that we understood that there was 
probably one member who knew the answers and the rest passed the 
test.  Not very good for anyone.

Having a venue where we could bring people in, make sure they were 
trained properly and could ask questions was important to everyone 
involved.  The company saved money on warranty costs, the resellers 
got far better trained people and their customers benefited from 
getting their products fixed properly and quickly.

The point...
Although *you*, dear reader, are not the kind of person who might 
engage in bad behavior, there are those who will and do.  In order to 
maintain a credible certification process, there have to be standards 
put in place to ensure that a base measure of quality in getting 
information out there and received properly exists.  Having a place 
where folks come to get tested is not really unreasonable.  There 
will be those who are not "in the loop" and need some assurances that 
the certification an individual receives is really credible.

Is it an inconvenience?  Sure.  Will it cost more time and trouble? 
Probably.  Does it increase the value of the certification you 
receive for you?  Probably not.  Does it increase the *perceived* 
value of the certification you received for others? I think so.

Unfortunately, in this world, perception can be more important than 
reality.  The net result in independent testing versus in room 
proctored testing for you (the honest network security professional) 
will be moot.  But then, you are not getting the certification for 
you, you are getting it for those who will presumably want to engage 
and employ your talents - those are in fact the folks that 
matter.  It is for those very people you must "play the game".  It 
may not be a pretty reality for some, but I think it is a reality nevertheless.

Best,

AlanM
TZ.Com - Travel Zippy

At 10:34 AM 12/7/2007, you wrote:
>Exactly.  Let's conduct a litmus test.  For those of you that read the
>dshield list in gmail.  Log into the gmail web version, look at this thread,
>then look over to the right.  Read the ads.
>What does that tell you?
>
>J
>
>On Dec 7, 2007 11:54 AM, Fielder, Wayne (CPE) <Wayne.Fielder at ky.gov> wrote:
>
> > The frustrating part for me has been that they require the CISSP cert,
> > they hire themselves a CISSP, then said CISSP realizes he/she is in over
> > their head so they hire GSEC/GCIH/GCIA folks to cover for them.
> >
> > Our certs HAVE RESPECT among those folks who matter.  Yeah, that's a
> > pretty elitist statement but my experience has born that out.
> > Unfortunately those who matter don't work at OSI or SACS apparently.  It
> > may well be the apparent rule of thumb that CISSP is for management
> > while our certs are for the weed whackers.  Personally, I'm happy to be
> > in the weeds.  Tried the management piece and didn't care for it thank
> > you.  No offense to you CISSP holders intended, I'm just overly
> > frustrated at the moment.
> >
> > I prefer keyboards to conference phones as my primary work instrument.
> >
> > As for the proctored exams, I'm with Joel.  Leave the practical as a
> > part of the cert and the exams become VERY secondary.  Anyone can
> > memorize books and regurgitate on command.
> >
> > **********************************************************************
> > Wayne Fielder GSEC(gold), GCIH(gold)              502-573-1555 x372
> > Sr. Network Administrator                         502-229-5420
> > Kentucky Council on Postsecondary Education
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of
> > jeffrey.stebelton at citi.com
> > Sent: Friday, December 07, 2007 11:18 AM
> > To: General DShield Discussion List
> > Subject: Re: [Dshield] SANS going to proctored exams?
> >
> > Hmm. let me restate that. Good points. Unfortunately almost every job
> > listing I see that has anything to do with information security usually
> > requires or at least strongly prefers a CISSP certified candidate. So
> > perhaps I should have said if we want our GIAC certs as highly desired
> > and required, rather than respected....
> >
> > Jeff Stebelton, GCFW GCIA GCIH CEH ESSE
> >
> >
> >
> > Disclaimer: The information contained in this message is confidential
> > and intended only for the use of the individual or entity identified. If
> > the reader of this message is not the intended recipient, any
> > dissemination distribution or copying of the information contained in
> > this message is strictly prohibited. If you received this message in
> > error, please notify the sender immediately and destroy any copies you
> > may have. Citi, Inc and its affiliates assume no liability for data
> > tampering or loss of confidentiality, which occur outside its direct
> > control as a result of the use of unencrypted communications methods.
> >
> > _________________________________________
> > SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> > SANS top instructors.  http://www.sans.org/info/9346
> >
> > _________________________________________
> > SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> > SANS top instructors.  http://www.sans.org/info/9346
> >
>
>
>
>--
>--Joel Esler
>ISC Incident Handler
>http://www.joelesler.net
>_________________________________________
>SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
>SANS top instructors.  http://www.sans.org/info/9346

More information about the list mailing list