That’s funny. Go to usajobs.gov and do a search on CISSP and then go back and do a search on GIAC or GSEC and you will find 1 result and that 1 result for GIAC states that a CISSP is required. By the way, the CISSP search gave me 93 results.

‘Besides the GSEC must be taken every 4 years where the CISSP is a lifelong certification.’ Where are you getting this info from? You have to earn CPE credits after you pass the CISSP to maintain the cert or you have to retake it 3 years later. Unless you consider 3 years a lifetime, please update your resources.

I passed Security+ in 15 minutes after studying for the CISSP.

The CISSP is a weak exam because it is non-technical and covers many topics, but few things. No depth. What little depth it attempts to provide is generally wrong, though. For example, my exam had a question concerning buffer overflows and how to “prevent” them. The only somewhat correct answer is to check the range and offset, but even that’s not right. In all of the domains, excluding BC and DR, the CISSP has very little information, depth, or knowledge.

Also, just to weigh in on the CCNA thing (I agree it’s completely different), I took the CCNA 1/2/3/4 route through Cisco’s Networking Academy, which taught me a wealth of information that I retain today and has helped me through my college studies, work, and my research. CISSP has done nothing for me. In my case, I got the CCNA through a respectable means, rather than simply passing the exam, and I learned the most; I didn’t learn anything in the CISSP bootcamp and and no issues with ANY of the CISSP exam questions (save 2 that made no sense… the English was completely messed up).

My ultimate point is that certifications should mean nothing to you… it’s the knowledge. Anyone can pass an exam (I know CISSPs who couldn’t tell you the difference between a router, switch, lvl4 switch, lvl3 switch, hub, repeater, and bridge…. I know CCNAs who couldn’t either). I recommend that you take classes, go to University (and apply yourself), and participate in research. Certifications and ceritificates are pointless and don’t help you grow… when companies figure this out, we’ll see a dramatic shift in work quality and fewer losers in our fields (I do application PT, Web-based application PT, network PT, OS PT, and vulnerability assessments for a living).

I’ve seen your name on SANS for the GSEC and am awaiting confirmation from ISACA on the CISA.

Enjoy the world, it will be different a nanosecond from now

SD Dietz

“More than I can a test that has a 70% first-time-pass rate…” Really? Where is your proof? I know for a fact that this is not the case in the sector I work in. There are many security credentials out there, some better then the others. The CISSP does not cover everything, but it covers more then the GSEC.

You missed the point of the CISSP and the GSEC both. If I have a leaky faucet, I hire a plumber. If I have a bad circuit breaker, I hire an electrician. Just because my plumber can screw in a light bulb, doesn’t make me want trust him with my electrical problems. Just because my electrician can flush a toilet, doesn’t mean I want him to fix a faucet.

Just because CISSP & GSEC have the word ’security’ in the name of the certification doesn’t mean one can replace the other in their job or function.

CISSPs are business decision makers about technology. GSECs are technologist that implement.

If you can’t understand the difference you should not be choosing either. If you can understand the difference, you would never replace one with the other.

The GSEC sound interesting, but I’d definitely go for CISSP first because more employers are looking for it.

@Monster looking for CEH: http://jobsearch.monster.com/Search.aspx?q=CEH&cy=us&brd=1&re=0&jsnonreg=1&pg=1

@Monster looking for GSEC (45 pages - many also looking for CISSP) http://jobsearch.monster.com/Search.aspx?q=GSEC&sid=%2D1&cnme=&rad=20&cy=us&brd=1&re=&JSNONREG=1

@monster looking for CISSP (1680 pages) http://jobsearch.monster.com/Search.aspx?q=CISSP&cy=us&brd=1&re=0&jsnonreg=1&pg=1

@Monster looking for Security+ (5000 pages!!.. but doesn’t pay as good) http://jobsearch.monster.com/Search.aspx?q=Security%2B&cy=us&brd=1&re=0&jsnonreg=1&pg=1

I’ve heard that the CCNA has changed signifigantly since I took it in 2003 (more hands allows you to actually type in commands for a router), but I’m sure the differences between it an the CISSP are the same. Aside from the content, of course, the types of questions on the CCNA are simple knowledged based “Type the Command needed to enter the configuration of the router” sorts of questions. Whereas, the CISSP is comprehensive and require you to choose the “best” answer out of four.

From a content perspective there really is no comparison. Cisco does not have an equivalent to the CISSP that I could find. The CISSP covers so much ground at a high “management” level. Until, you get to CCIE, Cisco certs are each pretty specialized to a small area of networking. CCNA is a broad look at the basics of routing (relatively small slice that can gauge subnetting skills & what commands you know while in typical switch or router). CISSP is a broad look at everything in information security (so broad that it says nothing about technical skill).

All I know about the GSEC is that its SANS, its expensive and its open book.

The difficulty of the CCNA has increase greatly since 2003, wheras before this it was quite easy.

Did you get your CCNA recently?

The CISSP and GSEC need a whole lot more than that unless you go to the courses/bootcamps specifically designed to prepare you.

This will be very beneficial for those just entering the security field.