It is simply that the certificates that I happen to know about have poor tests that do not actually signal ability to estimate security. I do not know much about the certifications from SANS except that the training is indeed quite broad. According to their website, the test for the GICSP certification consists of 115 questions (I assume multiple choice) of which 70% have to be correct in order to get the certification. Depending on how the answers relate to points, I guess that I could get the certification with a couple of tries and little actual knowledge. Almost everyone of my colleagues had a G**** certification and I am not too impressed by their abilities. Therefore, I assume that it is rarely useful to pursue a certification if you can self-teach instead (or have a very good mentor/teacher at hand).
It is simply that the certificates that I happen to know about have poor tests that do not actually signal ability to estimate security. I do not know much about the certifications from SANS except that the training is indeed quite broad.
According to their website, the test for the GICSP certification consists of 115 questions (I assume multiple choice) of which 70% have to be correct in order to get the certification. Depending on how the answers relate to points, I guess that I could get the certification with a couple of tries and little actual knowledge.
Almost everyone of my colleagues had a G**** certification and I am not too impressed by their abilities. Therefore, I assume that it is rarely useful to pursue a certification if you can self-teach instead (or have a very good mentor/teacher at hand).
Interesting, thanks.