Thursday, December 6

All SANS exams to be proctored?

What kind of crap is this?

"Effective December 1st, 2007, all new GIAC certification attempts and
re-certification attempts are required to be proctored. The price of a
GIAC certification attempt in conjunction with SANS training is $499,
the challenge price remains $899. The price of a recertification
attempt is $325."

This is why people like the SANS certification.  Not only is it hard, (the test and the courses speak for themselves), but you get to take them in the comfort of your own home, on your own computer, in your own web browser.  This is one of the huge selling points of the GIAC certifications, and one that I have personally pushed.  No one wants to go take time out of their week to go to a testing center!  People want to be at home, late at night with the lights turned off, (insert whatever analogy you want here), and take the exams where they have no distractions.  I really don't agree with this.

"If you started your GIAC Silver Certification attempt and received
access to your exams before December 1st, 2007 your certification
requirements will remain unchanged."

Good.  I took mine several years ago.  Does this mean that re-certs will have to go to a testing center?  Will we have access to Google and other materials in order to take our tests?

"GIAC has selected Kryterion as our partner to deliver proctored exams
through their network of host locations. Kryterion has nearly complete
coverage in the USA and many testing centers throughout the world. In
addition, Kryterion has been very responsive to adding GIAC proctored
testing centers in locations where we need them. The list of Kryterion
test center locations posted on the GIAC website,
http://www.giac.org/proctor/kryterion.php. If you will be taking a GIAC
proctored exam in the future and do not see a site near you, please fill
out the form provided with your location specifics, so that we can work
to get a site added near you:
http://www.giac.org/proctor/kryterion.php#form"

Okay, so looking at this site, the nearest one to me is in Wilmington, at a CompUSA.  What is that?  50 miles from my house?  One direction?  So not only do we have to pay for the course, and the exam, but now, i have to get off my ass, and pay for the gas on my car to drive 100 miles to take a damn exam, which I used to take in my house!  Also, Kryterion has alot of CompUSA locations.  Okay, that's interesting, however, if BGR's rumor is true, that might be shortlived.  Then I have to drive God knows how far?

"All GIAC certification attempts purchased after December 1st, 2007 will
be comprised of one single exam that covers all the certification
objectives. This new exam format is four or five hours in length,
depending on the specific certification."

Okay, so not only get to sit in CompUSA for 4 to 5 hours, but then I have to take the exams all at once!  Not allowing for a nice break in between the TCP test and the class test like it used to be?  Bullshit.

"All GIAC certification attempts purchased after December 1st, 2007 are
open book format, but not open internet or open computer."

That sucks.  Really Really sucks.

"Candidates will be allowed to bring one back pack or briefcase of course books,
reference material, printed notes, printed spreadsheets, etc., but no
electronic devices such as extra computers, CD-ROM or USB flash drives."

Again, stupid, and it sucks.  But they didn't state the size of backpack or briefcase.  So if I can get my duffle back on my back?  Is that okay?

Dear SANS,

This is the stupidest thing you have ever done.  Far stupider then your practical drop that you did. (Which you fixed with the Silver/Gold program.)  I do not agree with it, and I think you will lose a very large majority of your certification base with this.  Why are you doing it?

"GIAC will soon be ANSI/ISO certified as a certification..."

What does that mean for me?  An extra cookie?  Does that get me hired, uh, less?  Does that give me more money in my bottom line if you get ISO certified?  No.  

Some of you are sitting there and saying "holy crap Joel, all you have to do is drive to a testing facility".  Yes.  That is the point.  You just lost the most motivating factor of your certification.  Me.  Being at home.  The world is moving to telecommuting and the ability to do anything from anywhere.  Hell, before now, I could have taken the SANS test on my iPhone!

Seems like SANS is going backwards.

35 comments:

Christopher said...

I have to say, being someone who was considering GIAC certification for the future, this news heavily factors into that decision, and, as Joel said, will probably make me reconsider GIAC.

If SANS is listening, I strongly advise you against this decision, it's inconvenient, and it makes the GIAC certifications more like the CISSP than ever before; overly stringent.

Albert said...

I just took the IDS track (at NS2007 in LV) and have had to wait before taking the exam (or signing up), and now with this policy change I will not be taking my GCIA certification exam. This policy change completely voided why I spent my money to go to LV to now only have to spend even more ontop of the exam, Thanks!

CunningPike said...

Well, they obviously have no idea how big Canada is, let alone BC. Basically no-one in BC outside the Greater Vancouver area will be able to get certified without a lot of traveling; no-one in Manitoba at all.

What's the point of SANS@Home if you have to travel out-of-province to do the test?

David Taylor said...

I guess they want to make sure people aren't having someone else take the test and want to make you show up in person to prove it.

That does suck, though.

George said...

I imagine this is part of their push to become accreditation. But I agree as a customer this is crappy to me. I am in the middle of renewing all sorts of certifications. I probably won't renew my Gsec. Sad consider I have mentored the Gsec for Sans several times over the past several years and the CISSP course once as well.

George said...

Man I get happy with the spell check on accreditation instead of accredited. And then I leave the "ing" off considering. It has been a long day, I need a drink.

Valdis said...

One single exam that covers all the material in one sitting. Ouch.Down here in our corner of Virginia, we're looking at a 3-4 hour drive to all the testing sites in the DC/Norfolk area. That's just insane - a 3 hour drive, then one honking big 5 hour exam, and then another drive home. Or you have to shell out even *more* money for hotel the night before/after.

Christopher said...

I have to say, being someone who was considering GIAC certification for the future, this news heavily factors into that decision, and, as Joel said, will probably make me reconsider GIAC.If SANS is listening, I strongly advise you against this decision, it's inconvenient, and it makes the GIAC certifications more like the CISSP than ever before; overly stringent.

Christopher said...

I have to say, being someone who was considering GIAC certification for the future, this news heavily factors into that decision, and, as Joel said, will probably make me reconsider GIAC.If SANS is listening, I strongly advise you against this decision, it's inconvenient, and it makes the GIAC certifications more like the CISSP than ever before; overly stringent.

Albert said...

I just took the IDS track (at NS2007 in LV) and have had to wait before taking the exam (or signing up), and now with this policy change I will not be taking my GCIA certification exam. This policy change completely voided why I spent my money to go to LV to now only have to spend even more ontop of the exam, Thanks!

Albert said...

I just took the IDS track (at NS2007 in LV) and have had to wait before taking the exam (or signing up), and now with this policy change I will not be taking my GCIA certification exam. This policy change completely voided why I spent my money to go to LV to now only have to spend even more ontop of the exam, Thanks!

CunningPike said...

Well, they obviously have no idea how big Canada is, let alone BC. Basically no-one in BC outside the Greater Vancouver area will be able to get certified without a lot of traveling; no-one in Manitoba at all.What's the point of SANS@Home if you have to travel out-of-province to do the test?

CunningPike said...

Well, they obviously have no idea how big Canada is, let alone BC. Basically no-one in BC outside the Greater Vancouver area will be able to get certified without a lot of traveling; no-one in Manitoba at all.What's the point of SANS@Home if you have to travel out-of-province to do the test?

Anonymous said...

The dropping of the practical exam was a mistake and SANS readjusted by bringing it back. I totally agree with you on this. Most student learn as much doing the practical as they learn attending the class.

Unsupervised exams even thou very practical and convenient have NO value whatsoever. This is why the practical is so important. It is a differentiator. I have graded hundreds of GCFW exams in the past and I was amazed at how many people we would catch doing plagiarism. Still I liked the idea of the practical, At least it had to be produce by a knowledgeable person. Yet, who wrote it was not guaranteed.

The choice of provider for the exam seems the be the problem here, not the choice of doing supervised exams. Vue and Prometrics have many venues in all large cities and most likely would have been better choices.

You are right, this is a requirement in order to become ISO certified to have supervised exams. Other large training providers such as ISACA and ISC2 are ISO Certified. In order to remain competitive they have to seek ISO certification as well.

Reality is that offer has to meet the demand. Many large government department and companies are looking at the quality of the certification process and this is what the ISO certification is about.

Whether we like it or not, I think you better get used to it. More and More training providers are taking this route.

Do you know of any university or college that allow you to take an unsupervised exam from home? I don't.

Why would this be adequate for IT security. We have to mature if we wish to be treated seriously and as professionals.

Just my two cents

David Taylor said...

I guess they want to make sure people aren't having someone else take the test and want to make you show up in person to prove it.That does suck, though.

David Taylor said...

I guess they want to make sure people aren't having someone else take the test and want to make you show up in person to prove it.That does suck, though.

George said...

I imagine this is part of their push to become accreditation. But I agree as a customer this is crappy to me. I am in the middle of renewing all sorts of certifications. I probably won't renew my Gsec. Sad consider I have mentored the Gsec for Sans several times over the past several years and the CISSP course once as well.

George said...

I imagine this is part of their push to become accreditation. But I agree as a customer this is crappy to me. I am in the middle of renewing all sorts of certifications. I probably won't renew my Gsec. Sad consider I have mentored the Gsec for Sans several times over the past several years and the CISSP course once as well.

George said...

Man I get happy with the spell check on accreditation instead of accredited. And then I leave the "ing" off considering. It has been a long day, I need a drink.

George said...

Man I get happy with the spell check on accreditation instead of accredited. And then I leave the "ing" off considering. It has been a long day, I need a drink.

Anonymous said...

The dropping of the practical exam was a mistake and SANS readjusted by bringing it back. I totally agree with you on this. Most student learn as much doing the practical as they learn attending the class.Unsupervised exams even thou very practical and convenient have NO value whatsoever. This is why the practical is so important. It is a differentiator. I have graded hundreds of GCFW exams in the past and I was amazed at how many people we would catch doing plagiarism. Still I liked the idea of the practical, At least it had to be produce by a knowledgeable person. Yet, who wrote it was not guaranteed.The choice of provider for the exam seems the be the problem here, not the choice of doing supervised exams. Vue and Prometrics have many venues in all large cities and most likely would have been better choices.You are right, this is a requirement in order to become ISO certified to have supervised exams. Other large training providers such as ISACA and ISC2 are ISO Certified. In order to remain competitive they have to seek ISO certification as well.Reality is that offer has to meet the demand. Many large government department and companies are looking at the quality of the certification process and this is what the ISO certification is about.Whether we like it or not, I think you better get used to it. More and More training providers are taking this route. Do you know of any university or college that allow you to take an unsupervised exam from home? I don't.Why would this be adequate for IT security. We have to mature if we wish to be treated seriously and as professionals.Just my two cents

Anonymous said...

The dropping of the practical exam was a mistake and SANS readjusted by bringing it back. I totally agree with you on this. Most student learn as much doing the practical as they learn attending the class.Unsupervised exams even thou very practical and convenient have NO value whatsoever. This is why the practical is so important. It is a differentiator. I have graded hundreds of GCFW exams in the past and I was amazed at how many people we would catch doing plagiarism. Still I liked the idea of the practical, At least it had to be produce by a knowledgeable person. Yet, who wrote it was not guaranteed.The choice of provider for the exam seems the be the problem here, not the choice of doing supervised exams. Vue and Prometrics have many venues in all large cities and most likely would have been better choices.You are right, this is a requirement in order to become ISO certified to have supervised exams. Other large training providers such as ISACA and ISC2 are ISO Certified. In order to remain competitive they have to seek ISO certification as well.Reality is that offer has to meet the demand. Many large government department and companies are looking at the quality of the certification process and this is what the ISO certification is about.Whether we like it or not, I think you better get used to it. More and More training providers are taking this route. Do you know of any university or college that allow you to take an unsupervised exam from home? I don't.Why would this be adequate for IT security. We have to mature if we wish to be treated seriously and as professionals.Just my two cents

Stephen said...

It is going to be hard and it will dissuade some people as this blog clearly shows. It will also increase the perceived value of the certification to an employer. GIAC for all its flaws is pretty much in second place for a security certification ( unless you want to argue a security + is a valid security certification for anything other than entry level ).The big difference is, there are some odd 60k CISSPs, but when you consider something like a GCIA ( intrusion) there are less than 3,000. That makes a big difference for a company deciding between two candidates.These days you pretty much have to have the ISO 17024 to play in this space and they require proctored exams.As another poster said concerning the practicals ( now that was the finest week of my mispent life!), GIAC makes adjustments as we can between the needs of the certification candidates and reality.If you want to discuss this further you can reach me at stephen@sans.edu, we really care about what you have to say, we just cannot please everyone. Thanks for this opportunity to respond.

iamnowonmai said...

Hopefully they will be able to make the "SANS Community" a real community and get SANS certification holders to proctor exams in their area. 88 miles each way for me to travel is a bit excessive. Especially if I have to do it for three separate certs.

iamnowonmai said...

Hopefully they will be able to make the "SANS Community" a real community and get SANS certification holders to proctor exams in their area. 88 miles each way for me to travel is a bit excessive. Especially if I have to do it for three separate certs.

iamnowonmai said...

Hopefully they will be able to make the "SANS Community" a real community and get SANS certification holders to proctor exams in their area. 88 miles each way for me to travel is a bit excessive. Especially if I have to do it for three separate certs.

Skyler said...

It seems Joel neglected to mention one important factor:

"GIAC does offer proctored exams at current and future SANS Conferences.
As a secondary option, it is also possible to take a proctored GIAC exam
through your corporate human resources / training departments or through
local universities and colleges."

Yes, it not as convenient to have to go to a testing center to take the exams, but going to a testing center is not your only option. Having your HR department or a local college/university proctor your test should be a more convenient option for those who don't live near a testing center. They are not doing this to piss us off, they are doing it to make our certifications more valuable.
And no, I don't work for SANS, and yes this inconveniences me too (I have 4 certs to receritify).

Skyler said...

It seems Joel neglected to mention one important factor:"GIAC does offer proctored exams at current and future SANS Conferences.As a secondary option, it is also possible to take a proctored GIAC examthrough your corporate human resources / training departments or throughlocal universities and colleges."Yes, it not as convenient to have to go to a testing center to take the exams, but going to a testing center is not your only option. Having your HR department or a local college/university proctor your test should be a more convenient option for those who don't live near a testing center. They are not doing this to piss us off, they are doing it to make our certifications more valuable.And no, I don't work for SANS, and yes this inconveniences me too (I have 4 certs to receritify).

Skyler said...

It seems Joel neglected to mention one important factor:"GIAC does offer proctored exams at current and future SANS Conferences.As a secondary option, it is also possible to take a proctored GIAC examthrough your corporate human resources / training departments or throughlocal universities and colleges."Yes, it not as convenient to have to go to a testing center to take the exams, but going to a testing center is not your only option. Having your HR department or a local college/university proctor your test should be a more convenient option for those who don't live near a testing center. They are not doing this to piss us off, they are doing it to make our certifications more valuable.And no, I don't work for SANS, and yes this inconveniences me too (I have 4 certs to receritify).

Anonymous said...

Looks like you called it. CompUSA is closing shop. Now what are we supposed to do for certification?

http://www.macworld.com/news/2007/12/07/compusa/index.php?lsrc=mwrss

Anonymous said...

Looks like you called it. CompUSA is closing shop. Now what are we supposed to do for certification?http://www.macworld.com/news/2007/12/07/compusa/index.php?lsrc=mwrss

Anonymous said...

Looks like you called it. CompUSA is closing shop. Now what are we supposed to do for certification?http://www.macworld.com/news/2007/12/07/compusa/index.php?lsrc=mwrss

tyler said...

The best thing! Now you get to read 6659 pages of deep technical data and test on it! This should now prove to the World that we SANS certified professionals can memorize vast amounts or information for 1 day. Then in 4 years do it again. I sure hope college educations do not expire! The funny thing is that I can attend Harvard online, but the SANS Organization requires that you go to a poorly run store to take a 5 hour exam. Hell I did not do this in Graduate School.

The one thing that the program did offer was the ability to NOT be a human database. Now that has been scraped. They DO want us to be databases for 1 day!

Scrap the Internet friends - please memorize close to 7000 pages of data.The internet and its usage does not prove knowledge. Please fire you local security admin if they use the internet - the SANS books have all the knowledge (sarcasm).

ISC here I come - so long old friend (SANS).

tyler said...

The best thing! Now you get to read 6659 pages of deep technical data and test on it! This should now prove to the World that we SANS certified professionals can memorize vast amounts or information for 1 day. Then in 4 years do it again. I sure hope college educations do not expire! The funny thing is that I can attend Harvard online, but the SANS Organization requires that you go to a poorly run store to take a 5 hour exam. Hell I did not do this in Graduate School. The one thing that the program did offer was the ability to NOT be a human database. Now that has been scraped. They DO want us to be databases for 1 day! Scrap the Internet friends - please memorize close to 7000 pages of data.The internet and its usage does not prove knowledge. Please fire you local security admin if they use the internet - the SANS books have all the knowledge (sarcasm).ISC here I come - so long old friend (SANS).

tyler said...

The best thing! Now you get to read 6659 pages of deep technical data and test on it! This should now prove to the World that we SANS certified professionals can memorize vast amounts or information for 1 day. Then in 4 years do it again. I sure hope college educations do not expire! The funny thing is that I can attend Harvard online, but the SANS Organization requires that you go to a poorly run store to take a 5 hour exam. Hell I did not do this in Graduate School. The one thing that the program did offer was the ability to NOT be a human database. Now that has been scraped. They DO want us to be databases for 1 day! Scrap the Internet friends - please memorize close to 7000 pages of data.The internet and its usage does not prove knowledge. Please fire you local security admin if they use the internet - the SANS books have all the knowledge (sarcasm).ISC here I come - so long old friend (SANS).