November 28, 2007
- 1. What attracted you to the Internet Security field?
The dynamic nature of this industry is what drew me to the security field and keeps me enthralled. Not to mention, I have always rooted for the cowboy with the white hat!
- 2. Can you share how the decision was made for you to obtain GIAC Certifications and the value of such certifications?
The certifications I have received have been split between my last 2 employers; therefore, their justifications are very different. The University of Arizona views SANS as a non-vendor specific training organization that focuses on real world knowledge and situational analysis, bridging several technology gaps. However, my current employer (Calence) places a high value on education including offering monitory incentives for certifying and maintaining those certifications. Essentially, Calence views my time as more valuable based on my increased knowledge and can, therefore charge customers more for my time. Additionally, customers respond to SANS certifications as an industry leading verification of skill level.
- 3. Many people are wondering if a Security Certification really makes a difference, do you feel this has helped your career?
My certifications have practically driven my career!!! I owe so much to the education and certifications I have received from SANS. Here is a breakdown of how SANS has benefited me throughout my security career (please don't hold me to the exact years of receipt?):
2000 - Monterey; Security Essentials; No Certification; No Raise; No Promotion
2001 - SANS Dallas; SANS 503; GCIA 00375 (GOLD); 10% Raise; No Promotion
2002 - SANS San Diego; SANS 504; GCIH 00276 (GOLD); 10% Raise; Promoted
2003 - SANS Los Angeles; SANS 502; GCFW 00369 (GOLD); 5% Raise; No Promotion
2004 - SANS San Francisco; GCUX 00203 (GOLD); 50% Raise; CHANGED COMPANIES
2005 - SANS @ Home; GCWN 00387 (SILVER); 10% Raise; Promotion
I was hired by Calence largely in part for the certifications I possess. As a consultant, the letters you are able to hang around your neck help to open doors to clients. I have been fortunate enough to work mostly in fortune 500 environments such as; Insurance, Finical, Semi-Conductor, Software and even Local State Government. In addition, I have been able to provide local mentor classes for my company resulting in the certification of 8 individuals (GCIH). My work experience coupled with these certifications has led to my being promoted 3 times in 3 years as well as an increase in salary of nearly 90%. I owe my success to the training I have received and the certifications that I am actively maintaining.
With every large client Calence works with, there is an extensive interview process to determine the consultant that is the best fit for the customer's needs. I can not tell you how many times I have heard the phrase, "Wow! That is an impressive list of certs." These "certs" have opened more doors for me than I could possibly have imagined! SANS and GIAC have implemented a certification process that promotes qualified individuals; they continue to maintain a strong technical community that is protected by a managed certification process.
- 4. Does the GIAC certification help you respond to threats better, faster or more efficiently?
Absolutely, all of the above! I keep all of my old PDFs with me, on my laptop, and reference them at every client (in the beginning you could download the PDFs). I now keep the SANS books at arms reach to assist me where they are relevant. These documents provide a great reference guide that I have been able to use very frequently, even daily on some projects. I have built entire offerings for customers based on the knowledge gained from the SANS material.
- 5. Do you feel these certifications have helped your company's overall direction and bottom line?
With certifications such as the GCIH, we have created a common standard that customers can look to when handling an incident or building Incident Handling procedures. The SANS certifications alone have allowed us to develop business that we otherwise would not have and the education gained in achieving these certifications has provided the skills to execute a project beyond the expectation of our customers.
- 6. Most people agree a GIAC certification opens the doors to get a job, but once you have the job, what is the value of keeping a certification active?
I am sure that I have already addressed this question above. However, in short, we make more money with active certifications because our customers recognize them and respect the level of effort and expertise it takes to achieve AND maintain them.
- 7. Did you take any additional Security Certifications or will you attempt the GSE Certification?
I have earned several Cisco certifications in addition to my SANS certs; Certified Information Systems Security Professional (CISSP), Cisco Certified Security Professional (CCSP) and I am working towards my Cisco Certified Internetwork Expert (CCIE) Security. The GSE was certainly a goal of mine until the requirements changed from requiring 5 certifications to requiring 2 plus the GSEC. The GSE is still a goal on my list; however, because it does not require the 5 certifications any more, I have decided to put it on the back burner so that I can focus on the SANS Masters Degree Program.
- 8. Are there any plans to require new hires to have or obtain Security Certifications as a condition for employment?
We do not require them as a condition of employment; however, they are a condition for promotion. The CISSP certification is required to move from an entry level (junior) security consultant to the consultant role. In order to move into the Sr. Consultant and Architect Consultant roles, multiple GIAC and/or Cisco certifications are required. Prior to the recent GSE changes (from 5 certifications to 3), it was a replacement for the CCIE requirement for promotion to Senior Architect.
- 9. What are your plans for personal development in the future? Where do you think you'll be two years... five years from now?
In the next few years I aspire to be promoted to Director, running the Southern California Security Consulting practice with Calence. A primary focus during this adventure will be the completion of the Masters program with SANS! So Stephen, please hurry up and get that Regional Accreditation?!!
- 10. Tell us something about yourself, what do you do when you are not in front of a computer?
When am I not in front of a computer?! In all seriousness, my wife and I enjoy Disneyland, Las Vegas and traveling.