5

I am now concentrating on my startup which is basically a one-man show.

At the same time, i just received an email from SANS Technology Institute’s (STI) about their exciting new accelerated option called “STI Cohort 2013.” which promises me that I would get a Masters of Science.

The following information about my situation and my considerations:

1) I earned a GSEC cert that is due to expire in 30 days. This cert costs me roughly $3000 USD I think. Which got me nowhere near a security job in Singapore or any other job. The MCSD .NET certificate was far more useful than the GSEC.

2) I am interested in IT security, but I want to get my startup to succeed more. My mind is thinking that I need to arm myself with IT knowledge since ecommerce requires my startup to prioritize.

I am just not sure if this is rational reasoning OR rationalizing my fear of failure in my startup hence very subtly sabotaging my chances of startup success by tempting myself towards this Masters of Science.

3) The Masters of Science in 2 years sound tempting, but I am very unsure how useful it is for me in my startup or, taking a longer view, my career.

4) I have no intention to travel to US to complete the Masters. I have every intention to stay in Singapore or within Asia for the next few years.

Here are my follow up questions if you say either YES or NO to my question of going for the Masters.

If your final recommendation to me is YES, then I would like to ask The application apparently requires me to produce evidence that i work in organization with security as part of my working experience. Does working in my startup count?

If your final recommendation to me is NO, then I would like to ask should I let my GSEC cert expire?

Thank you.

UPDATE

conclusions:

1) get a job with IT security related experience

2) then consider getting certifications after 2 years.

3) for web application security, consider reading

the following:

       a) Hacker Techniques Tools and Incident Handling, 

       b) 7 Most Deadliest Web Application Attacks, 

       c) Web Application Obfuscation, 

       d) Security Strategies in Web Applications and Social Networking, 

       e) Fundamentals of Information Systems Security
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
Kim Stacks
  • 905
  • 9
  • 21

1 Answers1

2

There are better certs than gsec (CCIE, CCSP, CISSP to name a few), if you really want a useful cert I would explore those. Posting a question and asking for more responses to your previous question (see: spamming) is not a good way to endear yourself to knowledgeable experts on this site. You might want to think about not asking 5 part questions as well, your initial title is referencing pursuing your Masters but you also ask about certs.

I don't think your own startup should count as sec experience, and if you're thinking about getting a Masters you might want to start by doing a lot more research in the security field first. That program is for experienced professionals, and from the questions you asked in your prior question it seems as if you don't possess any knowledge beyond the most basic of security principles. There is a reason they have the work qualification, because if you don't have experience you will probably be over your head. If you're truly interested in security, I would recommend thinking about not how you can get around the admission requirements and obtain some "degree", but how you can actually improve and broaden your security related knowledge.

mrnap
  • 1,308
  • 9
  • 15
  • @mrnap I have edited the question based on your observations. Thank you. ".. but how you can actually improve and broaden your security related knowledge..." Any recommendations? – Kim Stacks Mar 02 '11 at 04:12
  • @keisimone Improving and broadening security related knowledge is generally done by getting a job doing such things. Usually grunt work...you know...the usual way everyone gets experience. Start at the bottom and work up. IT Security Intern is a great position for that. – Steve Mar 02 '11 at 16:20
  • @keisimone Agreed with SteveS....the other recommendation I would have for you is to start reading textbooks ASAP. All my free time I have I spend reading texts on the various sec related subjects, and when I understand them I read reliable industry blogs to get up to speed on the cutting edge of exploits (exploit-db.com is a solid sight to explore once you've read some texts). Safari Tech Books Online is a good site, as well as Books 24x7 for large repositories of online tech book collections. If you want, I can recommend some individual titles. – mrnap Mar 03 '11 at 05:20
  • @mrnap yes do recommend me some books. I have an account with oreilly http://oreilly.com/store/ but will be happy to look at Safari Tech. – Kim Stacks Mar 03 '11 at 05:26
  • @keisimone What specific area of security are you interested in? From your posts I would assume web app security, is that correct? There is also netsec, codesec, reverse engineering sec, cryptology, etc... – mrnap Mar 03 '11 at 05:34
  • @mrnap yes web app security. It is important because of the startup i am working on. And i probably can apply whatever i learn at the same time. – Kim Stacks Mar 03 '11 at 09:56
  • -1 I would disagree that the CISSP is "better" than the GSEC... Unless you want your resume to look good. GSEC is a great practical cert, whereas CISSP is mainly for your resume – Josh Brower Mar 03 '11 at 11:26
  • @Josh Brower interesting to hear dissenting opinions. Care to elaborate why? – Kim Stacks Mar 03 '11 at 11:56
  • @Josh Brower I agree with the comment about HR dept not recognizing GIAC certs. But somehow I don't blame the HR for being ignorant. I am sure you have followed the thread of the discussion so far. Any recommendations as to how I can improve in my practical understanding of webapp security? – Kim Stacks Mar 03 '11 at 13:05
  • 1
    @keismone, One cert is better than the other only in different contexts. I dont think anybody would argue that the CISSP is a good practical cert, whereas the GSEC (most GIAC certs for that matter) are. You are not going to just learn about what cryptography is, but you are going to get a practical understanding of the difference between symmetrical & asymmetrical, and what that means in a real-world environment. On the other hand, the CISSP is still what most HR dept are looking for, rather than any GIAC certs. – Josh Brower 2 hours ago – Josh Brower Mar 03 '11 at 15:35
  • @Josh Brower I stand by the fact that CISSP > GSEC. Yes, GSEC does have 10 hrs of practical labs involved, but CISSP required 5 years of industry experience which is much more "practical" than a cert that gives you 10 lab hrs and requires no industry experience. Sure, if you want to jump into a job right away GSEC is nice, but if you want to really UNDERSTAND security CISSP is the way to go. You can always teach yourself syntax and methods, but theory is fundamental across the board. – mrnap Mar 04 '11 at 03:56
  • 1
    @keisimone Hacker Techniques Tools and Incident Handling, 7 Most Deadliest Web Application Attacks, Web Application Obfuscation, Security Strategies in Web Applications and Social Networking, and Fundamentals of Information Systems Security are all good titles to start with. The Web App Obfuscation details some very recent vulnerabilities and new exploits, it's what I'm currently reading myself. – mrnap Mar 04 '11 at 04:03
  • @mrnap I think we will just have to agree to disagree. I am not saying the GSEC is the best thing since sliced bread, :), but that I believe it gave me both the theory and practicality to start my InfoSec career. – Josh Brower Mar 04 '11 at 12:26
  • @Josh Brower thanks for your input. I really appreciate it. If not for you, I would not have a more nuanced opinions about GSEC certificates – Kim Stacks Mar 04 '11 at 14:12
  • @mrnap just one last question. In what order would you have me read that list of titles? – Kim Stacks Mar 04 '11 at 14:17
  • @keisimone what titles have you read already? if you have the gsec, you should have some type of knowledge in the area, what areas of security do you feel most deficient? – mrnap Mar 04 '11 at 20:05
  • @mrnap instead of thinking where I am least deficient, I think i am attracted to what I like to excel in. I want to be an absolute maven in Web Application Security. While I have the GSEC, I still do not think I am good enough. The fact that I still have some issues with CSRF and Ajax security shows that. – Kim Stacks Mar 05 '11 at 00:57
  • @mrnap I have read none of the titles by the way. – Kim Stacks Mar 05 '11 at 01:44