SecurITyCerts dot Org

       Navigating Security Certifications

Subscribe to SecurITy, our free newsletter

CISSP versus SANS GISP Certification

CISSP versus SANS GISP-- how do these similar certifications compare?

The CISSP (Certified Information Systems Security Professional) and SANS GISP (Global Information Assurance Certification Information Systems Professional) both cover the same CISSP Common Body of Knowledge (CBK).

The CISSP requires a minimum of five years of direct full time security work, although academic experience can substitute for some of this. There is no requirement of industry experience for the GISP certification.

The CISSP is by far better known than the GISP.

There is no getting around the fact that the CISSP exam is much better known. This is in part due to the fact that the CISSP has been around much longer.

I have taken (and passed) both exams recently and have also solicited feedback from others. Your feedback is always encouraged too.

CISSP - paper/pencil, closed book
GISP -- online, open book

I almost took the full 6 hours for the CISSP exam, probably 5 ½ hours. I’m sure I could have blown through it in 2-2 ½ hours, but since you don’t get any feedback due in part to its anachronistic paper and #2 pencil style, I wanted to ensure I passed and never had to take the test again.

In contrast, the GISP is online and a running tally of right and wrong answers are displayed. It’s also 5 hours instead of 6 hours long, which in my opinion is plenty long. The GISP exams took me a little more than 2 hours to take as I plowed through them on overdrive. My scores were around 90% right, and probably similar to my CISSP exam score although they give you no feedback.

The GISP is similar to the CISSP but more real world.

The CISSP is more like a grad school exam than something I'd expect in industry. The GISP questions were more practically oriented. Some of the answers could be found by looking them up in the course or other reference material, just as one can in real life. Therefore in studying for the GISP as opposed to the CISSP less mindless memorization is required.

Many of the GISP questions were annoyingly difficult, CISSP style. They had no obvious answer: either several correct answers where you needed to pick the "best" answer according to (ISC)2, or all wrong answers where you had to pick the least bad answer, again according to (ISC)2.

The GISP test seemed to avoid most questions where you had to "drink the (ISC)2 Kool-Aid" to get the right answer, i.e. adopt their world view.

The CISSP is valid for 3 years and is renewed by earning the correct number and types of continuing professional education (CPE). The SANS GISP is valid for 4 years and is renewed by retaking the exam.

To summarize:

CISSP: More theoretical and managerial, much better known
GISP: More practically oriented
They both cover the same body of material.

Ted Demopoulos at Caesars Palace
Ted Demopoulos,  Caesars Palace

Tedon Google+