I have been an associate of ISC2 for a few years now and finally have 4 years of security experience (2 prior in Networks). I saw a list of GIAC certs on the approved list required to lower the years of experience needed for CISSP from 5 to 4 years, but when I enquired with ISC2, I was surprised to learn that my GIAC certs would not be accepted:
What is bizarre to me is that the GIAC Security Leadership Certification (GSLC) is listed as approved by ISC2. It is listed on the SANS roadmap as 'Security Management' and yet the certification I took (GIAC Strategic Planning, Policy, and Leadership (GSTRT)) is listed by SANS as an 'Advanced Management', which to me would suggest it would be valued higher.
It is a little disappointing because none of these are basic certs. I let my Comptia Sec+ and CySa+ expire last year because I was sure the GIACs would be sufficient in showing my commitment to learning. Does anyone know how these are evaluated within ISC2, or had a similar experience?
I had similar question/concern as well. The Approved Credential on the (ISC)² Approved List probably need to be reviewed and updated. GIAC has quite extensive list of certifications. Also Microsoft has adapted different Certification Map (Role Based) so MCSA and MCSE will no longer be available after January 2021. Wonder how or whether ISC2 review and update the approved list to meet the change.
Here's a post by one of the ISC2 team on this subject that you may find useful:
https://community.isc2.org/t5/Certifications/CRISC-and-early-endorsment-for-CISSP/m-p/16961#M3352
Thanks for the link. So this indicates that ISC2 doesn't accept any certification unless the training provider has applied for that course to be recognised by ANSI.
I understand that ISC2 use ANSI to help provide confidence that members have attained a sufficient level of knowledge within various domains of security, but I think it is quite narrow to only use ANSI. A quick look at the syllabus of my GIAC certs, as an example, would quickly show the training isn't entry level. As much respect as I have for Comptia Security+, having taken it myself, it is considered entry level for security roles, however, it is an on the ISC2 approved list.