GIAC Certifications

HR8886HR8886 Member Posts: 27 ■□□□□□□□□□
Hi,

Are GIAC Certifications worth getting? Are they in demand?

Also, which Certifications would u recommend for a Application Security person.

Thanks in advance :)

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,824 Admin
    In demand by whom? People hiring for InfoSec jobs? You would need to check the Web sites with job postings (Monster, Dice, LinkedIn, etc.) to get an idea of that. There are also members who post in these forms that have opinions on the marketability of GIAC certifications too.

    For SANS/GIAC and AppSec, you should look at SANS Software, IT Application Security Training with Frank Kim
  • HR8886HR8886 Member Posts: 27 ■□□□□□□□□□
    JDMurray wrote: »
    In demand by whom? People hiring for InfoSec jobs? You would need to check the Web sites with job postings (Monster, Dice, LinkedIn, etc.) to get an idea of that. There are also members who post in these forms that have opinions on the marketability of GIAC certifications too.

    For SANS/GIAC and AppSec, you should look at SANS Software, IT Application Security Training with Frank Kim

    yes is it looked for in InfoSec job postings? or is CISSP, CISA CISM on a higher tier
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Yes, but a single GIAC certs is not so as powerful as a single CISSP cert. Usually on job, you would often seen 'GIAC' as an requirement but not a specific type.

    GIAC is a technical hands on type of certs, but most job are looking at CISSP for compliance work. However, in certain fields, Pentesting, Forensics, Intrusion Analysis, GIAC certs weigh a good value in this areas

    If you have lots of experience and are looking for mangerial role, moving on to CISSP, CISM, CRISC, CISA will help. For less than 4 years experience, GIAC is a quality cert that bridge the gaps from the starter certs like CEH, SSCP, Sec+ to those certs ISACA,ISC2 organization.

    GIAC is also useful to bundle up with CISSP. A single CISSP, while powerful, is not as strong a candidate who understands both compliance, risk management and technical knowledge.

    GIAC give a good ROI (in terms of salary, not knowledge) if you can self study or get your company to send you for the course, but a pretty bad ROI for a 5k+ cost course. It is also easier to get self study books for ISC2 and ISACA certs as compare to GIAC certs.

    Personally, I prefer hiring managers who understands about GIAC certs. It proves that these manangers understand about the certification industry, I feel safer to enter such company as oppose to working under an employer/company who misunderstand CISSP can covers technical work areas like Intrusion Analysis, Penetration Testing, or Forensics.

    Knowledge wise, GIAC certs are solid and fantastic, they give candidate a hude range of exposure to industry standards in the technical areas.

    Starters may want, or are recommended, to branch from certs like Sec+, CEH and work their way to GIAC certs.

    A few of the easier GIAC certs to handle are.
    GCIH, a portion covered by CEH
    G2700, possible via self study
    GISP, possible via self study
    GSEC, able to branch from SEC+

    Also to worth mention, a candidate could possible challenge from GCIH, GPEN, GXPN and GWAPT if he study the 6 penetration testing book out there for OSCP, while are Violent Python, The Art of Hacking, Web Application Hacker Handbook, Shellcoder Handbook, Advanced Penetration Testing Guide (the ultimate guide), Basics of Penetration Testing. Some certs require to top up with books like SQL injection or computer forensics

    There is still a couple of good books. If anyone is interested, I am willing to share.
  • chopstickschopsticks Member Posts: 389
    Hi Lionel, I'm interested in those books too, can you share please? Thanks!
  • Khaos1911Khaos1911 Member Posts: 366
    Lionel, you the man! When it comes to this GIAC forum, they should make you a mod. I find the best info (meat and potatoes) from your posts.
  • DoyenDoyen Member Posts: 397
    How does the GIAC testing system work? I read somewhere you can bring books and maybe notes to the testing center? Does anyone have any experience with that?
    LionelTeo wrote: »
    A few of the easier GIAC certs to handle are.
    GCIH, a portion covered by CEH
    G2700, possible via self study
    GISP, possible via self study
    GSEC, able to branch from SEC+
    I appreciate the information LionelTeo about GIAC certifications and easy GIAC to transition into! +rep
    Goals for 2016: [] VCP 5.5: ICM (recertifying) , [ ] VMware VCA-NV, [ ] 640-911 DCICN, [ ] 640-916 DCICT, [ ] CCNA: Data Center, [ ] CISSP (Associate), [ ] 300-101 ROUTE, [ ] 300-115 SWITCH, [ ] 300-135 TSHOOT, [ ] CCNP: Route & Switch, [ ] CEHv8, [ ] LX0-103, [ ] LX0-104
    Future Goals: WGU MSISA or Capital Technology Univerisity MSCIS Degree Program
    Click here to connect with me on LinkedIn! Just mention your are from Techexams.net.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Wow, thank you guys for the strong interest, here are the list and the requirements. Do note you had to study a little more. But it should comes easier when writing the white papers.

    So for those who are in doubt if the books are content related. I had spent countless time to go through the book content and really do check if it is relevant. To ensure the books covers to as close to course material as possible. I had selected books base on two general category. The first type of category is a baseline knowledge, something just never changed for years. Examples would be technology which had settle down, nmap, tcpdumps, analysis technques. The second category are emerging trends, constant changing enviroments. Examples are new OS, new defense (NSM), or new attacks or new tools. The baseline knowledge stays, but emgering threats always require updating. I will probably do so once every two years and check if it is relevant.

    Also worth noting, when I wrote the book title in italics, it means I do not have the book with me at the moment. I still recommend the book, because there is high chance being highly relevant. Some of the books has a google book preview, so you could probably check out the contents via google book preview function before buying.

    Legend
    *Books that covers baseline knowledge
    **Books that covers emerging trends

    GSEC - Requires (Compliance Knowledge Similar to CISSP, Basic Packet Analysis, Windows Hardening Essentials, Linux Hardening Essentials)
    Network Security Bible*
    - Written by Eric Cole, the sans instructor for GSEC. This book is a must grab to use with the GSEC course. It has almost everything you required for the certification
    Microsoft Windows Server Administration Essentials** - Server Administration is a big module for GSEC. This essentials covers active directory to basic latest windows server administration. Security is part of the book hence that is why its being selected
    Linux Administration (A Beginner Guide) Sixth Edition** - Read through and index this book well, you do not have to memorize everything from this book, but its necessary to equip with the latest up to date Linux Administration Skill for the GSEC exam.
    Law is not covered! But you should be able to understand the law that are tested in the GIAC exam during the practice test and prepared for it before the actual exam.

    GCIA - Requires (Tcpdump, Wireshark, Snort, Latest NSM)
    Network Intrusion Detection*
    - Written by Stephen Northcutt from GIAC. Although an old book, this book covers the necessary intrusion analyst skill you required. Mainly TCPDump and analysis some of the older and common traffic, including ICMP, fragmentation and scanning; most of this which had not changed much over the years.
    Practical Packet Analysis* - Written by Chris Sander, GCIA Certified. Everything you need to know about analyzing with Wireshark in this book. This book covers the wireshark knowledge requires for the exam.
    Snort Manual (latest version) ** - Snort is a big part of the exam, snort manual is good enough to teach you everything you need to know about the exam in regards to snort.
    The Practice of Networking Security Monitoring** - Written by Richard Betjlich, who has read every stephen northcutt books on intrusion analysis. Richard covers everything you need to know on NSM on this book, NSM is a ever changing environment; thus this book need to review every 2-3 years to see if it is applicable for the exam.
    Network Forensic: Tracking Hackers Through Cyberspace - Written by two SANS instructor, while I do not think this book its necessary for GCIA, and could possible be more applicable for GCFA. I do believe this book is worth a look into given the content is being cover by two of the SANS instructor.

    GCIH Requires (Every Hacker Technique Covers, Incident Handling, Law)
    Counter Hack Reloaded*
    - Written by Ed Skoudis, author of GCIH. Although an old book, the common attacks mention is this books are still applicable
    Incident Response, Computer & Forensic *- Although not affiliate with GIAC in anyway, the authors from this books are from Madiant. Great steps on incident response including covering all detailed incident handling steps that you required
    Hacking Exposed (latest edition)** - The latest edition of hacking exposed is requires to cover the latest attack trends.
    Law is not covered! But you should be able to understand the law that are tested in the GIAC exam during the practice test and prepared for it before the actual exam.

    Note: You may want to look up CISSP Study Guide by Eric Conrad to understanding the SANS incident handling step that is slightly different from standard steps.

    GWAPT
    Web Application Hacker Handbook* - this book is so huge that is covers practical every web attacks out there.
    SQL Injection and Counter Measure* - I did not had this book yet, but had read a review of someone challenging GWAPT with this book WAHH
    Violent Python* - Written by a GSE, OCSE. This book is a highly recommended. Python is a necessary knowledge for GWAPT. You may skip the non penetration testing section for this book
    iPositive Security: Passed GIAC GWAPT Exam

    GXPN Requires (Scapy, Python, Immunity Debugger, GDB, Shellcodes, Assembly, Encryption, Sulley Framework)
    Violent Python
    - This books covers python with scapy
    Hacking, The Art of Explotation - This book covers the heavy use of assembly, shellcode and GDB.
    Shellcoders Handbook - once again covers Shellcode, Debugger(ollydgb, Assembly.
    The Hackers Playbook - This book is written by someone who holds a GXPN cert, but flipping through, I did not saw any mention of the shellcodes and related topics. I will review this book after taking my GXPN.
    Manuals - Sulley Framework. Scapy.
    iPositive Security: Passed GIAC GXPN Exam

    GISP
    CISSP Study Guide - By Eric Conrad


    For G2700, already cover by existing techexam thread.

    GCFA read here
    An Eye on Forensics: Studying for the GCFA certification: Part 1
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    GPEN (Take After GCIH) (Requires: Projecting Scoping, Scanning Fast, Pivoting, Command Prompts Scanning)
    The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
    Advanced Penetration Testing Guide for Highly Secured Enviroment (the ultimate security guide)
    Metasploit: The Penetration Tester Guide
    The Hackers Playbook
    Law is not covered! But you should be able to understand the law that are tested in the GIAC exam during the practice test and prepared for it before the actual exam.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Doyen wrote: »
    How does the GIAC testing system work? I read somewhere you can bring books and maybe notes to the testing center? Does anyone have any experience with that?

    I appreciate the information LionelTeo about GIAC certifications and easy GIAC to transition into! +rep

    Its an open book exam. You get to bring as many paper book as a standard bag book can hold into the exam hall. Upon registering for the exam. You are given two practice test. The second practice test will usually repeat the wrong questions you get from the first practice test. The actual exam follows the practice test format, except the actual exams has to be taken at a pearson VUE test center, where the practice test is free to be taken at home.

    For every 15 questions answered during both exams, the exam will list your current score percentage for your reference. Every exam has different passing percentage. GPEN notably was very high at 78% during my time while seating for the exam! Upon completing the exam, you will get an exam score sheet, accessible through your portal for future reference. The score sheet will give stars to show how good you are at each chapter, for you to revise and improve on it.

    One thing to note, upon passing, they will still asked if you would like to pay a 30+ USD if you would want the cert to come with the frame. The cert size is pretty non-standard, and its not easy to find a suitable frame. In those days, those frames use to be free.
  • DoyenDoyen Member Posts: 397
    I've seen plenty of jobs around my area ask for certain GIAC certs. However, when I look into certain certs, I was surprised how little reference material there was certain ones. Needless to say, I cannot thank you enough for the information you provided us.icon_thumright.gif
    Goals for 2016: [] VCP 5.5: ICM (recertifying) , [ ] VMware VCA-NV, [ ] 640-911 DCICN, [ ] 640-916 DCICT, [ ] CCNA: Data Center, [ ] CISSP (Associate), [ ] 300-101 ROUTE, [ ] 300-115 SWITCH, [ ] 300-135 TSHOOT, [ ] CCNP: Route & Switch, [ ] CEHv8, [ ] LX0-103, [ ] LX0-104
    Future Goals: WGU MSISA or Capital Technology Univerisity MSCIS Degree Program
    Click here to connect with me on LinkedIn! Just mention your are from Techexams.net.
  • chopstickschopsticks Member Posts: 389
    wow that's a lot for me to digest even before I get it started. :>
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I just want to revisit this thread and add on Bro IDS and Silk to the manual to the list for GCIA, Bro IDS is pointed out by a friend of mine of a new syllabus, while Silk has been overlook by me. You find this information on their website. Intrusion Analyst Certification: GCIA. Related manuals should be easy to find via google ;)
Sign In or Register to comment.