GICH Certification

sag33sag33 Posts: 7Member ■□□□□□□□□□
Hi everyone!

I am currently looking to take the GCIH online training as I want to dig down in the IH area. I am wondering what kind of pracitcal tools and exercises you go through the course. I already passed SSCP and CISSP this year and I am looking for a technical certificate that provides to me hands on experience more than tons of theory. I am already working in other field although a Systems engineer but I would like to jump into the technical security field. Are the skills learnt in the cert really worth and valuable for future employment?

One more question, can someone tell me how long does it takes to go through the online course? whats teh average time to pass this cert?



  • laughing_manlaughing_man Posts: 84Member ■■□□□□□□□□
    Give yourself the full 4 mounths for this, but you could do it in 3.

    The books will have all the material and exercises you will need to pass the test. SANS tests directly from the course books.
  • cyberguyprcyberguypr Senior Member Posts: 6,844Mod Mod
    Welcome aboard. Keep in mind GCIH is an overview of incident handling, therefore the scope is very broad. Even though its regular version is a week long course, it covers so much material that it is just impossible to go in-depth with the tools. You do get to lab and see how stuff works but it is up to you to take that knowledge further. A great aspect of SANS courses is that they are created from experts who do this on a daily basis. The "been there done that" aspect is what separates them from strictly theoretical course.

    Having said that I do believe that what you learn at SANS courses is of extreme value to you and an employer who understand the value of Infosec. Although I knew some stuff, it did expose me to things I've never touched. Definitely worth the value to me.
  • SephStormSephStorm Posts: 1,732Member
    Agreed. I just passed the GCIH, but I am right now taking time to download and test all the tools I can. Just tried out Maletgo today.
  • sag33sag33 Posts: 7Member ■□□□□□□□□□
    Thanks for your advice. I assume that is an intensive course despite is a 5 days workshop....
    I have a couple of questions more I hope you can help me with. My final aim is to work in forensics and I have seen in the SANS Road map

    That in almost all fields SEC504 (GCIH) is involved. If I have a look at the forensics Roadmap I also see the FOR 408 and I am wondering If I should start by that course or go first for SEC504. I watched some demo SANS trainining and they advice to start by SEC504 however the way they name the courses is confusing as well as this roadmaps.

    Please, can someone provide advice on this, my final aim is to work in forensics however I do not know where to star and which course will be more suitable to star in Security and jump later into Forensics.

  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    FOR408 is strictly about looking at Windows and pulling artifacts relating to a case, tracking user activity, and creating a timeline to unveil actions which demonstrate that xyz happened. The FOR track is a path in its own right and has a very specialized focus.

    SEC504 is a different type of course which pulls in many different faucets of how to handle incidents at a high level and also understanding the general nature of how compromises happen and how to react to them.

    These two are very different courses and I don't think it matters which one you take first. Forensics professionals should understand how breaches happen and how responders act, and responders should have some low-level OS knowledge. They complement one another. Since FOR408 is a separate "path" than SEC504, the former isn't a prereq for the latter.
    Hopefully-useful stuff I've written:
  • sag33sag33 Posts: 7Member ■□□□□□□□□□
    Thanks very much for the info! Once you pay an online course how long does it take to get the course materials available? also, are they sending text books home for this course?

Sign In or Register to comment.