What next?

ArchonArchon Member Posts: 183 ■■■□□□□□□□
I have passed the CEH exam and have the CISSP exam coming up in the next few months. I am already looking to the next one. I am currently a sys admin looking to progress more into security. Which GIAC exams would you recommend I look at?


Thanks.

Comments

  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Since you're looking to get into security, I would recommend the SANS SEC401 course first which correlates to the GSEC exam. Also I see you're going to attempt the CISSP exam. Do you already meet the prerequisite experience for it, or are you wanting to become an ISC2 Associate of CISSP?
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    I meet the prerequisites with my masters degree in computer forensics and have been a sys admin for 5 years.

    So does GSEC cover security as a whole?
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I'm not so sure about GSEC. With the certs you have done I have a feeling you would be going over more of the same stuff. That's why I never took GSEC. I looked at the syllabus and said "been there, done that."

    I'm thinking maybe GCED would be a better choice as it will give you a glimpse of many security areas without spending time in all the lower layer basics that GSEC covers. The problem with GCED is that is not that popular on the job boards. GSEC, GPEN, and GCIH will win any day.
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    I don't mind going over the same topic as it will be fresh in my mind from the other exams. Can i just pick up a GSEC book and then sit the exam?
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    There is no GSEC book out there. The closest you can get it Network Security Bible by Eric Cole, and top up with windows administration foundation and linux administration foundation notes or books.

    You can also go for GCIH, Counter Hack Reloaded and Incident Response and Forensic Book 2 + some hardwork in finding resource and you can pass this exam.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Archon wrote: »
    I meet the prerequisites with my masters degree in computer forensics and have been a sys admin for 5 years.

    So does GSEC cover security as a whole?


    Wondering, so sys admin work qualifies as part of the prerequisites? You obviously deal with security issues and policies while doing sys admin work but quoting directly from their site they want "direct full-time security work experience" . In almost all IT jobs you deal with some sort of security. Those count??

    I'm also curious about the GSEC as well. Sounds like a lot of people recommend taking the course. But there is no way I could pay for it or my company would not pay for the course either... Would books like these suffice?
    http://www.amazon.com/GSEC-Security-Essentials-Certification-Guide/dp/0071820914/ref=sr_1_1?ie=UTF8&qid=1427210392&sr=8-1&keywords=gsec+giac+security+essentials+certification+all-in-one+exam+guide
    http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495/ref=sr_1_1?ie=UTF8&qid=1427210428&sr=8-1&keywords=network+security+bible
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I am aware to the GSEC Exam guide, that is actually the first exam guide I had think that may work, but I wouldnt be 100% sure.

    I recommend.

    CISSP Study Guide (2nd Edition) (Eric Conrad)
    - Minus Hardware Architecture
    - Minus Software Development
    Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course
    Microsoft® Windows® Security Resource Kit
    Linux Administration: A Beginner's Guide, Fifth Editio
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    Wondering, so sys admin work qualifies as part of the prerequisites? You obviously deal with security issues and policies while doing sys admin work but quoting directly from their site they want "direct full-time security work experience" . In almost all IT jobs you deal with some sort of security. Those count??


    My main areas are:

    Telecommunications and Network Security
    Operations Security

    I also dabble in a few other areas as the only sys admin at the company.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Archon wrote: »
    My main areas are:

    Telecommunications and Network Security
    Operations Security

    I also dabble in a few other areas as the only sys admin at the company.

    Right, you definitely do handle security issues as part of your role, but there is alot more your doing as well. That's why I was curious if that constitutes as being "direct full-time security work experience". I'm not saying it doesn't qualify, I don't know how they interpret what exactly qualifies. The only reason I ask is because I am being promoted to the only sys admin at my company and didn't realize that would count towards it. I thought you would need some kind of security analyst position to be considered just because they used the wording "direct full-time"
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    I will be getting endorsed by ISC2 as don't work with anyone who can endorse me so will find out once I have passed the exam :)
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Archon wrote: »
    I will be getting endorsed by ISC2 as don't work with anyone who can endorse me so will find out once I have passed the exam :)

    Sounds good! Keep me updated, I'm definitely curious! Even though I'm a few years for even qualifying... Best of luck on the exam! icon_thumright.gif
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Good luck man! I made the transition from sysadmin to security without any of those certs, so I firmly believe that you're more than ready to make that transition. I started an MS in digital forensics as well. How was your experience? I can PM you for details.

    Either way, I think getting a job in security is a great way to learn, and certing up while working in infosec is a great idea. Good luck
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    I did the MSc in computer forensics as it was something i was interested in. I never really pursued it as a career. Its an industry that is really hard to break in to.
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    I passed the CISSP exam on Monday and have sent in my endorsement docs. I have an agonising 8 week wait. Time to decide on the next cert :)
Sign In or Register to comment.