Resources for GIAC GISF

GLaDOSGLaDOS MemberMember Posts: 50 ■■□□□□□□□□
Hi all,

I've been trying to transition from my current IT role into more of a security-focused role. Today, I mainly handle desktop support with a mix of system admin, business analysis, and some projects involving infrastructure (we are a group, so we have to wear many hats sometimes).

I currently hold my CompTIA A+, Network+, and Security+ certifications. My boss recommended that I look at the GIAC GISF certification next if I was interested in security. The SANS classes for GISF are very expensive and company-funding doesn't appear to be an option this year. I've been trying to find some material to read so that I could self-study, in the hopes that my Security+ will help prepare me for the GISF, which I understand covers more information. However, a quick scan of the forums here and I get the impression that the GISF is not particularly well-regarded.

So I have two questions:

1.) Does anyone know of any good study material for the GISF? So far in my searching I have not found any books or content geared towards GISF specifically?

2.) Is GISF worth pursuing for someone trying to build a solid foundation in security? My thinking was I could build off of this onto more advanced GIAC certs. (I suppose the answer to this question, might make my first question a moot point).

I'd appreciate any help and recommendations.
"Tahiti is not in Europe. I'm going to be sick."


  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    Please, no GISF. I only see this cert as something bean counters or other high level, non-IT executives should take. Maybe a janitor that is really interested in security? Half joking half serious, but you get the point. You will see absolutely zero ROI. Besides, given that you have Sec+ you would most likely be bored to death going through this material.

    Have you looked into GSEC? Based on your experience this seems like a good next step for you. Have you considered certs from other vendors?

    I also want to throw out there that SANS/GIAC certs are $1,099. There's something called the SANS Work Study Program which let's you attend a class, serve as a facilitator, and take the cert for only $900.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,834 Mod
    I second what cyberguypr said. I just facilitated the SEC401 class (for the GSEC cert) at SANS 2015 and I think anyone that has any IT experience at all should skip the GISF honestly. The SEC401 course covers fundamentals just fine.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • GLaDOSGLaDOS Member Member Posts: 50 ■■□□□□□□□□
    Thanks for the reply.

    I know this question is difficult to answer (and I'm sure is asked a million times), but how difficult is GSEC compared to GSIF or Security+? I know there are a million and one factors that play into that, but I'm just trying to get a sense if it's possible for someone with a little more than a year of professional IT experience and my previous certs to self-study for this exam. I'm getting married in less than a year, so it's tough for me to justify the money needed for something like a SANS course at this specific point in time (though I'd love to start investing in myself more with education once things have settled a bit).

    On a side note - why is there seemingly no love for the GISF? Is it just the high cost for an "introductory" certification?

    As always, I sincerely appreciate the help and feedback. Thank you very much.
    "Tahiti is not in Europe. I'm going to be sick."
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    Can't comment on how hard the test is. As will all things it depends on how well you know the material. People here have successfully challenged 400, 500, and 600 series GIAC tests, so yes, it's doable if you dedicate some good time to understand the material covered.

    I measure certs on two fronts: ROI, and knowledge acquired in the process of gaining the cert. I don't see the GSIF bringing any ROI because 1) it never pops up on job listings, 2) I've never heard of anyone who actually got anything out of it, 3) it's an introductory cert and no one who values their cash (or their company's) would ever spend this kind of money. Again, I rather have people take Security+ than this cert.

    I am an EC Council hater and a big SANS fan, but in this case I'm convinced most folks would learn more from CEH studies than GISF.
Sign In or Register to comment.