GCIA (GIAC) or ECSA (EC-Council) for IT Security Analyst ?

thsecmaniac

Which certificates should I take for my job as IT Security Analyst, GCIA or ECSA? Which one is better for my resume and my long-term expertise?

Danielm7

I imagine cost is going to be an issue, but, if it isn't, then the CGIA for sure. I've never seen a single requirement for a ECSA.

josh.armentrout1

I'll second the GCIA. I can't speak for the content of ECSA, but learning potential from GIAC is quite high compared to what I've seen from CEH. The live classes are definitely worth attending if you or your employer is able to fork over the cash for the event.

cyberguypr

Lookup "ECSA" and "GCIA" on Indeed.com.
- ECSA: 35 hits
- GCIA: 790 hits

Bottom line: ECSA won't do much for you unless it is required by the employer, and I doubt you'll come across anyone that will demand it.

Remedymp

Why are you not looking at Security+401 or SSCP?

supasecuritybro

I wouldn't do anything with ECC.

danny069

GCIA for sure. ECSA, althought i'm sure it is a respectable exam in terms of topics, the GCIA is recognized more.

thsecmaniac

I'm going to get it. So, I asked for my second certificate.

SaSkiller

GCIA. Its viewed well. The ESCA is CEH+ and has nothing to do with Security Analysis.

[email protected]

I have passed my ECSA v8 on 19th September 2016 with 90%

gwood113

i don't have ECSA, so I'll tell you about GCIA instead. It's SANS "IDS" class. You'll learn a lot of great techniques and cool skills like reading packets in hex (to understand IOCs as the sensors do), packet crafting (to test sensor rules), secure network architecture design (for sensor placement), packet capture and analysis tools: tcpdump, Wireshark, and silk (to observe traffic patterns), and of course how to operate bro and snort (the sensors!).

All that said i vote GCIA (completely unbiased right?). SANS training is some of the best you'll find in the security sector. Also, GCIA specifically has better market share as mentioned above. The one negative, and it's the same for all SANS/GIAC stuff, is the price of entry. It's steep for an individual (~$6000 for training +$700 for test when bundled with training); that's what Danielm7 was referring to when he mentioned cost.

docrice

SANS SEC503 focuses specifically on network intrusion detection, at least for the most part. To be a good security analyst, it's very helpful to have working knowledge of Windows/Linux and other generalist security knowledge as well as a basic understanding of web apps. It all comes together when you're tracking incomings on the radar. The word "context" is key here.

playerx2006

ESCA. Don't know about the GCIA, but to pass the ECSA, you have to perform a full penetration test and submit the results.

Tr1x5Ta

Hello,
My first post to this forum, so go easy

I have obtained lots of useful information here, which has helped me in the decision making process towards a career in IT security.

After recently completing the CompTIA Security+, I’m ready to take the next step.
I’m planning to go for CEHv9 then ECSAv9, as a stepping stone towards my ultimate goal of OSCP.
I have read a lot of negatives reviews regarding EC-Council. It’s difficult to determine if the negativity is aimed towards EC-Council as an organisation or if it includes the course content also, in particular the newer v9 courses.
I have not found much information regarding ECSAv9, outside of EC-C. However, I do like the idea of pen testing then submitting a report as an added challenge, before being eligible for the exam.

I have also looked into the GIAC route, but as I’m self-studying, it’s a tad out of my price range.

If anyone can share their experiences, particularly regarding ECSAv9, such as if it met your expectations or not, I would be grateful. Also, comments regarding any other points raised above would be most welcome.

chopsticks

When in doubt, take all.

E Double U

GCIA gets my vote.

Mike7

Tr1x5Ta wrote: »

Hello,
I’m planning to go for CEHv9 then ECSAv9, as a stepping stone towards my ultimate goal of OSCP.
I have read a lot of negatives reviews regarding EC-Council. It’s difficult to determine if the negativity is aimed towards EC-Council as an organisation or if it includes the course content also, in particular the newer v9 courses.
I have not found much information regarding ECSAv9, outside of EC-C. However, I do like the idea of pen testing then submitting a report as an added challenge, before being eligible for the exam.

I have also looked into the GIAC route, but as I’m self-studying, it’s a tad out of my price range.

If anyone can share their experiences, particularly regarding ECSAv9, such as if it met your expectations or not, I would be grateful. Also, comments regarding any other points raised above would be most welcome.

I just posted a short http://www.techexams.net/forums/ec-council-ceh-chfi/123986-ecsa-review.html#post1065606

Given price is a concern, you may also want to check out eLearnSecurity's courses. You can try their sample demos and they do have a Xmas Promotion. They also have "Elite PenTester bundle", "4 in a box", "All Access Pass" promotion. Their certs are not as well known as GIAC or CEH, but a couple of us are using eLS as a intermediate step to OSCP

Tr1x5Ta

Thanks for the review just what I was after.
I'll check out the mentioned courses also.
Good luck with 'ing

[Deleted User]

Depends on how much money you have available. ECSA is reasonably priced but GCIA has more respect in the industry. That said, if you are just looking to kill time and continue learning, do ECSA. If you want a career changer/improver, I say to GCIA. GCIA though will cost around 6k if out of pocket. See if your employer will pay for it. EC-Council also recommends you have a CEH or equivalent knowledge before taking ECSA so maybe consider doing CEH if you don't have that cert yet.

Tr1x5Ta

Agreed - As mentioned, I'll be starting things off with CEH before moving onto ECSA.
I now have a good idea and general insight of what's involved.
My understanding is that CEH will give me the fundamentals (theory) of EH and ECSA get the chance to apply it.