GCIA (GIAC) or ECSA (EC-Council) for IT Security Analyst ?

thsecmaniacthsecmaniac Member Posts: 11 ■■□□□□□□□□
Which certificates should I take for my job as IT Security Analyst, GCIA or ECSA? Which one is better for my resume and my long-term expertise?

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I imagine cost is going to be an issue, but, if it isn't, then the CGIA for sure. I've never seen a single requirement for a ECSA.
  • josh.armentrout1josh.armentrout1 Member Posts: 36 ■■■□□□□□□□
    I'll second the GCIA. I can't speak for the content of ECSA, but learning potential from GIAC is quite high compared to what I've seen from CEH. The live classes are definitely worth attending if you or your employer is able to fork over the cash for the event.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Lookup "ECSA" and "GCIA" on Indeed.com.
    - ECSA: 35 hits
    - GCIA: 790 hits

    Bottom line: ECSA won't do much for you unless it is required by the employer, and I doubt you'll come across anyone that will demand it.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    Why are you not looking at Security+401 or SSCP?
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    I wouldn't do anything with ECC.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    GCIA for sure. ECSA, althought i'm sure it is a respectable exam in terms of topics, the GCIA is recognized more.
    I am a Jack of all trades, Master of None
  • thsecmaniacthsecmaniac Member Posts: 11 ■■□□□□□□□□
    I'm going to get it. So, I asked for my second certificate.
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    GCIA. Its viewed well. The ESCA is CEH+ and has nothing to do with Security Analysis.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • mubashir@engineer.commubashir@engineer.com Member Posts: 12 ■■□□□□□□□□
    I have passed my ECSA v8 on 19th September 2016 with 90%
  • gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    i don't have ECSA, so I'll tell you about GCIA instead. It's SANS "IDS" class. You'll learn a lot of great techniques and cool skills like reading packets in hex (to understand IOCs as the sensors do), packet crafting (to test sensor rules), secure network architecture design (for sensor placement), packet capture and analysis tools: tcpdump, Wireshark, and silk (to observe traffic patterns), and of course how to operate bro and snort (the sensors!).

    All that said i vote GCIA (completely unbiased right?). SANS training is some of the best you'll find in the security sector. Also, GCIA specifically has better market share as mentioned above. The one negative, and it's the same for all SANS/GIAC stuff, is the price of entry. It's steep for an individual (~$6000 for training +$700 for test when bundled with training); that's what Danielm7 was referring to when he mentioned cost.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    SANS SEC503 focuses specifically on network intrusion detection, at least for the most part. To be a good security analyst, it's very helpful to have working knowledge of Windows/Linux and other generalist security knowledge as well as a basic understanding of web apps. It all comes together when you're tracking incomings on the radar. The word "context" is key here.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • playerx2006playerx2006 Registered Users Posts: 3 ■□□□□□□□□□
    ESCA. Don't know about the GCIA, but to pass the ECSA, you have to perform a full penetration test and submit the results.
  • Tr1x5TaTr1x5Ta Member Posts: 8 ■■■□□□□□□□
    Hello,
    My first post to this forum, so go easy :)

    I have obtained lots of useful information here, which has helped me in the decision making process towards a career in IT security.

    After recently completing the CompTIA Security+, I’m ready to take the next step.
    I’m planning to go for CEHv9 then ECSAv9, as a stepping stone towards my ultimate goal of OSCP.
    I have read a lot of negatives reviews regarding EC-Council. It’s difficult to determine if the negativity is aimed towards EC-Council as an organisation or if it includes the course content also, in particular the newer v9 courses.
    I have not found much information regarding ECSAv9, outside of EC-C. However, I do like the idea of pen testing then submitting a report as an added challenge, before being eligible for the exam.

    I have also looked into the GIAC route, but as I’m self-studying, it’s a tad icon_wink.gif out of my price range.

    If anyone can share their experiences, particularly regarding ECSAv9, such as if it met your expectations or not, I would be grateful. Also, comments regarding any other points raised above would be most welcome.
  • chopstickschopsticks Member Posts: 389
    When in doubt, take all. :)
  • E Double UE Double U Member Posts: 2,240 ■■■■■■■■■■
    GCIA gets my vote.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Mike7Mike7 Member Posts: 1,114 ■■■■■□□□□□
    Tr1x5Ta wrote: »
    Hello,
    I’m planning to go for CEHv9 then ECSAv9, as a stepping stone towards my ultimate goal of OSCP.
    I have read a lot of negatives reviews regarding EC-Council. It’s difficult to determine if the negativity is aimed towards EC-Council as an organisation or if it includes the course content also, in particular the newer v9 courses.
    I have not found much information regarding ECSAv9, outside of EC-C. However, I do like the idea of pen testing then submitting a report as an added challenge, before being eligible for the exam.

    I have also looked into the GIAC route, but as I’m self-studying, it’s a tad icon_wink.gif out of my price range.

    If anyone can share their experiences, particularly regarding ECSAv9, such as if it met your expectations or not, I would be grateful. Also, comments regarding any other points raised above would be most welcome.

    I just posted a short http://www.techexams.net/forums/ec-council-ceh-chfi/123986-ecsa-review.html#post1065606

    Given price is a concern, you may also want to check out eLearnSecurity's courses. You can try their sample demos and they do have a Xmas Promotion. They also have "Elite PenTester bundle", "4 in a box", "All Access Pass" promotion. Their certs are not as well known as GIAC or CEH, but a couple of us are using eLS as a intermediate step to OSCP
  • Tr1x5TaTr1x5Ta Member Posts: 8 ■■■□□□□□□□
    Thanks for the review icon_thumright.gif just what I was after.
    I'll check out the mentioned courses also.
    Good luck with icon_study.gif'ing
  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    Depends on how much money you have available. ECSA is reasonably priced but GCIA has more respect in the industry. That said, if you are just looking to kill time and continue learning, do ECSA. If you want a career changer/improver, I say to GCIA. GCIA though will cost around 6k if out of pocket. See if your employer will pay for it. EC-Council also recommends you have a CEH or equivalent knowledge before taking ECSA so maybe consider doing CEH if you don't have that cert yet.
  • Tr1x5TaTr1x5Ta Member Posts: 8 ■■■□□□□□□□
    Agreed - As mentioned, I'll be starting things off with CEH before moving onto ECSA.
    I now have a good idea and general insight of what's involved.
    My understanding is that CEH will give me the fundamentals (theory) of EH and ECSA get the chance to apply it.
Sign In or Register to comment.