If you have to choose ...

whitergwhiterg Member Posts: 20 ■■■□□□□□□□

I am thinking of taking two SANS training/Certifications maximum ( my own money).
so if you have to chose one or two [no more] in your career , which one (s) will you take with 10 years security background ?

thank you


  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    It depends on what is your goal and what is going to bring the best ROI. What do you currently do and where do you wan to be at?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Like cyberguypr said, it completely depends on what part of security you want to work in. Me personally, if I had to pick two it would be SEC560 (GPEN) and SEC660 (GXPN), or SEC504 (GCIH) and SEC560 (GPEN).

    If you are interested in forensics look at SEC408 (GCFE) and SEC508 (GCFA).
    If you are interested in pentesting look at SEC560 (GPEN), SEC660 (GXPN), SEC542 (GWAPT)
    If you are interested in management look at MGT512 (GSLC)
    If you are interested in general technical security look at SEC401 (GSEC), SEC501 (GCED), SEC503 (GCIA), SEC504 (GCIH), SEC505 (GCWN) and SEC506 (GCUX).
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • whitergwhiterg Member Posts: 20 ■■■□□□□□□□
    for now i am in the middle of the road (more than 20 years of experience including 10 years of security -from physical to computer/network )

    I am a IT technician (not a network admin ) from cabling to software upgrade in DC/Telepresence/SP
    my ultimate goal is not to be CISSP,CCIE or on the management side

    i would like to stay in the tech side and be a trainer/teacher at the end of my career
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Well, that leaves options open but you still need to close the circle a bit. The tech side could lead you to any of the SANS specialties including network security, incident handling, forensics, etc. I suggest starting at the SANS roadmap poster, seeing the different paths, and trying to determine where do you see yourself a few years down the road. After you do that see JoJoCal19's advice.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    For my (experienced) peeps here I generically recommend starting with:

    SEC504 (GCIH) followed by SEC560 (GPEN)

    Quasi-covers offense and defense in vagueish terms. Gives them a taste of what the bad guys do, how they do it, and how to handle it when it goes down.

    otherwise sans has intro-level things like gsec, etc.
  • whitergwhiterg Member Posts: 20 ■■■□□□□□□□
    I reviewed the sans roadmap poster so after my eCPPT and eNDP , i will probably self study for the GISP (no CISSP after ).
    Next year (2017) i plan to go for the GCISP(industrial) or GCIH/GCIA.

    I checked on the GIAC website but didn't see where to registered for the GISP challenge ;is it still available? is it included in a mandatory course ?
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    If you have 10 years security background, I would steer you away from the GISP, esp. if you aren't taking the CISSP after. You probably won't learn a lot of real-world how to do x, y, z and you won't get the accompanying cert to help with your resume.

    GICSP (ICS410: ICS/SCADA Security Essentials) is great if that's your industry. Lots of good take-aways.

    GCIH is a good class and you'll learn a lot. Plus many SANS classes are great follow-ups for afterward (I'd vote for GPEN as it expands on many of the topics introduced in GCIH)

    GCIA is very technical this-is-how-networks-work. I found it to be a little too in-the-weeds of packet analysis for general use. If you're a 24/7 IPS/IDS guy and constantly have to dig into the really technical packet analysis world it'll be good.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    yes I agree CISSP is enough. I would personally do GCIA for the great knowledge that you will gain from it. You can learn the stuff in GCIH by reading books, while GCIA is very practical. (this is my personal opinion, I'm not a SANS expert, just my observation.)

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    Don't waste your time on the GISP, go for the CISSP instead. For other GIAC certs you could do GSEC,GCIA,GCIH. Another good one is GMON, which would work well with your networking background.

    Keep in mind some exams will not have practice tests available for separate purchase.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    If I was paying for the classes what i would do would first get a GSEC book from Amazon and read it and study it, it's not going to give you enough to pass the certification, but it will give you a good introduction to cyber security. Than take the GCIH course, followed up by OSCP, Ive haven't taken the GPEN course yet, so I don't know how good it is, but OSCP is way cheaper and is a respected certification. I think this will give you the biggest bang for your buck.

    As for the GMON, interesting enough I'm taking a similar course at black hat, there's a $75 book from amazon "Network Forensics: Tracking Hackers Through Cyberspace" that goes way more in depth than what SANS offers, of course you have to be motivated to read, instead of paying for training. The book was initially used to develop the first GMON course for SANS, but ultimately the authors decided to go with Blackhat for future training, I guess SANS didn't offer them them good enough deal for the course.
    Still searching for the corner in a round room.
  • ramrunner800ramrunner800 Member Posts: 238
    I agree with others who recommend against the GISP. There are so much better ways to spend that training money and effort than on a wishy washy and entirely unmarketable management cert. I just did a search in DICE for GISP and only got 2 hits. If you're interested in the ICS side, I'd wait for the certification exam for their ICS 515 course to come out of beta. I've heard terrible things about the ICS 410 course, and the couple folks in our shop who hold it have shown 0 ROI on our investment in sending them to that training. The class is apparently very high level and non-technical. I've had a number of folks go to ICS 515, and they have spoken very highly of it. I think FOR 508, the training for GCFA, is amazing training for anyone working on the blue team side of things.
    Currently Studying For: GXPN
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    The GISP Exam is mainly to prepare you for CISSP. If your company allow you to claims the cost of GISP certification, you can go for it. The main certification and its practice test total up to 750 questions, getting GISP and then claiming it from employer would make you very close to passing the CISSP itself at no additional cost! Some recruiter just list GIAC in job posting instead of the exact certification name.
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    If I had to choose two certs I would go for the GCIH and either the GCED or the GSEC. I considered taking the GCED instead of the GCED but went with the GSEC because it seems to be more well known.
Sign In or Register to comment.