Changing Careers-GCIH Training/Exam

wuglord9wuglord9 Registered Users Posts: 2 ■□□□□□□□□□
Hey guys,

I'm posting on here hoping to get some guidance on the GCIH path, InfoSec careers and how the GCIH cert fits into the long-term plan of succeeding in the field.

About 3 months ago I decided to make a career jump to InfoSec--I came from a Corporate Security Analytics background. It was a heck of a risky move. I wanted to get into Network Security and Threat Intelligence because I have a passion for getting involved and solving detailed, complex problems, and performing in-depth investigations. I have never held an InfoSec or IT job in my life. I'm still a complete beginner to foundational networking concepts (I'm learning as much as I can), IDS/IPS, Linux OS, programming, etc... 3 months ago I got my "dream" job. Initially I was excited; when I was hired I informed the hiring manager that I did not have an InfoSec background and my previous education and jobs were not related to IT. He hired me anyways; I am super appreciative of it, but I was also very unsure of what my job would actually entail (even after numerous conversations). When I was hired I was advised that I would get GCIH training from a SANS live event and would get the cert exam covered. I was informed that when I started I would get trained up on everything and that a training plan would be given to me.

So far I've been a bit disappointed and it's been very stressful; I am wayyy more stressed out than I was at my other job. I wasn't provided the on the job training I was promised and I was asked to basically figure it out on my own by watching videos and reading documentation. This isn't the type of job where you can just be expected to get it after repetition; you need to be provided with some sort of training :). I'm a pretty driven guy and I'm having to create my own training plan and I'm being aggressive with getting help from my co-workers.

I'm taking the GCIH training in a few months. I know you have 4 months to study for the GCIH after the training.

I have a couple questions:

(1) Am I truly ready for GCIH training? What about for the certification by December? How can I prepare for it?
(2) Is getting adequate on-the-job training a problem industry wide? Is it just expected that you should know this stuff?

Thanks guys. Looking forward to hearing from you.



  • Options
    TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    First off the GCIH isn't on the job training. It's a base level education on how hackers infiltrate computer systems, ways to prevent them access and an overview of all the security tools are available, what they do and how to use them. In the labs you'll get to use a few of them, but it's all high level basic stuff. You'll have go back and use them on your own to get proficient in using them. There are over 200 different programs covered, most of them are little more than a name and what they do. You'll have to try them out on your own and see which ones work best for you, no one can be an expert on all of them. What you'll end up with is a short list of tools that you will be proficient with to do your job.

    Not having any IT background will not help you. I guess anyone can memorize the books and pass the exams, but passing the exams isn't going to give you the experience you need to perform your job. Your going to have to go back on your own and practice using the tools that applies to your area of cyber security.
    Still searching for the corner in a round room.
  • Options
    kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    Not sure what your current job entails and what they have you doing each day, but it sounds like you may be in over your head. Not sure what your Security Analytics background entails either, it sounds like a bit of compliance related stuff to me. It's expected that you should have some basic core knowledge of System Administration, Linux, and how systems can be compromised. If you keep expecting to get ONJ training, then you really need to think again. Work on getting yourself a home lab setup using VirtualBox, and go from there.

    It also sounds like you haven't taken any certifications exams either. If that is the case, this is going to be a "trial by fire" deal. I'm assuming your doing the live class in Sept/Oct timeframe, and yes 4 months is plenty of time. If your co-workers have passed any GIAC exams, definitely use their advice. Since the exam comes with 2 practice exams, you have the option of purchasing additional GCIH practice exams on your own in case you need more. Be expected to grab additional material outside of the SANS books that you will get. You will be a bit burnt out after the training, but it will also be a great experience. Focus on going through the labs, and getting the audio/MP3 files off of your SANS account once the class is over. Then work on creating your index.
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    GCIH is very easy, you should be able to pass it if you read the materials from the start to the end at least once. Best is to revise unfamiliar sections again.

    Getting some linux hands on would be useful for the class. Download the SANS linux **** sheet, practice and understand those commands.
  • Options
    TranceSoulBrotherTranceSoulBrother Member Posts: 215
    wuglord9 wrote: »
    I'm taking the GCIH training in a few months. I know you have 4 months to study for the GCIH after the training.

    You have a few months to get there. Between now and then, beef up on the basics.
    Whether your boss or your company wants to pay for additional certs or you just need the knowledge, start watching Sec+ videos (i.e. Prof Messer), some Linux, Windows admin stuff, read the Matt Walker CEH book, the 11th Hour Conrad book (for the crypto), and learn about general incident handling procedures and tools.
    It seems like they hired you knowing you as an entity, so don't stress your worth right now and use this lapse of time to get better until your next performance review.
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    I thought GHIC was the most fun of my SANS classes. Giving you a good high level background on how intruders break in, think intrusion detection light or CEH level work, an excellent intrusion framework (PICRELL) and the familiarity with tools needed to get started in the field of DFIR. Problem with Digital Forensics and Incident Response or DFIR is that its a HUGE field and still underutilized at this time and point.

    Still its a fun field to work in when you have the right or positive pressure to function and perform.

    What are of blue team are you ultimately looking?

    - b/eads
  • Options
    wuglord9wuglord9 Registered Users Posts: 2 ■□□□□□□□□□
    Hey guys,

    Appreciate all of the feedback.

    It definitely helps to have some positive feedback; especially for a newbie. I know it's going to be a huge uphill battle. My perspective is to always encourage people that are new in a field to give it the best they can; if one gets fired, so be it. To prevent getting fired, you need to communicate; that is, communicate in a constructive manner.

    I come from a fraud analytics background, so definitely not compliance. I have an M.A in CJ, with more emphasis on stats.

    @TranceSoulBrother: You were right on about the hire; that's the only reason why I got the job. Thanks for your reading and training tips.

    @beads: SIRT and Threat HUnting:D. And when I actually get the time to, Reverse Engineering :). I've been dabbling with Sikorski and Hoenig's Practical Malware Analysis; good stuff on IDAPro and analyzing PEs.

    Off-topic; has anyone read SAMS TCP/IP book? I've been reading that for the past 4 months and it's helping me gain a better understanding of OSI and TCP/IP.
Sign In or Register to comment.