GIAC GCED certification vs GSEC advise

CISSPSEN

I am looking for some guidance on the correct GIAC course to do and perhaps someone here can give me some advice. I work as a pre-sales technical engineer doing more consultancy and sales design.

I am currently CCNP (Routing and switching), CISSP and CEH V8 certified. I had a look at the GIAC website and tried to get as much info as possible on both GSEC and GCED. The GSEC course seems to cover some of the same topics I did while doing my CCNP, CISSP and CEH especially around networking concepts, defense in depth , internet security tech and secure communications. I think it’s all too high level (LAN, WAN, TCP, IP, UDP, BCP, DRP, IDS, IPS, scanning, cryptography, steganography, SLE, ALE etc...) and maybe a repeat of what I did from the other certifications. Would this be correct? I admit Linux and some sections of windows I might not be very good at.

I am leaning towards the GCED as its a level up and has some really interesting topics like pen test, malware, packet analysis etc and the more technical the better. Also my employer is funding this and may only fund it once so I am looking to get the most of out of the budget. I really do not want to spend it on something basic and that i have covered before. $6K is not cheap

For members who have the GSEC, what sort of tools (hacking or recon) would I be using as part of the course? Also with GCED what tools will be taught as part of the course?

I am sure a lot of forum members here have already completed the course and may have had to at one stage choose between the two courses so all advise welcome.

Based on my experience and role, I am hoping you could advise me on the right course. If you need more information please ask.

636-555-3226

GSEC is very basic and meant for someone new to infosec. Think basically a really expensive, more hands-on Security+. I'd recommend GCED over GSEC for you. No time right now to list out all the tools, but i'm sure someone else can

docrice

SEC401 is relatively basic but covers a lot at a high level. It's more than just networking though, and general attacks, Windows and Linux security basics are also covered. I'd say it's like stepping into the pool at 3 feet depth.

SEC501 is a step beyond that, but my understanding is that it still doesn't go super in-depth into any one area. Maybe goes to the 5 foot depth level. I don't plan to ever take this course.

Then you get into the more specialize 500-level courses like 503, 504, 505, 506, 542, 560, and so on. Those get into the 8-foot depth.

Then there's the 600-level courses of which there aren't many of. That's 10 feet underwater and if you're not used to swimming, you'll drown. It's really, really specialized material at this point.

(Technicality note: GIAC provides the certification of these general knowledge domains, and they're pretty much based on the training courses that SANS provides).

alias454

I got the GSEC and honestly should have taken a different class. I thought the content was okay and there was a lot of it jammed into 6 days but overall, it is pretty broad/basic. If you are brand new to security then it is a good option that will provide a lot of places to expand from. It is not a class dedicated to one topic(To be fair, it doesn't claim to be). Definitely don't take the GSEC looking for a Linux primer since you aren't going to get it.

Pre-sales technical engineer in what field/industry? Maybe a different cert/course would be better. What are you hoping to gain?

Abdullah.AA

If you have the Security basics down, I believe SEC504 (aimed at GIAC GCIH) is really good. thats the one I'm aiming for soon.

CISSPSEN

Thanks guys for taking the time to reply. Appreciate it.
I am definitely not doing GSEC. thats clear now.
I was also leaning towards 504 GCIH. If the courses were not that exp i would have taken my time and done them sequentially. My employer might cover me for only one of the courses so I am restricted. If i did the GCIH and passed the exam then i would not think of doing GCED as thats going backwards but then again would the GCIH be too much for me? never done a SANS course or seen any sort of material so have no idea how broad or technical it can get.
I am thinking of doing my GCED and then OCSP or OSCE as they are not as expensive. After this return to SANS and do another GIAC course. this could be 1or 2 years later and i could ask my employer again.

TechGromit

docrice wrote: »

Then there's the 600-level courses of which there aren't many of. That's 10 feet underwater and if you're not used to swimming, you'll drown. It's really, really specialized material at this point.

And Level 700 courses are 10 feet water with sharks.

I like your analogy.

CISSPSEN wrote: »

I am looking for some guidance on the correct GIAC course to do and perhaps someone here can give me some advice. I work as a pre-sales technical engineer doing more consultancy and sales design.

If you already have a background in security, your money would be better spent on a GCIH in my opinion.

CISSPSEN wrote: »

... i would not think of doing GCED as thats going backwards but then again would the GCIH be too much for me?

The only reason I would consider a GCED is if I was selected for a work study and nothing else was available.The GCIH is definitely a tougher exam then the GSEC, but since you already have a CISSP, you know how to put in study time. This is what I find happens to most people that fail the exam, they think just because it's an open book test they do not have to study too much for it. They are very expensive exams and shouldn't be taken lightly.

CISSPSEN wrote: »

I admit Linux and some sections of windows I might not be very good at.

I wouldn't attempt the OSCP until you get a good foundation in Linux. I plan on getting a Linux cert before attempting the OCSP, yes it's cheap when you compare it to some of the other courses, out there, even Global Knowledge courses run 3 or 4 grand, but you'll get more out of the OSCP if you have a better Linux foundation. Some would say get a good python foundation as well, but I believe the OSCP can be done without it, but you'll have to do more grunt work instead of automating some of your attacks.

CISSPSEN

Thanks TechGromit for the advise. I see you did both the GCIH and GSEC.

Now its between the GCED and GCIH I should change the subject line.

i must admit I am not an incident handler and do not work in a SOC. My role is to design security solutions and working for a MSP, products vary from premise based firewalls, proxy's, WAF's, cloud based security solutions, email security, web security. The more technical the better. In fact i did find the CISSP slightly boring when compared to CEH.

Happy to put in the study hours. My wife is pretty understanding and while studying i spend entire weekends in a library.
I am going to look into the GCIH in detail.

OSCP would be something i would do in 2 years. I dont mind learning Python.

quogue66

I took GCIH this time last year. It wasn't overly technical. About a month later I decided to take another class. I was trying to decide between GCED and GSEC. I went with GSEC. It is more widely recognized but it is very entry level. I studied the material for just under 3 weeks before taking the exam.

TechGromit

CISSPSEN wrote: »

i must admit I am not an incident handler and do not work in a SOC.

I don't work in a SOC either, I work in a SHOE.

alias454

CISSPSEN wrote: »

Thanks TechGromit for the advise. I see you did both the GCIH and GSEC.

Now its between the GCED and GCIH I should change the subject line.

i must admit I am not an incident handler and do not work in a SOC. My role is to design security solutions and working for a MSP, products vary from premise based firewalls, proxy's, WAF's, cloud based security solutions, email security, web security. The more technical the better. In fact i did find the CISSP slightly boring when compared to CEH.

Happy to put in the study hours. My wife is pretty understanding and while studying i spend entire weekends in a library.
I am going to look into the GCIH in detail.

OSCP would be something i would do in 2 years. I dont mind learning Python.

A couple of others that might interest you are GCIA or GMON. GMON was pretty popular this last year from the traffic I saw on the boards.

docrice

SEC511 (GMON) is very blue team oriented. Great course, lots of fun. The issue with most 500-level courses beyond 501 is deciding which area(s) to focus on. Unless you have a generous training budget, you'll have to decide which security domain is the most relevant to put your resources towards. SEC504 is great in that it provides different perspectives in both defense and offense, but much of the material is still somewhat tip-of-the-iceberg and I don't consider the exam all that difficult.

560 has slight overlap with 504, but it's very offense oriented and I think ultimately a good cornerstone for everyone. I see too many defense-side folks lacking awareness of the offense front to really be effective since attack landscape awareness is critical in approaching how infrastructure design and management is handled.

In general, unless you're taking 506 (Securing Linux/Unix), a course like 504 or 560 typically reserves an hour or two on the first day of instruction for basic overview on the Linux CLI. There are plenty of students who have never touched the dark and mysterious "*nix terminal thingy" so SANS provides a quick crash course to get them acclimatized.

docrice

TechGromit wrote: »

I don't work in a SOC either, I work in a SHOE.

Drum roll, please.

CISSPSEN

docrice wrote: »

SEC511 (GMON) is very blue team oriented. Great course, lots of fun. The issue with most 500-level courses beyond 501 is deciding which area(s) to focus on. Unless you have a generous training budget, you'll have to decide which security domain is the most relevant to put your resources towards. SEC504 is great in that it provides different perspectives in both defense and offense, but much of the material is still somewhat tip-of-the-iceberg and I don't consider the exam all that difficult.

560 has slight overlap with 504, but it's very offense oriented and I think ultimately a good cornerstone for everyone. I see too many defense-side folks lacking awareness of the offense front to really be effective since attack landscape awareness is critical in approaching how infrastructure design and management is handled.

In general, unless you're taking 506 (Securing Linux/Unix), a course like 504 or 560 typically reserves an hour or two on the first day of instruction for basic overview on the Linux CLI. There are plenty of students who have never touched the dark and mysterious "*nix terminal thingy" so SANS provides a quick crash course to get them acclimatized.

Thanks Doc. I emailed SANS as well and spoke to a local resource. He recommended GCIH over GCED and mentioned it being one of the most popular courses. He also said the GCIH is more red team and GCED more blue team focused. the material gets revised 3-4 times a year.

I agree with you on the importance of understanding the offensive landscape in order to build an effective defensive ecosystem.
at the moment i am leaning towards the GCIH. If further budget is available maybe the 560 , 660 but this is a long time from now.

The next available GCIH 6 day course is in March next year and from what i understand there is no way i can access the material beforehand. Ideally i would like to prepare myself before sitting the course so i make the most of it and am not fumbling around. Does anyone know of some good books, materials for GCIH? something recent that cover's some of the domains?

cyberguypr

TechGromit wrote: »

The only reason I would consider a GCED is if I was selected for a work study and nothing else was available.

This is the exact reason why I took the class and have a GCED. It was my last Work Study choice for one event and I wasn't paying for it. I see SEC501 as a 401 on steroids. I recommend this class only if you do not plan on doing any other 500-level class. I took it after 504 and it was a snooze fest. Not that the class is bad, just that the material is too basic.

504 has been my favorite class to date out of five I've taken. Can't go wrong with this one.

IaHawk

CISSPSEN wrote: »

The next available GCIH 6 day course is in March next year and from what i understand there is no way i can access the material beforehand. Ideally i would like to prepare myself before sitting the course so i make the most of it and am not fumbling around. Does anyone know of some good books, materials for GCIH? something recent that cover's some of the domains?

If you are looking for live options, it looks like there is plenty open for GCIH, unless you were talking about something local to you. Also, there is OnDemand option which I used for GSEC and CISSP. This gives you 4 months access to books, mp3s and virtual classroom which you can watch as many times as you want. You typically have the OnDemand access within 24 hrs and books within a week or so.

That being said, when I did my research on GCIH, everyone recommended taking it live. I am signed up for the GCIH class in New Orleans in January which includes two nights of NetWars ($1500 value). I'm really excited about this class...lots of people mention this was their favorite SANS class.

Live: https://www.sans.org/find-training/index/9674157/search/#results

OnDemand: https://www.sans.org/ondemand/course/hacker-techniques-exploits-incident-handling