Just wanted some quick opinions

GLaDOSGLaDOS Member Posts: 50 ■■□□□□□□□□
Hi all,

My employer is asking me to fill some security responsibilities for our company and may likely be offering to pay for some training (hooray!). I currently work in a desktop support/infrastructure role and have been studying on my own to try and break into security full-time; I've done some security work for my employer, but nothing full-time.

My question: what certification should I go after if my employer is willing to pay? I currently hold: A+, Network+, Security+, GISF.

I am thinking of going for either: GSEC or SSCP. I'm leaning towards GSEC only because I really enjoyed SANS courses and the cost is generally prohibitive for an individual to pay out of pocket. I didn't want to go after something too high-level (ex. CISSP) or too specialized just yet as I'm still trying to break into security full-time.

If it helps, I'm trying to move into a full-time Security Analyst role. From there, I think I'd like to move towards either Network Security or Incident Response (though that could change as I get more exposure to working in information security).

I just wanted to see if anyone had any suggestions or advice on other certs to consider. As always, your help is greatly appreciated! Thank you!
"Tahiti is not in Europe. I'm going to be sick."


  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    If they will pay for you to go to SANS, do that. It's crazy expensive.
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    Since you already have your security+ I would reccommend skiping the GSEC and leaning towards either a higher level SANS course or the OSCP. From what I've seen other people say, GSEC is just the SANS version of the security+.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    You need to develop hands-on operational skills with some protective controls to start. If they're looking to fill that gap with some training to provide you with a starting point, I'd recommend a few mid-level SANS courses. Not sure how much you already know, so you'll need to judge if they're too in-depth for you or not. Use all of these as a STARTING point. They'll all introduce lots of new tools and processes and that's it - an introduction. You need to then take what you learn and start to use what you've learned day-to-day in order to actually get good at them & take them to the next level.

    SEC505: Securing Windows and PowerShell Automation

    SEC501: Advanced Security Essentials - Enterprise Defender

    If those are too advanced, I'd start out with SEC504: Hacker Tools, Techniques, Exploits and Incident Handling - be warned though, taking that class in-person can be a bear because it's always PACKED. It's by far one of SANS' most popular courses. You can easily follow that class with SEC501.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I concur with skipping GSEC. Although there's definitely value in the course/cert, your company's training dollar could be used in a better way as described by McxRisley. Do you have any interest in Incident Response? If so, you could look at SEC 504 and the GCIH.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I think the real question is what void are you filling for your employer? Without knowing what responsibilities they are giving you we could only guess at what you should look into. While I understand wanting a course that covers your career goals, if you need to sell it to your employer it will need to be a course that gives you both what you want.
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    What will you be doing as a Security Analyst? Unfortunately in our industry a Security Analyst can be doing anything under the sun. If you will be doing incident response type of stuff, go for SEC504 (GCIH). If you will be doing log analysis stuff go for SEC503 (GCIA). If you'll be doing a bunch of entry level stuff across multiple areas SEC501 (GCED) wouldn't be a bad idea. While most say skip SEC401 (GSEC), I disagree if you have zero security experience and even if you have the Security+. It still teaches a lot of stuff that definitely isn't in the Security+.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    I'll add my +1 to what others are saying: I took Sec+ in the spring, and then did the GSEC course in October and I'm glad I did. The GSEC course does cover similar material, but goes far deeper than Sec+, especially since the GSEC has actual lab work. There's a huge amount of Windows and Linux security stuff packed into the GSEC that is only lightly covered in Sec+, not to mention the fantastic and thorough coverage of cryptography. Seriously, I had a rough time grasping the cryptography stuff when studying from a book for Sec+, but the SANS class devotes an entire day to the topic, with an instructor breaking it down perfectly. Ended up being my favorite day of the week.
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    +1 GSEC if your work is paying. It is one of their more well known certs.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    I vote SANS if they're paying:

    SEC503 (Incident Response, Network Traffic Analysis, and the care and feeding of IDS)
    SEC505 (Securing Microsoft with Powershell, Desired State Configuration, and Templates)
    FOR508 (incident response and host forensics)
  • GLaDOSGLaDOS Member Posts: 50 ■■□□□□□□□□
    Thanks for all the feedback!

    To answer some of the questions asked:

    Based on my understanding, the role will mostly involve helping create and modify various information security policy documents. From there, I'm hoping to get more into more technical things - I already handle desktop patching, antivirus management, and will soon be approving server patches. In addition, I am generally the first line of response to security incidents and also manage our security awareness training platform which includes sending phishing emails to our company to periodically test security awareness.

    I'd love to go for some of the more advanced courses like:
    SEC501: Advanced Security Essentials - Enterprise Defender
    SEC503: Intrusion Detection In-Depth
    SEC504: Hacker Tools, Techniques, Exploits and Incident Handling

    But I think the best chance I have of "selling" this to management is going for the SEC401: Security Essentials Bootcamp Style course. It seems to be most inline with my current and upcoming responsibilities.

    However, before I submit any "formal" requests, I'll talk to my manager and see if any of the more advanced courses above would be at all feasible. Would a course like SEC501 be too much of a jump with only Security+ and GISF under my belt? I'm sure the answer to that depends on a myriad of factors, and I hope I've provided enough detail here to answer that question. If not please let me know and I'd be happy to provide more information.

    Again, your thoughts and feedback are greatly appreciated!
    "Tahiti is not in Europe. I'm going to be sick."
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    more infosec policies.... I understand the program starts somewhere, and that is sometimes with policies, but if you can get done what you need to do without spending time and effort on writing policies, why go through the time and effort? hopefully you can bust out the policies very quickly and get to what actually matters - doing things!! (in other words, vlad's ransomware doesn't give a hoot what your patch policy says)

    unless you're planning on winging the operational/technical side of infosec, I recommend beginning to adopt the CIS Top 20 Critical Security Controls. It's a step-by-step roadmap of what you should be focusing on in roughly the right order. start with the first 5 and once you've got them 80% of the way there keep working on them while also beginning to expand into the other area

    SEC503 is a good intro course if you're planning on being a full-time IPS/IDS analyst, otherwise IMO there are better bang-for-your-buck options out there, esp. if you're a one-man infosec show. 504 is a good all-round course to take, as is 501. 401's a good primer for the rest, too.

    while everybody thinks SANS classes are the end-all-be-all for everything infosec, the honest truth is the 400 and 500 level courses aren't extremely deep and won't make you a super infosec master in a week. the 400 and 500s introduce each topic, give you the principles, give you some tools to play with, and give you some 101-intro-to-each-tool lab. your job at the end of the week is to go back to work & start to apply what you've learned in order to actually get good with the stuff. example - taking the pentesting 560 course isn't going to make you a pentester. spending 100 hours after the class expanding on what was introduced will make you a pentester.

    good luck! the fact that your bosses are interested and letting you even think about dedicated security stuff puts you ahead of 80% of the companies in my area! the only way to go from here is up!
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    If you are going to be focusing on policy then I would look to take MGT414. It will prep you for CISSP as well as allow you to take a GIAC exam as well if you wanted. Policy wise I have found the CISSP to be extremely useful. On the technical side, if you could sell them on a technical SANS course, I would look into SEC511. It has a lot of overlap with a few of the SANS course offerings and would definitely assist in an analyst role. Plus it deals with open source tools for monitoring and teaches methods to implement monitoring for free (or at least for cheap). I really enjoyed the course and got the challenge coin.
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.