Is GIAC GPEN a good certification to get + other advice?

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
Hi all,

I'm currently in a role where I conduct cyber crime investigations, often with digital forensic work. Years ago I was a web developer, doing things like some server management, as well as PHP/MySQL e-commerce website work.

I've got good knowledge of linux, networking, numerous protocols. I'm very good with command line within Linux, less so in Windows as I don't use it very often.

In around 18-24 months I'd like to move into a more penetration testing/IT Security/Cyber Analyst role. I realise these are three different areas but some of the positions I've seen have some similarities and it often depends on your knowledge as to where you can go.

In the next 12 months I have several courses booked:
  • MCSA - ongoing with exams and learning
  • ISO 27001 Practitioner (3 days)
  • Certified Forensic Investigation Practitioner (5 days)
  • Certified Forensic Investigation Specialist (4 days)
  • Certified Security Testing Associate (4 days) - includes stuff like packet sniffing, target analysis, attacking windows/Linux, etc...
  • Certified Security Testing Professional (2 days) - Injection, Cross site scripting, and other similar techniques
  • Certified Malware Analysis (4 days)
  • Certified Secure Coding for Software Developers (2 days)
Some of these courses are advertised as good preparation for the CREST exams, including pen testing, and also for CEH exams which I hope to do, maybe next year depending on how I get on.

Questions
  1. Is GIAC GPEN a good certification to get as I've been offered the chance to do that
  2. I did try to get on the CISSP course although at present this is not a possibility, but I will probably try again next year as it looks to be a lot of work and learning involved.
  3. Any advice for my aims at moving into pen testing/IT security roles?
  4. Any specific certifications I should concentrate on getting?
Thanks everyone
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2021: CCSP
2022: OSWE (hopefully)

Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I must say, I had to Google most of those training course. Can't say I heard of them.


    For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.


    GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.

    CISSP will help you get an IT Sec position faster. ISO cert is great too.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    UnixGuy wrote: »
    I must say, I had to Google most of those training course. Can't say I heard of them.


    For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.


    GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.

    CISSP will help you get an IT Sec position faster. ISO cert is great too.

    Thanks for the response - I probably should have said that most of those courses are not "official certifications" - albeit they are high quality courses with hard exams, and I think are valuable to do. Particularly as my employer pays for us to do them all.

    The GPEN is being paid for by work.

    I've just looked at the OSCP - do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?

    Thanks again
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Ah, another entrant to the wonderful world of pentesting! A growing field, that one. Going to be lots of hackers out there in a few years!

    Skip CEH, you won't learn anything about real hacking. It's basically Security+ but focusing on hacking. You won't actually learn to hack anything.

    SEC560 (GPEN) is great - do it. I'd recommend that before the OSCP.

    After GPEN do OSCP then take a look at SEC542, SEC617, SEC660, SEC760. All SANS courses are great, esp. if your employer pays for them
  • E Double UE Double U Member Posts: 2,240 ■■■■■■■■■■
    All SANS courses are great, esp. if your employer pays for them

    Most definitely!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Ah, another entrant to the wonderful world of pentesting! A growing field, that one. Going to be lots of hackers out there in a few years!

    Skip CEH, you won't learn anything about real hacking. It's basically Security+ but focusing on hacking. You won't actually learn to hack anything.

    SEC560 (GPEN) is great - do it. I'd recommend that before the OSCP.

    After GPEN do OSCP then take a look at SEC542, SEC617, SEC660, SEC760. All SANS courses are great, esp. if your employer pays for them

    Great, thanks.

    Well the reason I was going to do the CEH was:

    1) Most of the courses I'm signed up to do are all designed to prepare you for a CEH exam if you wish do that
    2) Many jobs I've seen is asking for it or saying it's an advantage

    So in short it just seems that if it's easy enough to get then I may as well.

    My focus though will be on improving my own skill and knowledge. Also on trying to do the GPEN course and then an exam afterwards.

    OSCP I've heard a lot about. Do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    OSCP I've heard a lot about. Do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?

    You have to sign up for the Penetration Testing With Kali (PWK) course in order to take the OSCP exam.
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Where in the world are you based?

    Crest is mainly a UK thing and doing the OSCP and a crest cert will give you Crest Registered Tester which will get you many a job interview here in the uk so will the cissp
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Where in the world are you based?

    Crest is mainly a UK thing and doing the OSCP and a crest cert will give you Crest Registered Tester which will get you many a job interview here in the uk so will the cissp

    Hi

    Thanks, yea I'm in the UK and seen lots of jobs that have inspired my choices of courses.

    I need to be quite tactical as I apply for funding through work and can't go over the top on asking for courses.

    I've been allowed to do the GPEN course but that probably won't occur till November as I'm on loads of others.

    It may get to the point where they stop funding anything else.

    I'm willing to pay some costs but very limited on what I could afford. I could probably afford maybe £1000-£1500 for a course or certification if it was worth it.

    I know that's not much for a course - that's why I would be willing to do exams on the back of some of the training I already have booked.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Thanks for the response - I probably should have said that most of those courses are not "official certifications" - albeit they are high quality courses with hard exams, and I think are valuable to do.

    While the knowledge they provide may be valuable, if they are not industry recognized certifications, they are NOT "valuable" to have in my opinion.
    Still searching for the corner in a round room.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    MrAgent wrote: »
    You have to sign up for the Penetration Testing With Kali (PWK) course in order to take the OSCP exam.

    Is this new? I haven't heard of this prerequisite before.
    Still searching for the corner in a round room.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    TechGromit wrote: »
    While the knowledge they provide may be valuable, if they are not industry recognized certifications, they are NOT "valuable" to have in my opinion.

    However, I would still be in a position to say I am a "Certified Malware Investigator", having completed the course and the subsequent exam.

    Either way I'm hoping to use all the knowledge to gain some industry recognised qualifications. My only concern is the cost of the exams - I would have to fund them myself I think, so cost would have to be considered.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    UnixGuy wrote: »
    I must say, I had to Google most of those training course. Can't say I heard of them.


    For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.


    GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.

    CISSP will help you get an IT Sec position faster. ISO cert is great too.
    OSCP and eCPPT are definitely some good options...frankly the CEH is the entry level hacker cert because HR recognizes it.

    If you can get your employer to pay for it or have funds to pay for it, the GPEN is a great option. A MAJOR benefit that most people don't realize or talk about for SANS/GIAC is you can get the updated courseware when you go for renewal for the renewal cost...stated on the website. Even though you can upgrade for OSCP, the material is barebones and probably not worth the upgrade.
Sign In or Register to comment.