Thoughts / feedback on GCCC? Or, go another route?
I'm at a bit of a crossroads between doing another technical cert (GCIA or GCFE) or pursuing the GCCC. I am a hands-on technical manager of InfoSec, so either route is applicable. I am finding myself spending a lot of time with my team researching anomalous activity (moving beyond signature-based), so the GCIA/GCFE are applicable here. In the same respect, I am building out a roadmap for the next 5 years as part of a strategic governance approach along with my boss (Director of IT) and our CIO, so I feel that the GCCC might be more applicable here.
All that being said, this is not my first rodeo in building out a security strategy for an organization. I wouldn't want to invest my training budget for a class that would only give me minimal ROI. So I'm looking for anyone who has taken the GCCC class to give some feedback, especially if you've been in security for a while - was it worth the investment? Should I spend my budget on a technical class? Or, should I go a different route (ISACA), such as the CRISC?
All that being said, this is not my first rodeo in building out a security strategy for an organization. I wouldn't want to invest my training budget for a class that would only give me minimal ROI. So I'm looking for anyone who has taken the GCCC class to give some feedback, especially if you've been in security for a while - was it worth the investment? Should I spend my budget on a technical class? Or, should I go a different route (ISACA), such as the CRISC?
Comments
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□Well obviously technical and governance are two different tracks. I could see GCCC being useful, or possibly some of the GIAC management certifications or legal. CISM / CISA are good options for you as well because they focus on the high level process aspects of Information Security.
If you are definitely going governance though, GCIA / GCFE would really just be an edification experience for you because it's unlikely you would use those skills once the shift happens. -
JDMurray Admin Posts: 13,099 AdminIf your organization has chosen the risk-based approach for managing cybersecurity threats and incidents then CRISC is definitely something that you should have. If you are more in security architecture/design then the GCCC and GMON are good for you. Give the people that work daily in Threat Detection and Incident Response the GCIA/GCIH training and certs.
-
5ekurity Member Posts: 346 ■■■□□□□□□□Any specific feedback on the GCCC? The CRISC looks entertaining for later in the year also.
-
jg372 Member Posts: 22 ■■□□□□□□□□I liked the GCCC. If you are looking for that roadmap, I think it would be a great course for you.
-
5ekurity Member Posts: 346 ■■■□□□□□□□Anything specific about the content or approach(es) that you liked the most? My only hesitation is spending money on a class that will reinforce what I already know vs. gaining new knowledge, and I simply don't know enough people who have taken the GCCC to get their personal opinions.
-
Clm Member Posts: 444 ■■■■□□□□□□Disclaimer I have not taken either one but Have you thought of taking both? Use your training budget on GCCC because the classes are so expensive and pay out of pocket for Crisc.I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
5ekurity Member Posts: 346 ■■■□□□□□□□Quite frankly, I have enough budget to cover both the CRISC and GCCC. It is the time investment and the ROI that I am able to give back to my employer that are my biggest concerns. They approved a generous training budget for my staff and I so I want to spend the money responsibly and for classes that will generate value.
-
Clm Member Posts: 444 ■■■■□□□□□□Must be nice to have a training budgetI find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
5ekurity Member Posts: 346 ■■■□□□□□□□Trust me, I've been with two previous employers who could care less about training me or my staff. I'm fortunate that my current one sees the value it brings to me, and ultimately the organization, and that they continue to give me budget year after year. Which is all the reason more why I want to make sure I'm investing time / money accordingly.
-
hilld Member Posts: 42 ■■□□□□□□□□I have taken the SEC566 course this past Jan and just took the certification exam today. The course is worthwhile and the exam challenging. I am also a security manager and while I have had a good understanding of the CSC's in the past, the course does reinforce the things you need to do, it is not as simple of simply buying a tool to automate a control, but you have to have a way to audit the tools effectiveness and compliance.
It was a good use of my time and James is an excellent instructor, I think you will enjoy it.