Doing GCIH exam without official training

CyberCop123

My day job is incident response and digital forensics.

I have an OSCP certification and I hope to have CISSP in about 2 months.

My employer won't pay for GCIH but I want to do it so I can move on and have another certification.

I'm guessing you can sit the exam without any training? People here mention tests they're doing but I can't see any that are available. Any suggestions as I'm not sure how much I need to study.

Blucodex

Cyber, I already have my CISSP and I don't know if with your OSCP and CISSP (tbd) that GCIH will be the best value to you. You may want to look into one of the forensics classes.

al88

GCIH depends heavily on the tools mentioned in the book, half of which you may know from your job and OSCP but probably not all. With Techniques things can get tricky too especially how to counter them from IR stand point. But you can handle that with DFIR common sense i guess.

Point is, SEC504 true value is in the training.. I highly recommend going first.. it's an experience that really worth it. If you can't afford it, apply for work study program, it's almost the same price as exam challenge anyway.

al88

Side advise,

I'm not sure about your background, but you may want to focus on one track instead of jumping around with heavy certs (OSCP and CISSP while your job is DFIR).

Stick to a path, Excel at it, then move on

quogue66

I agree with both of al88's posts. Although it is possible to pass the GCIH exam without the training it's not really worth it. The real value is in the actual training. While I understand the importance of knowing both red team and blue team I think there is more value to master one or the other initially.

j1mgg

Don't bother with Excel.

I think with your experience in IR and digital forensics, then the GCIH may not be worth the money as it is not an "advanced" course according to SANS, and you will already have a lot of the knowledge, picerl, 5 stages, netcat, wmic, enum, but there will also be specific things that you might not that are only mentioned in the book, ptunnel, coverttcp, and other stuff that make up a few marks here and there.

When buying the exam, you get 2 mock tests and 4 months to pass. It may be possible to sit one and find out where you are, then revise, sit the other, but the books are where it is at.

If I were you, I and set on doing a sans cert, then pay the cash for the course, but get an advanced cert.

yoba222

I did it this way. I could do the GPEN as well but I probably won't. SANS certs are the only ones where the training is about equal in value to the cert. By self-studying for the GCIH I short-changed myself. You really need to get copies of the textbooks to pull this off, which are deliberately not for public sale.

Which reminds me I should think about getting on one of those proctor programs so I could get both the training and the cert for the price of the cert.

jjwolfe

Piggybacking on this one... I am grabbing Mile2's C)IHE which mirrors GIAC GCIH. Where can I find a cheap or free text to study from? I'm pursuing a CISSP and other certs so this one is a "stat padder" for me...

CyberCop123

Thanks everyone for the advice.

To answer this comment:

al88 wrote: »

focus on one track instead of jumping around with heavy certs (OSCP and CISSP while your job is DFIR).

I don't really agree with this in the current context. Although I am DFIR now, I am looking to move on to either general Cyber Security Management, consultant and maybe Incident Response. I have a few different options, and I just want a good blend.

I think OSCP and CISSP are two certifications that can benefit so many people in IT. You don't have to become or be a pen tester to get an OSCP... it can help with security advising, with networking, with threat hunting, etc...

You don't have to be or want to become an Information Security Manager to have a CISSP. This encapsulates so much of IT it's almost worth anyone having.

So I don't think I am jumping around at all. It's not like I'm chasing a CCNA... then an MCSA, then some other random certification.

...........
...........

I definitely can't afford the GCIH course, the reason I asked about this is because I've seen it mentioned in a lot of jobs I've been looking at. Also it's closely related to my current role, so thought it would be a fairly straight forward one to have.

Will have a think, still need to pass CISSP though first!

CyberCop123

Also a bit confused about some saying to do the course as the price isn't that different to the exam.

The exam costs: $1699 USD

The course costs: $6200 USD

I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.

al88

Regarding switching security path, your points are valid, it only got me confused as OSCP is advance PT and CISSP advance Mgmt and now stepping back to GCIH which is core DFIR/PT (according to SANS's Roadmap). But hey, whatever works for you

Regarding the course price, you are correct. However, what we meant by taking it at almost the same price is via the Work-Study program, where you volunteer in one of their events and in return you get a discounted course.

Check:
https://www.sans.org/work-study/

jcundiff

CyberCop123 wrote: »

Also a bit confused about some saying to do the course as the price isn't that different to the exam.

The exam costs: $1699 USD

The course costs: $6200 USD

I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.

You misread what they said... SANS offers a workstudy program at their events, which drops the course price for workstudy individuals down to about what you would pay for the exam alone

Robert Preston

SANS work study isn't that easy to get into. Plus you have to be ready to travel at a moments notice and pay for all food, lodging, travel. If he is comfortable in his DFIR role I'd say give it a whirl in self study.  Take a practice test and see how you do.

TechGromit

CyberCop123 said:

Also a bit confused about some saying to do the course as the price isn't that different to the exam.

The exam costs: $1699 USD

The course costs: $6200 USD

I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.

Depends on how you look at it, if taking the course helps you land a well paying position, even at $6,875 (course + discounted exam price), it's really not that much.  If you don't use the cert to help get you a better job, then yes, it's a huge waste of money. Yes you do get the experience and knowledge, but it's tough to quantify the gained knowledge into $.  

spiderjericho

Wouldn't the cert quantify/qualify his understanding of the material?

Can't you self study, e.g. MP3s, course materials, videos, labs?

I got my job to pay for GCIH and GPEN. I wouldn't pay for it myself.

LionelTeo

Had done several of this certs without official course book. Usually you would want to buy books that covers gold standards of knowledge that usually wont go wrong. Learn the concept and apply it to the exam even though the applicability can be different. For GCIH you may want to pick up offensive counter measures by john strand since his the course instructor for SEC 504. Counter Hack reloaded is old but still good. A copy of nmap documentation. Also a general incident response book with good reviews on Amazon and the Blue team handbook will help.

LionelTeo

also you can buy a pratice test for about 200 USD and then Google print out excess notes that is not covered in ur list of books and used them for the official exam.