Current Pentester, Passed GPEN, is GCIH worth it for price of exam?

Hey Guys,

I've posted here before but realized my account was spelled wrong so I made a new one.

I am currently a pentester that leads a small team at a financial services company. I just got my GPEN on Monday and I am wondering if GCIH is worth it at this point for the price of the exam? I do have an interest in threat hunting and actually want to eventually get GCFA or GNFA. But to get those I think GCFE/FOR500 is kind of a pre-req.

As far as GPEN goes, work paid for it. I did the OnDemand classes and honestly did not feel like I was going to pass the exam. I felt completely unprepared since I had no time to study in the month leading up to the exam. Just got so busy with work and life that I really neglected it. I didnt even get a chance to read the last two books before the exam. I did not have an index for anything other than the SANS provided one which was for the most part useless. In the weekend leading up to the exam, I did take the time to do TABS of the last two books which really saved my ass I feel. I ended up passing with an 81.

I already have all the books for GCIH, and since I already know the majority of the "hacking" tools and techniques, all I would really need to learn is the incident handling aspects. All I would need to spring for is the cost of the exam which I know I could get work to pay for.

That being said, does doing GCIH add value to me considering I already have GPEN?

Or should I wait a bit and try to finagle work into paying for GCFE or GCIA? As they arent Pentest related it may be hard to get them to pay for it.

And I know someone will mention OSCP, I took PWK a few years ago but never got around to doing the exam. Right now I dont have the time to do the labs and the exam. It is definitely on my list of future endeavors however.

Thanks fellas!

Find more posts tagged with

Comments

_nessie_

Congrats on your pass, but that would have been a surprise for someone with experience and knowledge in the field if you didn't

I recently obtained the GCFA without having done the 'prereq' of FOR500. There were indeed a little bit of gaps in my knowledge, but google is your friend for that.
IMVHO, GCFE is not mandatory to grasp and pass GCFA. Can't speak for GNFA though.

I've done GCIH prior to GPEN and believe that if you already did GPEN that there's no real added value in the GCIH, unless you aim for more knowledge in the IR field.

But, you can always go through the books of GCIH and create yourself an index. That way, you will have read the content of the books, have worked through it and will have a reference should you ever need to fall back on content that was explained in the books. Knowledge that is never lost. After this, you still can decide to go for the exam or not.

Going from the GPEN forward, and really into pentesting, I'd say the SEC561: Immersive Hands-on Hacking Techniques, SEC567: Social Engineering for Penetration Testers, SEC580: Metasploit Kung Fu for Enterprise Pen Testing, or SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking. Plenty of choices ... You can divert to web app as well ...

Hope this helps

ActiveMeasures

Thanks, much appreciated on that. There's seems to be the consensus that GCIH isn't worth it after GPEN, considering there's only 1 day of actual incident handling teaching. I am definitely interested in Threat Hunting, so want to work towards that. There was interest from some people at work in moving me to the Threat Hunting/Endpoint team but that fell apart when the leader of that team left.

Maybe I'm getting ahead of my self.

airzero

I'm in a similiar situation myself, recently passed GPEN and OSCP but I feel learning more threat hunting will really benefit my career at this point. I've seen the GCIH material as well and honestly I think GCFA is the better route to go as it's actually focused on advanced IR and threat hunting specifically.

I'm not a actual pentester but knowing how to get into networks AND how to find those getting into networks seem like very complimentary skills to each other.

yoba222

I have a GCIH and am currently wrapping up reading all of the GPEN books. I'm likely not going to bother taking the exam. For me much of the GCIH material was review. I'm getting a more useful learning experience out of the GPEN material. I think if I had started with the GPEN first, I'd skip the GCIH. Having both are sweet resume words though.

quogue66

ActiveMeasures wrote: »

Hey Guys,

I've posted here before but realized my account was spelled wrong so I made a new one.

I am currently a pentester that leads a small team at a financial services company. I just got my GPEN on Monday and I am wondering if GCIH is worth it at this point for the price of the exam? I do have an interest in threat hunting and actually want to eventually get GCFA or GNFA. But to get those I think GCFE/FOR500 is kind of a pre-req.

As far as GPEN goes, work paid for it. I did the OnDemand classes and honestly did not feel like I was going to pass the exam. I felt completely unprepared since I had no time to study in the month leading up to the exam. Just got so busy with work and life that I really neglected it. I didnt even get a chance to read the last two books before the exam. I did not have an index for anything other than the SANS provided one which was for the most part useless. In the weekend leading up to the exam, I did take the time to do TABS of the last two books which really saved my ass I feel. I ended up passing with an 81.

I already have all the books for GCIH, and since I already know the majority of the "hacking" tools and techniques, all I would really need to learn is the incident handling aspects. All I would need to spring for is the cost of the exam which I know I could get work to pay for.

That being said, does doing GCIH add value to me considering I already have GPEN?

Or should I wait a bit and try to finagle work into paying for GCFE or GCIA? As they arent Pentest related it may be hard to get them to pay for it.

And I know someone will mention OSCP, I took PWK a few years ago but never got around to doing the exam. Right now I dont have the time to do the labs and the exam. It is definitely on my list of future endeavors however.

Thanks fellas!

From a technical standpoint I think going from GPEN to GCIH might be taking a step backwards. There is some IR best practices and procedures that may benefit you but not too much from a technical standpoint. You can take a look at the GIAC website to see what the exam covers and decide if it's worth it for you.

I took GCFE and GCFA and they are pretty much independent of each other.

As far as OSCP goes I would think it would be less of a commitment for you to do finish that than it would to start a course from scratch and pass the associated exam.