nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

GCIH Preparation

COBOL_DOS_ERA

Hello All,

I'm a long time lurker here, but this is the first post of mine. I do have a question for you all. I'm planning to Challenge the GCIH exam, and one of my colleague who has took the course in 2017 with SANS said we will lend him course materials for the exam preparation. My question is how helpful do you guys think that would be? I understand SANS periodicallyupdate their course materials. I don't want to shell out that absurd amount of money for the training, since all the expense is going to come out of my own pocket.

I'm also planning to use these books for the exam prep:-

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.

Incident Response & Computer Forensics, Third Edition
Jason T. Luttgens

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
Skoudis, Edward

Hacking Exposed 7: Network Security Secrets and Solutions
McClure, Stuart

Thank you all for the help, and advice.

Mr. T

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

vanquish23

Normally the company would pay for the SANs classes, so yes I would not spend your own money on it.

I just ordered this book from Amazon and will be hear today which will help you. But I have not taken a SANs class.

Intelligence-Driven Incident Response: Outwitting the Adversary 1st Edition

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder

COBOL_DOS_ERA

I agree with you, unfortunately even though the company I worked for was one of the pioneer in the Tech industry they stopped all those perks for last 5-6 years unless you are really hooked up with Sr.Sr. manager. Since, I was laid of a month ago, I thought this is time to challenge this exam and be done with it while I hunt for the new gig.

So, here is my question do you think I still could use the SANS 2017 GCIH exam prep materials from my colleague along with using those books?

Thanks,

T
T

Danielm7

i think the problem is that most people likely haven't taken the 2017 and the 2018 test to be able to say the other materials cover what you'd be missing. Challenging an $1899 exam while job hunting might be a big stretch to make but I don't really know your situation. FWIW I'm studying for the GCIH now and testing soon but I don't know the older materials and while I own the 2nd book you linked I've only done some forensics reading from it for a class so I don't remember a ton of cross over.

MalwareMike

I'm currently in their masters program and have taken the GCIH...I would not recommend paying for their exam out of pocket. There is so much you could do with $1900 rather than take a certification that is a nice to have. I have 4 sans certs and I've been contacted a few times regarding them...paying $1900 and passing the GCIH will not open a lot of doors. *Just my opinion* . Maybe take the books from your friends, study the material, do the labs, and then use the $1900 on other resources or cheaper certifications. But it all depends on where you are located and what exactly you are trying to do.

cyberguypr

I have to concur with MalwareMike here. I also have 4 GIAC certs and the only reason I have them is because I took the classes (Work Study). I would've never pursued them by challenging the test, as I value the class way more than the cert. Maybe if you are eyeing jobs where GXXX is required there will be some value. But otherwise, I say invest elsewhere.

TechGromit

cyberguypr wrote: »

I would've never pursued them by challenging the test, as I value the class way more than the cert.

Does it really matter were you obtain the knowledge to obtain a SANS certification? Regardless if you took an official SANS class or studied and researched the knowledge from other sources isn't it all the same in the end? If you know your stuff, a SANS cert can prove to potential employer you know your stuff. So I say there is value in challenging the exam. Just be aware without the official SANS materials, you face a tougher time getting a passing grade. When you take a SANS course and pay for a certification attempt, your guaranteed the Exam version you take will be based on the books you have. If you challenge the exam, you will not have that benefit. As to how much the material changes each year has be the subject of much speculation. I would assume the core material stays the same between versions, in only minor changes in content, but without paying for two courses and comparing the books, it's not possible to say for sure.

cyberguypr

Of course there’s value in challenging the exam. Just not $1899 worth of value to me. OP needs to make his own call.

COBOL_DOS_ERA

Thank you all your invaluable input.

@MalwareMike: I do understand where you are coming from. I myself don't believe much the cert Hype, but at some point just to clear the HR door and to land a job interview you do need those certs. The real question here is how much you do really know vs what you just memorised to pass the exam? Especially, DC region and NYC is full with cert hype, unfortunately I do split my time between these two place.

@Cyberguypr: I have been applying to Work Study program for a while, with no luck

. I haven't lost my hope a bit though:). I believe one of this days, I will receive that email about volunteering with SANS.

rfra

The GCIH was the least rewarding exam I have taken and I passed it fairly easily. My employer paid for the SANS class which I think is way overpriced. While I know most people think the instructor is amazing I found it boring and a superficial treatment of most topics. I expected it to be a much more technical exam than it was. Having the SANS material to reference for the exam was pretty important though. The test references a specific selection of tools and it would be pretty difficult without their manuals to refer to in the exam. I have quite a bit of security work experience and I don't think I'd want to sit through the exam without a well-indexed set of SANS study materials at my side, even if I did take in a pile of other common books you can buy on these topics.

COBOL_DOS_ERA

Rfra, thank you for your valuable insight. Finger crossed, I happen to be on a[FONT=Arial, Helvetica, sans-serif] *waiting list* for SANS GCIH work study program, and hopefully will receive a call within a month from them.... hey, you are next [/FONT]:D.