SANS certification recommendation

Hello All,

My company has allowed me to get any SANS certification, the question is I'm not quite sure which one to chose and looking for some sort of advise from you please.
I have CCNA R&S / CCNA Security / CCNA Cyber OPS / SonicWall CCSA and CCSP / Palo Alto ACE / CheckPoint CCSA / ISC2 SSCP (Currently also studying for CISSP).

Do you have any recommendations for me please? I was thinking about GCIH (not sure if this is basic and worth investing at this point), GPEN and GNFA, but I'm also open to any other certs from SANS.

Thank you in advance.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Danielm7

What do you do? What do you want to do?

cyberguypr

What is your role and what do you do on a daily basis? That will help frame the recommendation.

Edit: Daniel beat me

AtlasSolutionsPlus

What is your goal at your company? What are you looking to bring to the table 1-5 years down the road? Maybe that will help you decide... good luck!

SteveLavoie

To complement other.. once you know what you want to go... use the SANS Cyber-Security Roadmap to determine the best course/certification

https://www.sans.org/cyber-security-skills-roadmap

rfernandes

I'm an IT security Engineer, with system and network background, 10+ years of experience with about 4.5 are security related.
Currently working in a bank and providing consultancy to projects in the network security area like Firewalls, NAC, NIPS, Netscalers.
Other task I have are:

● Log analysis and security investigations of possible threats to internal and public systems.
● Administration of Endpoint Anti Virus and Data Loss Prevention Software.
● Risk Management: Support the on-going management of risk from a Cyber Security perspective – in line with regulatory guidelines and Internal/External frameworks.
● Internet and Email Gateway Management : Ensure that the banks internet and email channels are appropriately protected from malicious attacks.
● Disaster Recovery : Ensure adequate Disaster Recovery facilities are deployed to ensure continuity of operations for the IT Security environment and maintain up to date recovery plans.
● Security Certificates – monitor and support the currency of the banks Security Certificate estate and ensure all Certificates are up to date and current.
● Patch Management: Ongoing review of patch status – both internally and with Third Party Service Providers.

UnixGuy

Hard to say what would best suit you

What would you like to get into?

GMON is great, but so is GCIA and GCFA

ansionnachcliste

Get the CISSP then reward yourself with a SANS course.

You might find an area in the CISSP studies that you want to expand on to get into the lower levels of knowledge.

rfernandes

In the long run, I want to get into Security Architecture or Security Management. As a plan I'm preparing for CISSP now and I have access to the eJPT elite course to get some knowledge in pentest.

I'm know is quite difficult for you guys to tell me do this specific training as this could be the best for you, I totally understand.

My first thought was to give a try to GCIH, as this is the certification with the most job offers where I'm based right now (Europe). Although, as I have CCNA cyber Ops and SSCP, I'm afraid that there could be a bit of overlapping. Do you guys think GCIH is worth it for my experience?

Also, as my background in the last few years is with firewalls and network security, I thought that maybe GCIA could be helpful, but I think this is more related to IDS systems which I don't support (to note that I support IPS systems instead).

GNFA seems to be a really nice course as this is network security related, but there aren't many job offers in Europe unfortunately.

GPEN is also an option, but I don't have a lot of experience with Pentest and not sure if I want to work just as a pen tester in the future.

E Double U

Based on your duties described above, I can't say that I know of any SANS training that would really be good for you. So I recommend that you go to the SANS website to read through their offerings and select whatever you find interesting.

rfernandes

What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?[FONT=&quot] [/FONT]

yoba222

The GCIA.

krucial85

From what you have and what you've stated I would recommend the GCIH. I believe your background lends itself to several of the SANS certifications, but being that I've recently completed several of them, I would recommend the GCIH because I believe you might improve the path to management with a handle on incident handling.

LonerVamp

rfernandes wrote: »

What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?

From reading the description to SEC501, I always felt like this was a sort of broad stroke across many different topics at an analyst level. Seems ok.

From what you've posted, I'm not sure what you want to get into. Sounds like you are looking for whatever will open up job opportunities. To be honest, many places likely just want any GIAC cert, but will probably react most favorably to CISSP. I'd focus on that.

For SANS, though, I'd first ask if you wanted to get more in depth in defense or if you want to learn more about offense? Sounds like your background is heavy in defense, but do you feel comfortable in offense? If yes to offense, and you're feeling a bit new, GCIH is a great start.

Beyond that, whatever strikes your fancy and you learn something from. Challenge yourself!