SANS certification recommendation

rfernandesrfernandes Registered Users Posts: 12 ■■■□□□□□□□
Hello All,

My company has allowed me to get any SANS certification, the question is I'm not quite sure which one to chose and looking for some sort of advise from you please.
I have CCNA R&S / CCNA Security / CCNA Cyber OPS / SonicWall CCSA and CCSP / Palo Alto ACE / CheckPoint CCSA / ISC2 SSCP (Currently also studying for CISSP).

Do you have any recommendations for me please? I was thinking about GCIH (not sure if this is basic and worth investing at this point), GPEN and GNFA, but I'm also open to any other certs from SANS.

Thank you in advance.


  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    What do you do? What do you want to do?
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    What is your role and what do you do on a daily basis? That will help frame the recommendation.

    Edit: Daniel beat me
  • AtlasSolutionsPlusAtlasSolutionsPlus Member Posts: 9 ■■□□□□□□□□
    What is your goal at your company? What are you looking to bring to the table 1-5 years down the road? Maybe that will help you decide... good luck!
  • SteveLavoieSteveLavoie Member Posts: 1,005 ■■■■■■■■□□
    To complement other.. once you know what you want to go... use the SANS Cyber-Security Roadmap to determine the best course/certification
  • rfernandesrfernandes Registered Users Posts: 12 ■■■□□□□□□□
    I'm an IT security Engineer, with system and network background, 10+ years of experience with about 4.5 are security related.
    Currently working in a bank and providing consultancy to projects in the network security area like Firewalls, NAC, NIPS, Netscalers.
    Other task I have are:

    ● Log analysis and security investigations of possible threats to internal and public systems.
    ● Administration of Endpoint Anti Virus and Data Loss Prevention Software.
    ● Risk Management: Support the on-going management of risk from a Cyber Security perspective – in line with regulatory guidelines and Internal/External frameworks.
    ● Internet and Email Gateway Management : Ensure that the banks internet and email channels are appropriately protected from malicious attacks.
    ● Disaster Recovery : Ensure adequate Disaster Recovery facilities are deployed to ensure continuity of operations for the IT Security environment and maintain up to date recovery plans.
    ● Security Certificates – monitor and support the currency of the banks Security Certificate estate and ensure all Certificates are up to date and current.
    ● Patch Management: Ongoing review of patch status – both internally and with Third Party Service Providers.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,330 Mod
    Hard to say what would best suit you

    What would you like to get into?

    GMON is great, but so is GCIA and GCFA
    In Progress: MBA
  • ansionnachclisteansionnachcliste Member Posts: 71 ■■■□□□□□□□
    Get the CISSP then reward yourself with a SANS course.

    You might find an area in the CISSP studies that you want to expand on to get into the lower levels of knowledge.
  • rfernandesrfernandes Registered Users Posts: 12 ■■■□□□□□□□
    In the long run, I want to get into Security Architecture or Security Management. As a plan I'm preparing for CISSP now and I have access to the eJPT elite course to get some knowledge in pentest.

    I'm know is quite difficult for you guys to tell me do this specific training as this could be the best for you, I totally understand.

    My first thought was to give a try to GCIH, as this is the certification with the most job offers where I'm based right now (Europe). Although, as I have CCNA cyber Ops and SSCP, I'm afraid that there could be a bit of overlapping. Do you guys think GCIH is worth it for my experience?

    Also, as my background in the last few years is with firewalls and network security, I thought that maybe GCIA could be helpful, but I think this is more related to IDS systems which I don't support (to note that I support IPS systems instead).

    GNFA seems to be a really nice course as this is network security related, but there aren't many job offers in Europe unfortunately.

    GPEN is also an option, but I don't have a lot of experience with Pentest and not sure if I want to work just as a pen tester in the future.
  • E Double UE Double U Member Posts: 1,936 ■■■■■■■■■□
    Based on your duties described above, I can't say that I know of any SANS training that would really be good for you. So I recommend that you go to the SANS website to read through their offerings and select whatever you find interesting.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • rfernandesrfernandes Registered Users Posts: 12 ■■■□□□□□□□
    What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?[FONT=&quot] [/FONT]
  • yoba222yoba222 Senior Member Member Posts: 1,233 ■■■■■■■■□□
    The GCIA.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • krucial85krucial85 Member Austin, TexasMember Posts: 84 ■■■□□□□□□□
    From what you have and what you've stated I would recommend the GCIH. I believe your background lends itself to several of the SANS certifications, but being that I've recently completed several of them, I would recommend the GCIH because I believe you might improve the path to management with a handle on incident handling.
    "The way to succeed is never quit. That's it. But be really humble about it."
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    rfernandes wrote: »
    What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?

    From reading the description to SEC501, I always felt like this was a sort of broad stroke across many different topics at an analyst level. Seems ok.

    From what you've posted, I'm not sure what you want to get into. Sounds like you are looking for whatever will open up job opportunities. To be honest, many places likely just want any GIAC cert, but will probably react most favorably to CISSP. I'd focus on that.

    For SANS, though, I'd first ask if you wanted to get more in depth in defense or if you want to learn more about offense? Sounds like your background is heavy in defense, but do you feel comfortable in offense? If yes to offense, and you're feeling a bit new, GCIH is a great start.

    Beyond that, whatever strikes your fancy and you learn something from. Challenge yourself! :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Sign In or Register to comment.