Need Help Choosing SANS Elective Class (GCFA vs GCIA)

SecretUserSecretUser Member Posts: 11 ■■□□□□□□□□
edited September 2019 in GIAC
Hey all,

I will be finishing up my Bachelor's degree in less than 6 months, so I've decided to enroll in the SANS Undergraduate Certificate program to increase my chances of getting a job after I graduate. My orientation starts on October 1st and I was hoping to get some advice from you all beforehand on what elective I should choose.

The Undergrad Certificate includes the GSEC, GCIH, and one class from the following list: 

ACS 3215 Advanced Security Essentials   |   SEC 501, GCED
ACS 3220 Intrusion Detection In-Depth   |   SEC 503, GCIA
ACS 3315 Web App Penetration Testing & Ethical Hacking   |   SEC 542, GWAPT
ACS 3320 Network Penetration Testing & Ethical Hacking | SEC 560, GPEN
ACS 3425 Advanced Digital Forensics & Incident Response   |   FOR 508, GCFA

I've decided against the GWAPT and GPEN because I have the eCPPT, the eWPT course, and I can take the OSCP and OSWE in the future. My choice is really down to FOR 508 (GCFA) or SEC503 (GCIA). 

Between FOR508 and SEC503, which do you think would look better on my resume/make me more employable after I graduate? I have a decent understanding of networking (CCNA R&S/Cyber Ops/Security) already, so I'm not sure if I need SEC503. On the other hand, for FOR508, I'm not sure how hard it's going to be without FOR500, but it does go well with SEC504 (or so I've heard). I also think that I would enjoy being a threat "hunter".

Thanks in Advance!


  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I think the GCIA would be more beneficial for you at this point.  I've take 8 SANS courses and the GCFA and GCIA were the most difficult.  I have also used the skills from the GCIA more than the GCFA.  Memory analysis, the focus of GCFA, is dependent upon someone getting you a memory capture.  That doesn't happen as often as you think.  Packet analysis is a skill that you can put to use much more often.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    For someone out of school and with minimal experience, I'm not sure what to think about the FOR508 choice. It's a hefty course with lots of content. As someone with 15+ years of IT and security experience, I learned a lot and found it a nice challenge (passed very high, but it's because I was compatible with all the topics).

    GCIA could be fun, since it's about detection, and I believe compliments the GCIH by focusing more on the defense side of things. That said, I would consider it easier to master than FOR508. And, rather than pure defense or offense, forensics kinda is defense, but with needing to know pretty deep technical stuff and how attacks work.

    To answer you embedded question, I did not take FOR500 before FOR508. I purposely went hard deep end since I had no idea if I would get more opportunities in the future for SANS courses. Rather than take "easier" things, I went into something I knew I'd have a climb with.

    Again, it's hard to answer this. As a new student, if you interviewed with me, I'd dig a bit to see what you really learned in FOR508 without the administrative experience (though maybe you do have some). But it won't be a detriment, I don't think.

    Maybe this is the better answer. For me, I went challenging and hard and dove straight up to FOR508 successfully. You could as well. And that will absolutely whet your appetite for hunting and forensics, whether that's your eventual job duty or not. I personally would not take GCIA or GCIH at this point in *my* career. Even with years as a security geek while being a full time sysadmin, I probably learned enough about those topics in my first 5 years that make those courses a waste of my time. And while they may be stepping stones for someone in a new career, you'll get past them soon enough anyway as well. You don't always get the chance to dive hard or get a hand-holding through the beginnings of memory and forensics analysis.

    But, if you just want to be more employable right now or this year? You can't go wrong with either.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    I agree with LonerVamp that isn't the best approach or timing.  If I were you, I would complete the BS, get hired by a company with tuition reimbursement, then use that many for a Graduate Certificate/Degree.  An Undergrad Certificate so close to finishing up your BS and not having the experience to back it up will provide a poor return on your investment.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • SecretUserSecretUser Member Posts: 11 ■■□□□□□□□□
    Thanks for the suggestions. Some things that I failed to mention in my original post:

    1. I am not paying out of pocket and everything is already paid for
    2. I do have 2.5 years of experience split between help desk and some system administration roles.

    I've decided to take the GCIA based on your suggestions. I feel like it would compliment my existing networking knowledge. I also feel like it would help me understand what attacks look like from the defense's POV. I will most likely enroll into their Master's degree later in 2020 and the GSEC, GCIH, and GCIA will transfer in perfectly.

    Thanks again!
Sign In or Register to comment.