CRISC or GCIH: Which Has More Autonomy?

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
Does anybody have any idea which certification can help one function in a self-employed, consultant capacity? Will it be more the CRISC, a risk analysis certification, or the GCIH, an incident handling certification?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    Will you be a consultant in a risk management (planning/remediation) business or in an incident handling (response) business? They are very different career paths.
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    @egrizzly
    In general the GCIH has more popularity, but as @JDMurray has stated these are 2 varied paths. You should see what positions are in your area or get a better understand of what will be your customer base.

    The GCIH is a purple certification. This certification will prepare you for Red Team, Blue Team (ergo the color purple), and Incident Response. This certification is for the foundational knowledge of attack, defend and how to respond in the case there is an incident. Most of the people who have this certification are hands on.

    The CRISC is mainly IT Risk. Information Risk Management, Information Security Governance, IS Program Development and Management, and IR or as ISACA calls it Information Security Incident. 

       
  • scascscasc Member Posts: 465 ■■■■■■■□□□
    Both. Depends what you can bring to the table as a consultant - I.e. value you bring and passion you have for the desired area to keep abreast of future developments. In the US hands on roles pay a lot for what I’ve heard, not where I am for example in the UK - comparatively anyway.  Both are different career paths do what you love doing and money will come (fingers crossed).
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.