CRISC or GCIH: Which Has More Autonomy?

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
Does anybody have any idea which certification can help one function in a self-employed, consultant capacity? Will it be more the CRISC, a risk analysis certification, or the GCIH, an incident handling certification?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+


  • Options
    JDMurrayJDMurray Admin Posts: 13,028 Admin
    Will you be a consultant in a risk management (planning/remediation) business or in an incident handling (response) business? They are very different career paths.
  • Options
    bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    In general the GCIH has more popularity, but as @JDMurray has stated these are 2 varied paths. You should see what positions are in your area or get a better understand of what will be your customer base.

    The GCIH is a purple certification. This certification will prepare you for Red Team, Blue Team (ergo the color purple), and Incident Response. This certification is for the foundational knowledge of attack, defend and how to respond in the case there is an incident. Most of the people who have this certification are hands on.

    The CRISC is mainly IT Risk. Information Risk Management, Information Security Governance, IS Program Development and Management, and IR or as ISACA calls it Information Security Incident. 

  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Both. Depends what you can bring to the table as a consultant - I.e. value you bring and passion you have for the desired area to keep abreast of future developments. In the US hands on roles pay a lot for what I’ve heard, not where I am for example in the UK - comparatively anyway.  Both are different career paths do what you love doing and money will come (fingers crossed).
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.