Which GIAC Cert to Pursue?

baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
Hi all,
Just wanted to get the community's opinion on which GIAC certification would provide the most employment/career advancement opportunities amongst the list of certs below:

GCFE - GIAC Certified Forensic Examiner
GCISP - Global Industrial Cyber Security Professional
GCED - GIAC Certified Enterprise Defender
GCIA - GIAC Certified Intrusion Analyst
GMON - GIAC Continuous Monitoring Certification
GWAPT - GIAC Certified Web Application Penetration Tester
GPEN - GIAC Certified Penetration Tester

I am leaning towards a GPEN but I want to hear from you guys and from people in the industry. 



2020 Certification Goals
CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
LPI: Linux Essentials
AXELOS: ITIL v3
SANS GAIC: GSEC, GCIH, and GCED

Comments

  • bigdogzbigdogz Member Posts: 798 ■■■■■■■□□□
    This depends on what you wish to do. Any of the GIAC certs will give you a good ROI.
    GCIH (not on the list) is a good start but if you are going to pen test then start with the GPEN then GWAPT.
  • SteveLavoieSteveLavoie Member Posts: 697 ■■■■■□□□□□
    I had this question for myself recently.  I hesitated between GCIH or GPEN.  I choose GPEN for the challenge. 
  • NetworkNewbNetworkNewb Member Posts: 3,288 ■■■■■■■■■□
    Its gonna be very dependent on what you want to do and learn about as they cover different facets of security.   One security position is going to prefer you to have one type of training where another position is going to prefer a different one. 

    Like in my current position it would be most beneficial if I took the GMON course and my employer could careless if I had the GPEN. 
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    bigdogz said:
    This depends on what you wish to do. Any of the GIAC certs will give you a good ROI.
    GCIH (not on the list) is a good start but if you are going to pen test then start with the GPEN then GWAPT.
    Thanks @bigdogz!

    As part of the SANS Cyber Academy curriculum I am required to take the GSEC and GCIH, but I have to choose one more elective from the list of certs provided. I originally also leaned more towards a GPEN, but I wasn't sure if there was another cert from the list that would prove to be more valuable.
     
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Member Posts: 435 ■■■■■■□□□□
    edited December 2019
    You're likely not going to find bad courses in that list. Value is a personal measure and is going to be different for everyone. Some factors to influence...

    1. Who is paying for it. Are you paying for it, or is the employer? A $6k-$10k cost out of pocket has a different return whether you're 22 or 62, too.
    2. What do you want to do? And this means in terms of your career trajectory and job roles. If you have a goal of XYZ, what certs could pave the path to XYZ?
    3. What do you want to learn? Personal value has a place in building your skills and your confidence. Sometimes, it's worth paying X to learn Y.
    4. How much of a challenge are you able to handle? Some people see value in courses where they know only 10% prior to going in, while others like having more of a solid foundation before diving in further. Me personally, this is expensive and a good opportunity to challenge oneself. Also, some topics are harder than others, and it may be more worth your time to get instruction rather than self-study. Using GPEN as an example, it's harder to pick that up on your own over something like GWAPT (for some people).
    5. Is the course directly applicable to your day job and advancement there? Taking GPEN, for example, when you're working in a SOC and not as a pen tester for the next 0-2 years maybe a little bit of a waste, for example.

    It also matters where you live and work. Do you have lots of pentest jobs around that make a GPEN useful, for instance?

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • MrsWilliamsMrsWilliams Junior Member Member Posts: 192 ■■■■□□□□□□
    edited December 2019
    bigdogz said:
    This depends on what you wish to do. Any of the GIAC certs will give you a good ROI.
    GCIH (not on the list) is a good start but if you are going to pen test then start with the GPEN then GWAPT.
    Thanks @bigdogz!

    As part of the SANS Cyber Academy curriculum I am required to take the GSEC and GCIH, but I have to choose one more elective from the list of certs provided. I originally also leaned more towards a GPEN, but I wasn't sure if there was another cert from the list that would prove to be more valuable.
     
    If this is your first GIAC certification, I would say start at one of the _easier_ certifications. GSEC/GCED/

    You need to get a feel for how the SANS book correlates to the exam itself. You need some wiggle room in case you don't fully understand the questions. The wiggle room, will help you to answer questions because the lower level courses GSEC/GCED have a lot of foundational (Security+) types of topics.  If you can't find the answer in the book, you can use the process of elimination to find the answer. 

    With the high level courses (and no real world experience),  you can't use the process of elimination to find the answer. So, if your memory faded and you can't find the answer, you'll get that question wrong.


    All of those courses sound fun and they are. But the exam retake prices go up 1000 times a year. IF this is your first SANS training I think you need to think about more than employment/career advancement.
    1. People still fail this exams.
    2. A failed exam means nothing toward employment/career advancement. 
    3. The exams have levels for a reason. A lot of the lower level courses share some of the same information as the higher level courses. Some. 
    4. The exams used to be A, B, C, D, E, F, G. You could easily find the answer. Now, that has changed a little


    *To answer your question, go to www.indeed.com and plug and GIAC certification they offer if you want. Input your city/state and that will tell you your employment./career advancement possibilities...*

    Whatever route you take, good luck. 
  • bigdogzbigdogz Member Posts: 798 ■■■■■■■□□□
    bigdogz said:
    This depends on what you wish to do. Any of the GIAC certs will give you a good ROI.
    GCIH (not on the list) is a good start but if you are going to pen test then start with the GPEN then GWAPT.
    Thanks @bigdogz!

    As part of the SANS Cyber Academy curriculum I am required to take the GSEC and GCIH, but I have to choose one more elective from the list of certs provided. I originally also leaned more towards a GPEN, but I wasn't sure if there was another cert from the list that would prove to be more valuable.
     
    The SANS curriculum is popular as a general rule.
    What do you want to do in IT / Information Security?
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    @bigdogz
    Entry level i am thinking SOC and move up from there. Incident response interests me as well. End goal is management. 
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    @MrsWilliams 
    Yup starting with the GSEC. The process of elimination thing you said makes perfect sense actually. Don't want to get in over my head
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    LonerVamp said:
    You're likely not going to find bad courses in that list. Value is a personal measure and is going to be different for everyone. Some factors to influence...

    1. Who is paying for it. Are you paying for it, or is the employer? A $6k-$10k cost out of pocket has a different return whether you're 22 or 62, too.
    2. What do you want to do? And this means in terms of your career trajectory and job roles. If you have a goal of XYZ, what certs could pave the path to XYZ?
    3. What do you want to learn? Personal value has a place in building your skills and your confidence. Sometimes, it's worth paying X to learn Y.
    4. How much of a challenge are you able to handle? Some people see value in courses where they know only 10% prior to going in, while others like having more of a solid foundation before diving in further. Me personally, this is expensive and a good opportunity to challenge oneself. Also, some topics are harder than others, and it may be more worth your time to get instruction rather than self-study. Using GPEN as an example, it's harder to pick that up on your own over something like GWAPT (for some people).
    5. Is the course directly applicable to your day job and advancement there? Taking GPEN, for example, when you're working in a SOC and not as a pen tester for the next 0-2 years maybe a little bit of a waste, for example.

    It also matters where you live and work. Do you have lots of pentest jobs around that make a GPEN useful, for instance?

    1. Its a full ride scholarship from SANS. Definitely could not afford to take three training programs for 3 different certs.
    2. Well ultimately i would like to get into management (long term goal). Entry level i would want to start as a SOC Analyst. Incident response is also something i am interested in.
    3. Lol well i want to learn everything but I know what you mean. I
    4. That is something I will have to self reflect on. I'm glad you brought this question up!
    5. Not currently, but I am looking to change careers. Currently in a IT analyst role but looking to move into info sec after getting said certs. I am starting to think maybe GPEN is not for me (for now at least) 🤔 .  Maybe a GCED or a GCIA is what I am looking for

    Oh yes, where i currently live is a great place for info sec work. I also dont mind moving so this is not a big worry for me.

    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    Its gonna be very dependent on what you want to do and learn about as they cover different facets of security.   One security position is going to prefer you to have one type of training where another position is going to prefer a different one. 

    Like in my current position it would be most beneficial if I took the GMON course and my employer could careless if I had the GPEN. 
    I absolutely agree with you. I guess I am a little confused since I am not sure where the info sec industry is headed in the years to come.

    I've read and heard that the need for pen testers is not that high anymore. This may be bs but I have heard it quite a lot ( I should do a lot more research though).

    Care to shed any insight as to where the industry is headed in your opinion?

    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    Its gonna be very dependent on what you want to do and learn about as they cover different facets of security.   One security position is going to prefer you to have one type of training where another position is going to prefer a different one. 

    Like in my current position it would be most beneficial if I took the GMON course and my employer could careless if I had the GPEN. 
    I absolutely agree with you. I guess I am a little confused since I am not sure where the info sec industry is headed in the years to come.

    I've read and heard that the need for pen testers is not that high anymore. This may be bs but I have heard it quite a lot ( I should do a lot more research though).

    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    LonerVamp said:
    You're likely not going to find bad courses in that list. Value is a personal measure and is going to be different for everyone. Some factors to influence...

    1. Who is paying for it. Are you paying for it, or is the employer? A $6k-$10k cost out of pocket has a different return whether you're 22 or 62, too.
    2. What do you want to do? And this means in terms of your career trajectory and job roles. If you have a goal of XYZ, what certs could pave the path to XYZ?
    3. What do you want to learn? Personal value has a place in building your skills and your confidence. Sometimes, it's worth paying X to learn Y.
    4. How much of a challenge are you able to handle? Some people see value in courses where they know only 10% prior to going in, while others like having more of a solid foundation before diving in further. Me personally, this is expensive and a good opportunity to challenge oneself. Also, some topics are harder than others, and it may be more worth your time to get instruction rather than self-study. Using GPEN as an example, it's harder to pick that up on your own over something like GWAPT (for some people).
    5. Is the course directly applicable to your day job and advancement there? Taking GPEN, for example, when you're working in a SOC and not as a pen tester for the next 0-2 years maybe a little bit of a waste, for example.

    It also matters where you live and work. Do you have lots of pentest jobs around that make a GPEN useful, for instance?

    1. Its a full ride scholarship from SANS. Definitely could not afford to take three training programs for 3 different certs.
    2. Well ultimately i would like to get into management (long term goal). Entry level i would want to start as a SOC Analyst. Incident response is also something i am interested in.
    3. Lol well i want to learn everything but I know what you mean.
    4. That is something I will have to self reflect on. I'm glad you brought this question up!
    5. Not currently, but I am looking to change careers. Currently in a IT analyst role but looking to move into info sec after getting said certs. I am starting to think maybe GPEN is not for me (for now at least) 🤔 .  Maybe a GCED or a GCIA is what I am looking for

    Oh yes, where i currently live is a great place for info sec work. I also dont mind moving so this is not a big worry for me.


    These were great questions, really made me think about what I want out of my info sec career. Thanks!
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    Its gonna be very dependent on what you want to do and learn about as they cover different facets of security.   One security position is going to prefer you to have one type of training where another position is going to prefer a different one. 

    Like in my current position it would be most beneficial if I took the GMON course and my employer could careless if I had the GPEN. 
    I absolutely agree with you. I guess I am a little confused since I am not sure where the info sec industry is headed in the years to come.

    I've read and heard that the need for pen testers is not that high anymore. This may be bs but I have heard it quite a lot ( I should do a lot more research though).

    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    LonerVamp said:
    You're likely not going to find bad courses in that list. Value is a personal measure and is going to be different for everyone. Some factors to influence...

    1. Who is paying for it. Are you paying for it, or is the employer? A $6k-$10k cost out of pocket has a different return whether you're 22 or 62, too.
    2. What do you want to do? And this means in terms of your career trajectory and job roles. If you have a goal of XYZ, what certs could pave the path to XYZ?
    3. What do you want to learn? Personal value has a place in building your skills and your confidence. Sometimes, it's worth paying X to learn Y.
    4. How much of a challenge are you able to handle? Some people see value in courses where they know only 10% prior to going in, while others like having more of a solid foundation before diving in further. Me personally, this is expensive and a good opportunity to challenge oneself. Also, some topics are harder than others, and it may be more worth your time to get instruction rather than self-study. Using GPEN as an example, it's harder to pick that up on your own over something like GWAPT (for some people).
    5. Is the course directly applicable to your day job and advancement there? Taking GPEN, for example, when you're working in a SOC and not as a pen tester for the next 0-2 years maybe a little bit of a waste, for example.

    It also matters where you live and work. Do you have lots of pentest jobs around that make a GPEN useful, for instance?

    1. Its a full ride scholarship from SANS. Definitely could not afford to take three training programs for 3 different certs.
    2. Well ultimately i would like to get into management (long term goal). Entry level i would want to start as a SOC Analyst. Incident response is also something i am interested in.
    3. Lol well i want to learn everything but I know what you mean.
    4. That is something I will have to self reflect on. I'm glad you brought this question up!
    5. Not currently, but I am looking to change careers. Currently in a IT analyst role but looking to move into info sec after getting said certs. I am starting to think maybe GPEN is not for me (for now at least) 🤔 .  Maybe a GCED or a GCIA is what I am looking for

    Oh yes, where i currently live is a great place for info sec work. I also dont mind moving so this is not a big worry for me.


    These were great questions, really made me think about what I want out of my info sec career. Thanks!
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
  • NetworkNewbNetworkNewb Member Posts: 3,288 ■■■■■■■■■□
    edited December 2019

    I absolutely agree with you. I guess I am a little confused since I am not sure where the info sec industry is headed in the years to come. 

    I've read and heard that the need for pen testers is not that high anymore. This may be bs but I have heard it quite a lot ( I should do a lot more research though).

    Yea, the thing about pen testers is companies (most) don't need a pen tester as permanent full-time employees so the demand isn't high.   Most companies just will hire a company to do pen tests a couple times a year.  

    But, in my opinion the GPEN is most widely known cert out of all those you mentioned and since aren't paying for the course and you currently don't have anything specific in mind it is probably the choice I would pick.   GCIA I think would be an interesting course as well though. 
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Member Posts: 435 ■■■■■■□□□□
    Just to pile onto the GPEN a little bit more, don't discount the ability to gain insight into the attacker mindset and their tactics, desires, techniques. It'll help focus defense activities.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
  • baghdaddy19baghdaddy19 Member Posts: 46 ■■■□□□□□□□
    @LonerVamp 

    Kind of what i was thinking. That mindset can be valuable. And like @NetworkNewb said GPEN is the most recognizable out of the list.
    2020 Certification Goals
    CompTIA: A+, Net+, Sec+, Cloud Essentials, and Project +
    LPI: Linux Essentials
    AXELOS: ITIL v3
    SANS GAIC: GSEC, GCIH, and GCED
Sign In or Register to comment.