Passed GIAC Certified Incident Handler (GCIH)

I'm glad to hear that you enjoyed your SANS learning experience. I'm taking the GCFW on November 13th and have been blown away at the quality of the material and instruction. I haven't learned a lot of individual technologies and concepts but I have learned many new ways to apply them.

The testing center where I have to go is also cramped. I, like you, will be sweating just not having enough space to lay out my materials. I've integrated that into my practice exams though - working with a small volume of space.

When are you doing the live training for the GCIA? I blew my training budget on Cisco tests and the GCFW but in January when my $4000 resets I'm signing up for the GCIA immediately. I'd be very interested in what you think of the GCIA. I don't know anyone that has taken it so my interest in the course stems from personal interest in the material. I think GCFW and GCIA will complement each other nicely.

Is your employer paying for SANS or are you out of pocket?

Nice review. I've really been impressed with the SANS material, just from what I've seen by peeking at Paul's stuff.

Are you doing incident handling/forensics now? That seems like an interesting area to be involved in.

Congratulations on the pass!

I'd love to take the GCIH as it seems to be all I do these days even challenge it for $900 but without any real study material ouside of SANS it'll stay on the backburner. And my training budget would get decimated if I used it on that especially when I have so much other things to do.

GAngel wrote: »

I'd love to take the GCIH as it seems to be all I do these days even challenge it for $900 but without any real study material ouside of SANS it'll stay on the backburner. And my training budget would get decimated if I used it on that especially when I have so much other things to do.

In my experience unless you know someone that will lend you the course books and MP3s you're really screwed on a straight up challenge. You have no way to know what's going to be on the exam, no way to prepare for how they'll ask questions, and no idea what is expected.

Paul Boz wrote: »

In my experience unless you know someone that will lend you the course books and MP3s you're really screwed on a straight up challenge. You have no way to know what's going to be on the exam, no way to prepare for how they'll ask questions, and no idea what is expected.

Exactly I'm not going to spend that money on a 50/50 chance at best. Does anyone know if SANS has a policy against sharing there material?

And if not where we could get a hold of it.

GAngel wrote: »

Exactly I'm not going to spend that money on a 50/50 chance at best. Does anyone know if SANS has a policy against sharing there material?

And if not where we could get a hold of it.

Pretty sure they don't like having their material distributed. If they were cool with it no one would spend $3500 on self study and exam challenge.

unsupported

Paul Boz wrote: »

When are you doing the live training for the GCIA? I blew my training budget on Cisco tests and the GCFW but in January when my $4000 resets I'm signing up for the GCIA immediately. I'd be very interested in what you think of the GCIA. I don't know anyone that has taken it so my interest in the course stems from personal interest in the material. I think GCFW and GCIA will complement each other nicely.

Is your employer paying for SANS or are you out of pocket?

I'm going to the December CDI SANS event in D.C. My employer is paying for the SANS training.. well.. there was some horse trading with another department, so my manager does not have to pay for the SANS training, but they are popping for the test and travel.

I believe it that you have known anyone who has taken GCIA, because there is only 2,059 certified professionals (twice that for GCIH). I will give my impressions of the training at the end of December, and then a review of the exam within 4 months after that.

I have enough to pay for out of pocket with my schooling, until the end of the semester when I get reimbursed.

unsupported

dynamik wrote: »

Nice review.

Thank you

Are you doing incident handling/forensics now? That seems like an interesting area to be involved in.

I have been moved into a first level IHish role. I handle a lot of the noise that our corporate incident response team does not have the time to handle. Mainly, half my time is working a project to detect and eliminate peer-to-peer software and the other half is reviewing/tuning IDS alerts. I hope to be moved into a traditional IH role soon, either by dumb luck (org changes) or by hard work.

Previously I was doing a lot of log monitoring and vulnerability scanning.

Congratulations on the pass!

Thank you.

I applied for there work study program for:
(GPEN)(GSEC)

Gpen course is end of november in my city so we'll see. I'm not expecting to get through as it's so close to the actual date but worth a shot and a steal at $700. GSEC is next year march so hopefully have a better shot at that.

I've roadmapped the GCIH and will be buying the course in January when my training budget resets. I spoke with a GCIA yesterday and he told me that the GCIA re-hashes 99% of the material from the GCFW, so it would really be a serious waste of $3500 since I will have the GCFW by then. I verified by looking at the day to day breakdown. There is nothing unique in the GCIA that the GCFW doesn't cover.

tpatt100

I want to pursue some SANS training but no way on my own. My new job which I start soon said I would be required to go for the position I got which is cool with me. I was going incident handling/reporting at my last job. Or they could just be blowing smoke

I've just realized we have access to all kinds of online content and GSEC is in there. Too bad its the only SANS one but maybe i'll try and challenge it after CISS.P

I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now

.

It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.

GAngel wrote: »

I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now .

Sweet! Where did you apply for that?

(It's too early to google...)

GAngel wrote: »

It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.

Good luck!

Under the training/workstudy section of the website. I just put in the request for the three closest to me as it shows them into early next year.

I applied for toronto/cleveland and ottawa. Toronto was the closest and the soonest one. You have to apply for them individually and in the app state why you want to do the course etc.

I don't want to say how long I spent on the GIAC site trying to find that link. I got it now though

Thanks!

GAngel wrote: »

I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now .

It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.

I've studied the GPEN material to the point where I could probably sit and pass the exam. You should enjoy the material, I did. It has a lot of very practical, hands on information in it.

Paul Boz wrote: »

I've studied the GPEN material to the point where I could probably sit and pass the exam. You should enjoy the material, I did. It has a lot of very practical, hands on information in it.

I feel relatively comfortable with the theory side of it so it's just getting as much hands on as I can. Hopefully I feel comfortable enough to sit it in january and then OSCP in feb.

I'm just excited to get going. It's my first SANS.

We had one of our senior guys come up a bit short on the OSCP yesterday, so now I'm freaking out. I've gone through the videos already, and there was a decent amount on configuring your own exploits via a debugger, etc. I did pretty good with the other sections, but that was over my head for the most part. The course is awesome, but I'm not looking forward to the exam

veritas_libertas

dynamik wrote: »

We had one of our senior guys come up a bit short on the OSCP yesterday, so now I'm freaking out. I've gone through the videos already, and there was a decent amount on configuring your own exploits via a debugger, etc. I did pretty good with the other sections, but that was over my head for the most part. The course is awesome, but I'm not looking forward to the exam

I didn't know you were going after Dynamik, keep us updated on how it goes. Good luck.

Yea, it officially started on the 11th. I'm going to try to get ICND2 out of the way ASAP, so I can focus on that. I have a lot of ground to cover!

wera711

i am a GCIH and I know the certification holds weight in the industry, but their training was useless for me. If you are a network admin with zero security experience, it may be ok. I took the 5 day 504 Hackers Technique course in DC a couple of years ago. You will be better off reading Hacking Exposed. Thats basically all it is. I was really disappointed.

wera711 wrote: »

i am a GCIH and I know the certification holds weight in the industry, but their training was useless for me. If you are a network admin with zero security experience, it may be ok. I took the 5 day 504 Hackers Technique course in DC a couple of years ago. You will be better off reading Hacking Exposed. Thats basically all it is. I was really disappointed.

Bummer. Any other resources you'd recommend for the exam?

dynamik wrote: »

Bummer. Any other resources you'd recommend for the exam?

I was reading the e-hacker website and someone said they self studied using counter hack reloaded.