GCIA and general security cert advise

Hi there,

I currently have the CISSP, CCNP, and a bunch of other random certs. I've recently become interested in security--and went after the CISSP. I passed that and am now looking to narrow in on the field, specifically, intrusion analysis or penetration tester. I also have a long time goal of picking up the CCIE certification. Since the CCIE is such a long term goal for me, I'm looking to pick up smaller certs along the way--specifically, security related.

The GCIA seems like a logical cert for me to look into taking. It seems to be a more distinguished cert than say C|EH. Given the above, do you think the GCIA is a logical choice? Is there something else I should be looking at?

My next question is regarding study materials for the GCIA. I have a bunch of Addison Wesley books (Tao of Network Security monitoring, Extrusion Detection, Applied Security Visualization, Security Metrics), also I've been self-studying all the various tools out there (snort, nmap, nessus, p0f, tcpdump, wireshark, argus, sguil, etc!) -- I've heard there are some SANS books or "materials" I can purchase to study for the GCIA... But I can't find them anywhere? Do I need to register for the SANS course? I generally prefer self study and the course is expensive, are the materials available outside of the course? If so, where?

Thanks for any advice you may have for me!

Best,

Jules

Find more posts tagged with

Comments

docrice

The only official study materials are available from SANS. If you just want just the books, it costs $3,161 (the self-study option). You can also add the OnDemand bundle for $400 which gives you a few months of access to the latest online audio / video slide presentations and MP3s of the course. You can register for a short OnDemand demo of each course through the SANS site for free to get a feel for it. If you purchase the exam attempt at the same time you order the course, it's an additional $500. If you order the exam challenge separately, it's $900.

It gets expensive for sure.

I think one can prepare for the GCIA exam without taking the SANS course, but the road will be longer unless you already have experience reading hex ****, using Snort or other IDS systems, and understand the common nuances of normal vs. abnormal IP communication patterns. Check your comfort level first:

http://www.sans.org/security-training/tcpip_quiz.php

I've heard both good and bad things about the CEH, and it seems that it's highly dependent on the instructor (assuming you're thinking of taking a class). If you want to go the pentest route, check out OSCP, eLearnSecurity, and Heorot.net. SANS also has a SEC-560 course for the GPEN cert, but that's expensive just like the SEC-503 for the GCIA.

http://www.offensive-security.com/
http://www.elearnsecurity.com/
http://www.sans.org/security-training/network-penetration-testing-ethical-hacking-937-mid
http://heorot.net/

In addition to just cert-focused courses, I'd recommend taking a look at TaoSecurity / Richard Bejtlich's TCP/IP Weapons School 3.0, which is something I'm seriously considering later this year.

http://www.taosecurity.com/training.html

We've also been discussing the GCIA over the last few months. Search the forums for more info.

Cthu1hu

Thanks for this great post docrice! I myself was thinking of this earlier today and you have answered my questions as well.

jmu200

Wow, that's a lot of great information docrice, thanks for your detailed reply!

I think I'm going to go for the GCIA. I'd love to attend the TCP/IP weapons school, but at $2K per day... Ouch! I bet it is fantastic however, I mean look who the teacher is!

For roughly 70 hours of content the $3161 price tag doesn't seem horrible. But it's still up there. Do you happen to know if you receive all the same materials if you attend the course in person? I think it would be a no-brainer to go for the course AND receive the materials, if they are included (it's only a few hundred dollars more).

Have you used any SANS materials or taken any of their courses? Were you impressed with the quality?

Thanks again!

docrice

I believe the difference between attending live instruction and taking the OnDemand bundle (which includes the books and the audio / video online media) is travel cost / being able to interact with other students in close physical proximity / and being able to ask questions directly to the instructor.

I'll refer you to my recent thread for the rest of your query:

http://www.techexams.net/forums/security-certifications/65080-gcia-passed.html

jmu200

Congrats, and awesome review in the other post!