GIAC - GISF, GSEC, or GSNA

Hi everybody,

I am currently working as a junior IT auditor at financial company. After finishing university, I passed CISA last winter. So, I am not that technical. And I found out about GSNA and it got me interested.

After months of working, saving money, and not partying, I have some funds to go for GIAC cert. My orginal plan was to study CISSP first and move onto GIAC. But while I was studying CISSP, it was too theory-centric. (Well, just my opinion..). So I decided to go for GIAC right away. And I have some questions.

1. Is GISF same level as CISSP? or where does GISF sit when compared to CISSP and GSEC?

2. Is it really necessary for me to go for GISF before GSEC?. It is recommended for someone like me since I don't have that much experinece and not that technical. The reason why I am thinking of GSEC right away without GISF is that GISF and GSEC cost pretty much the same (only $400 difference) so if i were to chose one I might as well choe GSEC and it seems like GISF is just a stepping stone for GSEC.

3. For someone who has studied GSNA, do you think it is really necessary to go for GISF and GSEC first? (GIAC audit curriculum shows that GISF --> GSEC --> GSNA)

Thank you for your advice.

-J-

Find more posts tagged with

Comments

docrice

I don't know much about the GISF or know anyone who has gone through SEC301. Based on the course description, it seems very elementary and hardly technical to me. There's a free GSEC assessment you can register for at:

https://portal.sans.org/assessments/

to get a feel for it (you'll need to create a SANS portal account). I've been slowly studying for the CISSP over the last year or two and can compare that experience vs. SEC401 / GSEC. Both of them cover a broad range and I feel are complementary, although the GSEC focuses more on the technical aspects and emphasizes Windows / Unix security concepts. It's not so technical that it gets really in-depth at a specialist level, but it's certainly a lot of information if you're relatively non-technical.

My (somewhat-unqualified) suggestion is skip SEC301, save your money, and read through a Security+ book. After you pass Security+, then spend your hard-earned cash for the GSEC. In some ways, the GSEC is like Sec+ on steroids as it goes a bit deeper on much of the same topics and also adds the Windows / Unix focus during the last two days.

rwmidl

docrice wrote: »

I don't know much about the GISF or know anyone who has gone through SEC301. Based on the course description, it seems very elementary and hardly technical to me. There's a free GSEC assessment you can register for at:

https://portal.sans.org/assessments/

to get a feel for it (you'll need to create a SANS portal account). I've been slowly studying for the CISSP over the last year or two and can compare that experience vs. SEC401 / GSEC. Both of them cover a broad range and I feel are complementary, although the GSEC focuses more on the technical aspects and emphasizes Windows / Unix security concepts. It's not so technical that it gets really in-depth at a specialist level, but it's certainly a lot of information if you're relatively non-technical.

My (somewhat-unqualified) suggestion is skip SEC301, save your money, and read through a Security+ book. After you pass Security+, then spend your hard-earned cash for the GSEC. In some ways, the GSEC is like Sec+ on steroids as it goes a bit deeper on much of the same topics and also adds the Windows / Unix focus during the last two days.

Second the above. If you don't already have your Sec+, pick up Darril Gibson's book, spend a month or so studying it and go pass that test. Then look at SANS. Start with GSEC as that is a natural progression (IMO) after Sec+. As Docrice said, GSEC is Sec+ on steroids.

JDMurray

In the auditing world, the triple-crown of certs is CISSP/CISA/CISM.

If you are getting certs to further your career, you need to look at postings for the types of jobs that are your goals and check what certs the hiring managers are asking for. Certs that aren't asked for shouldn't be your immediate priority, unless they are a stepping stone to the certs that you really need (e.g., getting Security+ before CISSP).

cybrwarrior

I agree with all of the previous posts. To answer question 3 specifically though, I think GSEC --> GSNA is an ok path to take, if considering the GIAC curriculum. I never took GISF, but instead maybe take Security+ over GISF?

But definitely in the auditing world, these are the top certs: CISSP/CISA/CISM.

Good luck~

CV33

JDMurray wrote: »

In the auditing world, the triple-crown of certs is CISSP/CISA/CISM.

If you are getting certs to further your career, you need to look at postings for the types of jobs that are your goals and check what certs the hiring managers are asking for. Certs that aren't asked for shouldn't be your immediate priority, unless they are a stepping stone to the certs that you really need (e.g., getting Security+ before CISSP).

JD, do you still feel CISM is part of the triple crown?

If so, can you explain? I get CISA and CISSP but why not CRISC or GSNA over CISM?

JDMurray

The main reason is recognition of the certs. The CISSP/CISA/CISM have been around and more well-respected for a lot longer than the CRISC or GSNA.