New here and Just Passed my GCIH

Hi All,

To start of, I would like to introduce myself that I am from Singapore, I only have 2 years work experience and have gotten my CEH 22 Nov last year and just passed my GCIH 16 Jan (on this monday), both by self study means. I have planned to go into GIAC certifications instead of a degree after reviewing my local degree courses and found them disappointed in the info sec sector.

Anyway, just sharing my GCIH experience for those who are interested. The actual test and the practice test questions are entirely different. But still for the test it is good to refer to those books (with indexing) actively, answering the question hastily is definitely not recommended. I won't recommend question **** at all as it won't help much.

Back to topic, I actually took 22 Days to complete my GCIH self study (started Dec) and I am currently studying my GCUX now (about 50% completion, started studying before GCIH exam) and planned for it for February or March.I spend most of my travelling time (including walking) and free time studying. I would like to have some opinions on the following.

G2700 - Is this certification really important and does it cover any CISSP topics? I notice some companies are looking for people with knowledge of 2700x series compliance. Is it a must for everyone in the industry to know this?
GSEC - I know this is an important certification, but it cover a wide range of topic, I wonder if it have any applicability in real life work environment?
GCFW - Has anyone taken this? Is this test hard to pass?

Find more posts tagged with

Comments

kiran_09

Hi,

Congrats for passing GCIH. Can i know what books/resources did you refer for GCIH exam.

Regards,
Kiran

LionelTeo

To add on to this List I will recommend
http://www.techexams.net/forums/sans-institute-giac-certifications/68043-post-your-sans-giac-study-material-recommendations-here.html

Netcat **** sheet
http://www.sans.org/security-resources/sec560/netcat_****_sheet_v1.pdf

Windows and Linux **** Sheet for SYSAdmin
http://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf
There is a linux one but I can't seems to find it at the moment

**** Sheet for Incident Handler
ISC Diary | 2 **** Sheets for Incident Handling

NMap Reference
Chapter 15. Nmap Reference Guide

Metaplsoit Unleashed Chapter 8 to 12
Metasploit Unleashed - Client Side Exploits

Other Topics
Loki and Convert Channels
Netstumbler vs Wellenreiter
AirCrack
War Dialer vs Demon Dialer
Different Type of Rookit and LRK

docrice

I think the GSEC has real-world applicability from a generalist's perspective. It does not drill deep into any specific area, but it certainly provides a strong foundation to dive into the next step (whatever path that may be) for any aspiring infosec professional. I think the material is good for people who do general IT work and not necessarily focused on security on a daily basis. At the very least, it would raise a lot of awareness of key topics which affect their environment's security stance.

The GCFW / SANS 502 is a good course. It's not as hard as perhaps 503 in my opinion. I'm a little biased because I already some firewall and VPN experience when I took 502 so a good portion of material wasn't new to me.

As for the G2700, I'd guess that unless you're directly going to be involved in compliance work, it's not going to be immediately beneficial. I personally have no plans to ever take that SANS MGT411 or pursue that particular GIAC cert.

veritas_libertas

Congratulations and welcome to TE!

Dakinggamer87

Congrats and welcome to TechExams!!

LionelTeo

Hey thanks for the advice and warmth coming. I am now doing lots of Unix Hardening practical (hopefully going UX next) and intended to go GPEN path after UX

Just a few more IH materials (not everything though)
dsniff
SSLStrip
Moxie Marlinspike >> software >> sslstrip

Also, some white paper does helps

SANS InfoSec Reading Room - Steganography

artiea

Congrats and thanks for the reference list.... good stuff.

pizzahut

I am planning to take GCIH exam this year.

Any update on the recommended study materials?

cyberguypr

Welcome. Are you challenging the test?

pizzahut

Yes. I am planning for self study and are having SANS year 2010 student manual but are worried that might be out-dated.

Any kind soul can share with me their latest study material?

docrice

You might not be aware of this, but official SANS courseware is non-transferrable and is only for the original student who took the class. Specifically, the SANS Courseware License Agreement states:

User may not copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the courseware in any medium whether printed, electronic or otherwise, without the express written consent of the SANS Institute. Without limiting the foregoing, user may not reproduce, distribute, re-publish, display, modify, or create derivative works based upon all or any portion of the courseware for purposes of teaching any computer or electronic security courses to any third party without the express written consent of the SANS Institute.

SANS courses also tend to get updated frequently and four-year old class material probably won't reflect the current exam questions very well.

pizzahut

Does registering for the exam entitle access to the courseware?

docrice

No. Registering for the exam gets you access to two practice tests (which resembles the real exam relatively closely in my experience) as well as the actual live exam. To get access to the courseware, you have to sign up for the respective SANS course, in this case SEC504.

pizzahut

Thanks for the info.