New here and Just Passed my GCIH

LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
Hi All,

To start of, I would like to introduce myself that I am from Singapore, I only have 2 years work experience and have gotten my CEH 22 Nov last year and just passed my GCIH 16 Jan (on this monday), both by self study means. I have planned to go into GIAC certifications instead of a degree after reviewing my local degree courses and found them disappointed in the info sec sector.

Anyway, just sharing my GCIH experience for those who are interested. The actual test and the practice test questions are entirely different. But still for the test it is good to refer to those books (with indexing) actively, answering the question hastily is definitely not recommended. I won't recommend question **** at all as it won't help much.

Back to topic, I actually took 22 Days to complete my GCIH self study (started Dec) and I am currently studying my GCUX now (about 50% completion, started studying before GCIH exam) and planned for it for February or March.I spend most of my travelling time (including walking) and free time studying. I would like to have some opinions on the following.

G2700 - Is this certification really important and does it cover any CISSP topics? I notice some companies are looking for people with knowledge of 2700x series compliance. Is it a must for everyone in the industry to know this?
GSEC - I know this is an important certification, but it cover a wide range of topic, I wonder if it have any applicability in real life work environment?
GCFW - Has anyone taken this? Is this test hard to pass?


  • kiran_09kiran_09 Posts: 5Member ■□□□□□□□□□

    Congrats for passing GCIH. Can i know what books/resources did you refer for GCIH exam.

  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    To add on to this List I will recommend

    Netcat **** sheet****_sheet_v1.pdf

    Windows and Linux **** Sheet for SYSAdmin
    There is a linux one but I can't seems to find it at the moment

    **** Sheet for Incident Handler
    ISC Diary | 2 **** Sheets for Incident Handling

    NMap Reference
    Chapter 15. Nmap Reference Guide

    Metaplsoit Unleashed Chapter 8 to 12
    Metasploit Unleashed - Client Side Exploits

    Other Topics
    Loki and Convert Channels
    Netstumbler vs Wellenreiter
    War Dialer vs Demon Dialer
    Different Type of Rookit and LRK
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    I think the GSEC has real-world applicability from a generalist's perspective. It does not drill deep into any specific area, but it certainly provides a strong foundation to dive into the next step (whatever path that may be) for any aspiring infosec professional. I think the material is good for people who do general IT work and not necessarily focused on security on a daily basis. At the very least, it would raise a lot of awareness of key topics which affect their environment's security stance.

    The GCFW / SANS 502 is a good course. It's not as hard as perhaps 503 in my opinion. I'm a little biased because I already some firewall and VPN experience when I took 502 so a good portion of material wasn't new to me.

    As for the G2700, I'd guess that unless you're directly going to be involved in compliance work, it's not going to be immediately beneficial. I personally have no plans to ever take that SANS MGT411 or pursue that particular GIAC cert.
    Hopefully-useful stuff I've written:
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAPosts: 5,735Member ■■■■■■■■■■
    Congratulations and welcome to TE! :)
    Currently working on: Linux and Python
  • Dakinggamer87Dakinggamer87 Gaming Tech Expert Silicon Valley, CAPosts: 4,012Member ■■■■■■■■□□
    Congrats and welcome to TechExams!! :)
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63, GCP Architect
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    Hey thanks for the advice and warmth coming. I am now doing lots of Unix Hardening practical (hopefully going UX next) and intended to go GPEN path after UX :)

    Just a few more IH materials (not everything though)
    Moxie Marlinspike >> software >> sslstrip

    Also, some white paper does helps

    SANS InfoSec Reading Room - Steganography
  • artieaartiea Posts: 1Member ■□□□□□□□□□
    Congrats and thanks for the reference list.... good stuff.
  • pizzahutpizzahut Posts: 11Member ■□□□□□□□□□
    I am planning to take GCIH exam this year.

    Any update on the recommended study materials?
  • cyberguyprcyberguypr Senior Member Posts: 6,841Mod Mod
    Welcome. Are you challenging the test?
  • pizzahutpizzahut Posts: 11Member ■□□□□□□□□□
    Yes. I am planning for self study and are having SANS year 2010 student manual but are worried that might be out-dated.

    Any kind soul can share with me their latest study material?
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    You might not be aware of this, but official SANS courseware is non-transferrable and is only for the original student who took the class. Specifically, the SANS Courseware License Agreement states:
    User may not copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the courseware in any medium whether printed, electronic or otherwise, without the express written consent of the SANS Institute. Without limiting the foregoing, user may not reproduce, distribute, re-publish, display, modify, or create derivative works based upon all or any portion of the courseware for purposes of teaching any computer or electronic security courses to any third party without the express written consent of the SANS Institute.

    SANS courses also tend to get updated frequently and four-year old class material probably won't reflect the current exam questions very well.
    Hopefully-useful stuff I've written:
  • pizzahutpizzahut Posts: 11Member ■□□□□□□□□□
    Does registering for the exam entitle access to the courseware?
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    No. Registering for the exam gets you access to two practice tests (which resembles the real exam relatively closely in my experience) as well as the actual live exam. To get access to the courseware, you have to sign up for the respective SANS course, in this case SEC504.
    Hopefully-useful stuff I've written:
  • pizzahutpizzahut Posts: 11Member ■□□□□□□□□□
    Thanks for the info.
Sign In or Register to comment.