TomAtkinsTomAtkins Member Posts: 15 ■□□□□□□□□□
What is better the
SANS GIAC or the
Offensive Security OSCP:
Offensive Security Certified Professional

It looks like there is a lot of overlap within the two.


  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    The big difference will be that the OSCP will focus solely on how things are done in Backtrack. The GIAC cert will be more of a broad range of topics. Also there is a ton of different GIAC certs and you don't say which one you are thinking of taking. My guess is the GPEN. Either way there will be a difference as the OSCP will be hand on with Bactrack and GPEN will be what you make it to be with what you learn.
  • TomAtkinsTomAtkins Member Posts: 15 ■□□□□□□□□□
    Specifically I was looking at this one:
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    TomAtkins wrote: »
    Specifically I was looking at this one:
    GCIH is targeted at incident handlers. GIAC's pent testing eqivalent of OSCP is GPEN and GXPN. The GXPN is newerand considered for advaced pent testers. These cert are are meant for infrastructure pet testers. GIAC also has a cert for app pent testers called GWAPT which is focused on web apps.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    I was just reading some information on the GIAC GSE cert and one of the "myths of the GSE" is that the information in the GPEN cert is the same as the GCIH cert--it's not. As paul78 said, GCIH is for recognizing security incident and handling investigations and procedures, while GPEN is for setting up, conducting, and reporting on penetration testing operations. You can look at GPEN as being offensive and GCIH as being defensive.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    SANS' SEC-504 course / the GIAC GCIH certification focuses on general "hacker techniques and exploits" and their countermeasures as framed within the incident handling process (preparation, identification, containment, eradication, recovery, and lessons learned). It's good stuff and can open eyes for IT admins as to how intruders find paths into networks and pivot their attacks, but it won't cover the in-depth "how" from a pentesting viewpoint. That's where SEC-560 comes in which I think more directly competes with Offensive Security's PWB. Like probably most / all SANS training, the training is slide / lecture based with labs at key points. 504 has quite a few labs with different tools and they're all fun, plus on the last day (Day 6) there's a capture-the-flag involved to really bring everything together.

    Also note that GIAC tests are multiple choice (with the exception of the GSE hands-on exams) whereas OffSec's is completely practical in terms of actually "doing the work." SANS' training tends to hand-hold you while OffSec provides the warm and fuzzy comfort of telling you to go figure it out (with the occasion clue pointer). They used to even put their slogan "Try Harder" on their website's 404 messages, although not anymore, apparently. I like SANS courses a lot, but I think there's a certain added credibility when it comes to reproducing that real-world feeling since doing an actual pentest will no doubt involve on-the-spot-recon / research and creatively figuring things out as you go along.

    One day I hope to do PWB and go for the OSCP, and also do SEC-560 and go for the GPEN. Probably not until next year or after for me though. If you're comparing 560 and PWB, there's probably a good deal of overlap but based on what others have said, I think they'd probably end up complementing each other.
    Hopefully-useful stuff I've written:
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    docrice wrote: »
    whereas OffSec's is completely practical in terms of actually "doing the work."
    There is also a required written submission that that the candidates uses to document the results of exercises in the exam materials and reports on performing the practical exam.

    docrice, do you have any knowledge/opinions of SANS 501 for the GIAC GCED? I have some friends going to that training, and there's hardly anything about it on the Web other than It seems to have basic elements of both the GPEN and GCIH.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Oh yes, I forgot about the final report that an OffSec challenge exam requires. For the OSWP, the report is more of a "show us the steps / commands you used to accomplish your tasks" document. I understand the OSCP final submission is supposed to look like a report that a professional pentester would submit to a client.

    I don't know much about 501 / GCED either. After I completed 401, I read through the description on SANS' site but felt I wouldn't get a lot out of it compared to other 500-level courses. Not that I wouldn't learn anything, but I figured 501 would be another broad-coverage course that went somewhat beyond 401, but still in the "generalist" category.

    On GIAC's site, there are currently only 245 GCED holders recorded. That's a pretty low count compared to the other more popular GIAC certs:

    As of this writing, there are 12,127 GSECs, 6,590 GCIHs, 3,113 GCIAs, and 2,004 GPENs. I'd be very curious as to what your friends think of 501. Who knows, I may even take it one day if it seems worthwhile.
    Hopefully-useful stuff I've written:
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    It may be that the GCED cert is much newer than the GSEC, and that's why the large difference in the number of holders.

    I'll post about their experiences after they get back from the class next month. Six days in San Diego as seen from the inside of a hotel meeting room.
  • ipchainipchain Member Posts: 297
    I feel that you are comparing apples to oranges. SANS' 504 deals primarily with 'hacker techniques and exploits', although 20% of the course (day 1) deals with incident handling. OSCP deals with penetration testing techniques and the course is extremely hands-on, whereas SANS' courses focus heavily on theory.

    Out of all SANS' courses, GPEN is the only that is more closely aligned with the material covered by OSCP. A someone who has taken both, I can tell you that if you're big on theory, SANS is probably for you. If you are a hands-on type of person, OSCP will be the way to go. In retrospect, if I could turn back time, I would have probably saved the money I spent on my SANS training. I feel that Offensive-Security is cheaper and you definitely get the most bang for your buck.

    Do not let my comments hinder you from taking a SANS course, though. I just felt the need to voice my opinion in hopes of saving someone a buck or two.
    Every day hurts, the last one kills.
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Hi guys,

    Just wanted to say that your comments in threads like this are extremely valuable, as often there is little information on the Net beyond the official docs. It's great to have "GIAC SMEs" like docrise and ipchain (and the ever-so-helpful JDMurray, of course) on the board with us. Recently I have been looking for personal reviews of SANS courses and it all comes down to the few threads on TE and EH. So guys, please continue sharing your thoughts and experiences - as JDMurray mentioned in another thread, these comments are read by thousands of people and do make difference.

    So thank you!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    - discounted vouchers for certs
Sign In or Register to comment.