Path after GSEC SEC-401

I have posted a couple of times here on TE. I am currently wrapping up my studying for GSEC. My end date for my exam period is May 23rd, though I hope to sit for the exam before that.

GSEC is my first cert attempt, mainly because my employer is requiring it. I am a junior security analyst, pretty much bottom of the barrel for security where I work. Before this I had general Desktop Support experience for about 5 years. I looked at jumping right into security as a real break for me, and so far I am loving it. My department basically took me on to groom me for log management and incident handling. Right now I am mainly a "log dog", but it is good experience. I am required to attain GSEC before my two year anniversary (this October).

Anyway, I initially felt a little overwhelmed at first by all the material, especially for someone as green as me. I honestly wish I had done Security+ before tackling GSEC. My company really puts a lot of stock in SANS, but I still wish I had done Sec+ just for my own sake.

So after I finish GSEC, I am thinking of doing either GCIH (for obvious reasons), SSCP or CEH. My company also requires me to attain CISSP in order to break into a Senior level analyst position. I won't be eligible for CISSP for at least another 3-5 years anyway, so I am not in a hot rush, especially given everything I else I need to learn.

So given my requirements for advancement, does doing GCIH next or CEH/SSCP make sense? I have seen keatron's recommendations, and with an eventual goal of doing CISSP, would SSCP or CEH be better? I feel like there would be a lot of overlap between SSCP/GSEC.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

JDMurray

Have you taken the SANS security assessment exam at the SANS Web site? It's to give people an idea of where they stand the course material.

Where are you talking SANS 401? I'll be in the 401 class down in San Diego next month. I'll find out how close the GSEC material is to the SSCP. I'm betting that GSEC is broader more technically difficult.

laughing_man

I took the class a few months back and did OnDemand as well. I am just hammering the books, polishing my index and refining my notes. I also have my two practice exams yet to do, though I have been doing practice tests for CEH and SSCP as there is some overlap; figure it can't hurt.

Oh and I did take the assessment, but about a year ago and I can't retake it. I would like to see how I do now.

JDMurray, why are you taking 401? You have CISSP, SSCP and all that?! GSEC will be a cake walk for you!

JDMurray

laughing_man wrote: »

JDMurray, why are you taking 401? You have CISSP, SSCP and all that?! GSEC will be a cake walk for you!

There is actually lot of information covered in SANS 401 (GIAC GSEC) that not covered in detail (or not at all) by the CISSP and SSCP CBKs, such as the internal details of the TCP protocols, incident handling, IDP/IPS, and Windows and Linux security. I'm expecting to learn quite a bit. The 10-hour/day over six days course should be a brain-melter too. SANS 401 is a great first SANS course, and I'd really like to knock off the GSEC before going on to GCIH and GCIA too.

laughing_man

True, the first day of 401 is pretty much all protocol analysis. Mainly IP and TCP. That stuff isn't too bad. When you have done it a few times by hand, it actually makes a lot of sense. The Windows Security portion was the most mind numbing, as Windows tends to be. Linux security is a breath of fresh air if just for the consistency and orderliness of it all.

Still, I would think you will find most of the material pretty basic. But I hope you get something new and interesting out of it.