GSIF....necessary?

RomBUS

Hello All,

Never thought of going to this forum but decided to take a peek inside and I gotta say this certification set looks to be the most toughest and expensive I've seen so far(a grand for one exam??...not including a course) I took a look at the SANS GIAC website and all to get somewhat an idea of what you need to know and what can you learn from this...seems pretty interesting. I took a look at the roadmap and I saw the first introductory exam was the GSIF (GIAC Information Security Fundamentals) and out of curiosity was wondering would this be the first step for someone who would be interested in this kind of thing to take? Because from what I see here is that not a lot of people mention GSIF...its mostly GSEC (the intermediate level), is it even worth doing GSIF? The only guess I would make is that there isn't much of a difference between GSIF and GSEC so instead of spending $2000 you can kind of kill two birds here...or the GSIF exams is too easy for a test for that kind of money? Also, I notice there is no love for GCWN (GIAC Certified Windows Security Administrator) on the forum posts here? I'm asking because I am a Windows guy and always been interested in security, so I thought this would kind of go hand in hand....is this certification not worthy of mentioning?

docrice

I never really hear about the GISF, but I'd guess that for most people it's probably better to just go through Security+ and then tackle the GSEC. It depends on your existing experience and knowledge level.

The GCWN was just discussed recently here I think. I think it's a fine cert to have, but it's hardly recognized in the world of Microsoft products and related certifications.

JDMurray

Assuming the target customers for SANS training and GIAC certifications are businesses and not individuals, the GISF is something designed to give professionals with no security experience a baseline in Information Security. I see legal, law enforcement, financial, and insurance people being the prime candidates for this cert.

If you want a cheaper way to check if you like InfoSec, take docrice's advice and start with Security+.

docrice

Should've looked closer at RomBUS' cert list. He already has Sec+, in which case I'd recommend doing the GSEC instead.

JDMurray

If it must be a GIAC cert then yes, GSEC definitely. If GIAC isn't a must, the SSCP is a good alternate.

RomBUS

Thanks for the advice guys...dorice you have a decent amount of GIAC certs..did your company pay for that or you're just loaded? Dont mean to be nosey I just find it impressive. Also is it true that you can just take these exams at home? (without classes). I have not ever held a position in infosec but its always been something I kind of wanted to kickstart...just never given the opportunity or found a way to create it.

AlexNguyen

RomBUS wrote: »

Also is it true that you can just take these exams at home? (without classes).

Not at home, at a Pearson VUE testing center. You can challenge a GIAC cert without SANS training. It will cost you US$999. With SANS training, the exam will cost US$549.

docrice

RomBUS wrote: »

dorice you have a decent amount of GIAC certs..did your company pay for that or you're just loaded?

A former employer sponsored one. The others I funded on my own by unloading my bank account at great personal sacrifice.

ptilsen

I honestly can't see any sense in GISF. Any employer that will pay for GIAC might as well send you to GSEC. For non-professionals or more entry-level professionals, I don't see that GISF really holds any value over Security+. I realize GIAC's market is more for organization-sponsored certification, but I still see Security+ as a more logical starting point for the organization.

AlexNguyen

ptilsen wrote: »

I realize GIAC's market is more for organization-sponsored certification, but I still see Security+ as a more logical starting point for the organization.

CompTIA's certs are well known in the US. But in Canada (Quebec), I did not see any IT job postings asking for CompTIA's certs yet. For IT security, employers are asking for (ISC)2, ISACA, GIAC, EC-Council, DRI, or BCI certs.

ptilsen

AlexNguyen wrote: »

CompTIA's certs are well known in the US. But in Canada (Quebec), I did not see any IT job postings asking for CompTIA's certs yet. For IT security, employers are asking for (ISC)2, ISACA, GIAC, EC-Council, DRI, or BCI certs.

But is anyone, anywhere asking for GISF?

JDMurray

ptilsen wrote: »

But is anyone, anywhere asking for GISF?

Hmmm...there are currently 10 hits on dice.com.

ptilsen

Indeed, and all but two of them also list Security+. All of them are really looking for a higher level of certification. But, yes, to answer my own question, evidently there are at least ten job openings listing GISF.

However, given the 428 listing Security+ on Dice, I'm going back to my original point.

AlexNguyen

ptilsen wrote: »

...evidently there are at least ten job openings listing GISF.
However, given the 428 listing Security+ on Dice, I'm going back to my original point.

IMHO, why bother to get an "entry level" cert (GISF or Security+). You can read books and self-study. Then go for a higher level cert (GSEC).

ptilsen

AlexNguyen wrote: »

IMHO, why bother to get an "entry level" cert (GISF or Security+). You can read books and self-study. Then go for a higher level cert (GSEC).

GSEC is expensive and won't get you an entry-level job, necessarily. Not that Security+ is likely to, but at least it's cheap.

JDMurray

Someone with SANS 401 training and the GSEC cert would make a great entry-level candidate however unlikely an entry-level person would be to have those qualifications.

ipchain

GSEC is comparable to CISSP in terms of the vast amount of information that it covers. The GSEC would make a great entry-level candidate, but there are cheaper alternatives as others have already stated.

RomBUS

Do you guys know anyone that has paid for GSEC out of pocket? Instead of through the company? Is it wise to pay out of pocket? I am asking because I would think having GSEC would give anyone a boost going into the InfoSec field to get a little advantage to try to get their feet wet in there

laughing_man

Taking GSEC now on the company's dollar. A good cert, but I am not sure I would pay $4000+ of my own money to take it. If I had to pick a similar cert to do with my own cash, I would do SSCP or CEH.

reppgoa

GSEC is a solid cert. Its the first cert I have passed that I feel actually tested me.

RomBUS

laughing_man wrote: »

Taking GSEC now on the company's dollar. A good cert, but I am not sure I would pay $4000+ of my own money to take it. If I had to pick a similar cert to do with my own cash, I would do SSCP or CEH.

SSCP hmm....I should look into that. Thanks for the info, $4000+ is not the ideal range I want to spend on a cert.

RomBUS

How much are SSCP exam(s)?

Is there a track or one exam?