Which Live Class/Event would be most valuable.

pleiadenpleiaden Member Posts: 18 ■■■□□□□□□□
I am currently working on my GIAC GSE, and I have a chance of attending a SANS live event.
I was wondering if anyone has any feedback, or which one would be most valuable. Meaning: if I mostly use self-study, which event would be most valuable.

I am debating between the following two: GCIH or GCIA.


  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Hmm, that's a tough one if your goal is the GSE. The GCIH has a pretty broad coverage of things, but you can start with Counter Hack Reloaded. The GCIA is a lot more narrowly-focused, but for a good reason. It's considered one of the tougher GIAC certs to attain. Really depends on your experience and comfort level of these two subjects.

    I'm a little confused - you're potentially attending an event, but going the self-study route? Are you attending a live conference for a GSE attempt (in which case I'm assuming you've already done the GSE written)? But that would mean you've already met the pre-GSE cert requirements.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • pleiadenpleiaden Member Posts: 18 ■■■□□□□□□□
    Sorry for the confusion.
    One of my goals for this year is to get my GSE, and my company is willing to pay for a course at the Rocky Mountain SANS event next week.
    I have the Counter Hack Reloaded book as part of my preparation for GCIH.
    So what I was really wondering is, based on my goal, what class would I benefit from most.
    In the past, I have done all my certs through self-study, but if my company is willing to pay for one and I would like to take advantage from the opportunity.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think my answer would still be the same: it depends. The GSE requires the knowledge in both the 503 and 504 courses (as well as what's covered in 401). If you already have experiencing doing network intrusion detection and packet / traffic analysis or working with Snort a lot, go for 504. If you've already done your share of incident response and your networking kung-fu is weak, 503 may be a better choice.

    You'll also need to pass the GSEC (or substitute it with both a GCWN and GCUX) to qualify for the GSE written exam.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.