GSEC or GCED?

5ekurity

Hi all; frequent guest of the forum turned member

Since many of you have had the opportunity to take the SANS training, I was hoping to get some opinions on diving into the GSEC or GCED first.

I feel pretty comfortable with most of the GSEC topics with the exception of some Linux discussions. But I also don't want to miss something in another domain that I might not know enough about, which the GSEC might cover at a basic level and the GCED would be incomprehensible.

Since open source tools can play such a major part of the Security world, and to ensure I'm well rounded, I'm inclined to feel like it would be worth going through the GSEC experience (you're only as strong as your weakest link) even though some of it may be review. Also, I'd be taking either one through OnDemand to help save on costs.

What have some of your experiences been?

docrice

Unfortunately, I think you'll hear much, much more about GSEC than GCED. I understand where you're coming from though as you might feel that you already know the bulk of what SANS 401 covers and perhaps going up to the 500-level courses might provide a better bang for the buck. I have not gone through 501 yet (although maybe slightly entertaining the idea in the future) but I don't hear much about it nor know anyone who has taken it.

I was in your position maybe four years ago but I took 401 anyway. It helped reinforce and validate my existing knowledge and approach but also helped fill in a lot of gaps for me. It was a relatively good brain stretch. A former employer paid for the OnDemand costs on that one so it worked out for me, but in hindsight I somewhat feel I could've also spent money better elsewhere. I don't regret taking 401 though as it solidified my foundations.

5ekurity

Thanks doc, that's kind of what I had thought as well. I think a lot of the material in the GCED looks very interesting, but I don't see a lot of employers saying that it's sought after nor do I know anyone personally who has taken it either. I'm trying to plan out my training for this year, and as I don't know what the budget numbers look like and not wanting to waste my employer's money or my time, I'm trying to get the best bang for the buck if you will.

As a side note, any comments on the GSNA? While I understand it's an audit course, I need to wear multiple hats at my job (security governance, risk management, audit, security assessments (mainly web / web application), incident response, etc) and felt it may help me see things from a different perspective, and interact more efficiently with our operational engineers / architects.

docrice

If you're in an infosec generalist role, it's rather tricky prioritizing your training resources because just about anything could be relevant in varying degrees. I personally have a bit more interest in SANS AUD-507 than SEC-501, but in your case it depends on where your strengths and weaknesses lie as well as your personal interests. I have a co-worker who I understand has the GSNA but I haven't heard any feedback specifically about it.

I'm in a semi-generalist role as well and I think it's good to see things from an auditing point of view because a lot of security is driven by compliance. When you're in the trenches doing the grunt work, it's easy to miss a minor detail here and there which eventually adds up and becomes a cumulative red flag in the annual audit.

You can also email the course authors directly and they might give you some insight based on what you tell them your training needs are.