Which GIAC certification?
I know I'd like to attempt a GIAC exam sometime this year, but I keep hopping around between which one I'd like to scoop up. At first, I was thinking I'd just go with a GSEC, but I really don't know if a foundations security cert would be of any value, as I have already passed the SSCP, Security+, and CCNA: Sec.
I really would like to find a more medium-level cert that can get me in the direction of red team or blue team. I was thinking that either the GPEN or GCED could be interesting, but it seems that neither have much weight in job postings. GCIA or GCIH could also be beneficial, but I don't know if either of those would be the right choice. I'd really like to start looking to relocate for a fed position starting in Spring 2015 following graduation and a CISSP associate status.
From any of you that have taken these exams, which would you recommend? I'm thinking either GCIA or GCIH for the popularity alone.
I really would like to find a more medium-level cert that can get me in the direction of red team or blue team. I was thinking that either the GPEN or GCED could be interesting, but it seems that neither have much weight in job postings. GCIA or GCIH could also be beneficial, but I don't know if either of those would be the right choice. I'd really like to start looking to relocate for a fed position starting in Spring 2015 following graduation and a CISSP associate status.
From any of you that have taken these exams, which would you recommend? I'm thinking either GCIA or GCIH for the popularity alone.
Comments
I think red team is really where I'd like to be, but my skill set would be easier to sell on a blue team, as currently my primary focus is security development.
Also, it's probably important to note that I won't be able to attend any official training. Any test I take will have to be prepared for using self-study methods.
These two are very different with 503 concentrating on packet dissection, protocol behavior awareness, pattern detection, evasion/insertion tricks, and tactics and other logistics related to intrusion detection and finding anomalies. 504 covers the process of incident preparation, methods of identification, containment, eradication, going through recovery steps, and doing a lessons-learned post-mortem. On top of that, it spends a good majority of time looking at the other side of the equation by examining the attack vectors and how it relates to the blue-team incident handling process.
Are you merely looking to add the certifications to your resume? I think most employers will value the credentials more if you've obtained the training behind it (or at least have proficient hands-on experience in the subjects). SANS course materials tend to be solid, structured packages in themselves and while the knowledge isn't proprietary, it's difficult to find non-SANS material that covers the same thing in one or two books.
There's a sticky at the top of the forum that lists some recommended non-SANS reading resources that you can check out which will cover a good amount of the same topics, but it'll be spread out over many books. There are some GIAC certs which can probably be obtained by reading a somewhat-equivalent book (like Hacking Exposed: Wireless Second Edition is good for GAWN). Others might not be as straightforward.
Although I do have some valuable security experience, it's not much that could contribute to my next role. I believe I have a very good foundation on which to build, but lack the specialized knowledge required for red team or blue team work. This is why I thought that self-study that aligns with either of these (GCIA, GCIH) courses would be a good direction to head.
Having reviewed the non-SANS reading material, I think I may head towards the GCIA. Not having direct course-taught experience, it'll probably require more of a firm grasp on the subject matter, but that's something I'm willing to commit to.
http://pen-testing.sans.org/holiday-challenge/2013
Depending on your networking background, there may be a bit of a learning curve. I'm not sure if I would've tackled some of this on my own without the SANS course, but certainly not an impossible thing for you to do.
Follow the syllabus and you should have a good idea. I think the course got updated recently so I don't know what's new.
This is also open book as well, right? How many books/notes did you take with you to the exam?
Electronic devices (laptops, PDAs, thumb drives, software applications, phones, calculators, cameras, etc.) are strictly forbidden. You will be provided with an onscreen calculator, should you need one during the test. Candidates are not able to access anything stored electronically during the exam (.pdf or Word documents, Internet websites, etc.). The testing process only allows one connection out to the GIAC Exam Engine. It will not allow connections to private web pages, so any material posted to private web pages is not accessible during GIAC exams. We recommend that you print any study guide materials and bring them as hard, paper copies.
I would not consider the CCNA an adequate prep for the GCIA at all. The CCNA course materials I've reviewed hardly get into the subject of TCP/IP at any real depth. I recommend the Wireshark Network Analysis and Nmap books as much better reference sources to study from.