Options

Incident Responder learning/cert path

I was just wondering what everyone's thoughts on learning/certs for progressing through the Incident Responder niche would be... I'll be starting a new job next month as an IR Analyst and would like to get a head start.

I'm currently studying for the CCNA (it's been a goal of mine for the last 15-years... long story), which I plan to take in May or June. I'm also reviewing some material for the 74-409: Server Virtualization w/ HyperV exam (free voucher in the Virtualization sub-forum!) for S&Gs. Anyone else have any recommendations for other books to read or certs to pursue?
Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,050 Admin
    The only two IR certs that pop to my mind are GIAC GCIH and ECC ECIH. The GCIH is widely recognized and is worth getting by any technical InfoSec personnel. The only thing I've heard about the ECIH is on this thread.
  • Options
    veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    I'm currently studying for the GCIH. I don't if work will pay for it in your case, but I found the training beneficial.
  • Options
    5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    Are you planning on doing any digital forensics as part of your IR work?
  • Options
    dmoore44dmoore44 Member Posts: 646
    I knew about the GCIH and was planning on going after it later this year, or next year... I've never heard of the ECIH... but I'm not entirely sure I want another EC-Council cert...

    I've got a copy of Counter-Hack: Reloded by Ed Skoudis, who I understand to be the SEC504 course author, so I'll have to re-read it. Any additional reading material that might be useful?
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • Options
    rob1234rob1234 Banned Posts: 151
    Take a look at this one: CERT-Certified Computer Security Incident Handler (CSIH). not done it before but thought I would throw it out there
  • Options
    akazeroakazero Member Posts: 13 ■□□□□□□□□□
    SANS GCFA (FOR50icon_cool.gif is designed for IR. It goes over evidence collection, live response, disk/memory forensics.
Sign In or Register to comment.