Incident Responder learning/cert path

dmoore44 · February 2014

I was just wondering what everyone's thoughts on learning/certs for progressing through the Incident Responder niche would be... I'll be starting a new job next month as an IR Analyst and would like to get a head start.

I'm currently studying for the CCNA (it's been a goal of mine for the last 15-years... long story), which I plan to take in May or June. I'm also reviewing some material for the 74-409: Server Virtualization w/ HyperV exam (free voucher in the Virtualization sub-forum!) for S&Gs. Anyone else have any recommendations for other books to read or certs to pursue?

JDMurray · February 2014

The only two IR certs that pop to my mind are GIAC GCIH and ECC ECIH. The GCIH is widely recognized and is worth getting by any technical InfoSec personnel. The only thing I've heard about the ECIH is on this thread.

veritas_libertas · February 2014

I'm currently studying for the GCIH. I don't if work will pay for it in your case, but I found the training beneficial.

5ekurity · February 2014

Are you planning on doing any digital forensics as part of your IR work?

dmoore44 · February 2014

I knew about the GCIH and was planning on going after it later this year, or next year... I've never heard of the ECIH... but I'm not entirely sure I want another EC-Council cert...

I've got a copy of Counter-Hack: Reloded by Ed Skoudis, who I understand to be the SEC504 course author, so I'll have to re-read it. Any additional reading material that might be useful?

rob1234 · February 2014

Take a look at this one: CERT-Certified Computer Security Incident Handler (CSIH). not done it before but thought I would throw it out there

akazero · February 2014

SANS GCFA (FOR50

is designed for IR. It goes over evidence collection, live response, disk/memory forensics.

Incident Responder learning/cert path

Comments