Incident Responder learning/cert path

I was just wondering what everyone's thoughts on learning/certs for progressing through the Incident Responder niche would be... I'll be starting a new job next month as an IR Analyst and would like to get a head start.

I'm currently studying for the CCNA (it's been a goal of mine for the last 15-years... long story), which I plan to take in May or June. I'm also reviewing some material for the 74-409: Server Virtualization w/ HyperV exam (free voucher in the Virtualization sub-forum!) for S&Gs. Anyone else have any recommendations for other books to read or certs to pursue?

Find more posts tagged with

Comments

JDMurray

The only two IR certs that pop to my mind are GIAC GCIH and ECC ECIH. The GCIH is widely recognized and is worth getting by any technical InfoSec personnel. The only thing I've heard about the ECIH is on this thread.

veritas_libertas

I'm currently studying for the GCIH. I don't if work will pay for it in your case, but I found the training beneficial.

5ekurity

Are you planning on doing any digital forensics as part of your IR work?

dmoore44

I knew about the GCIH and was planning on going after it later this year, or next year... I've never heard of the ECIH... but I'm not entirely sure I want another EC-Council cert...

I've got a copy of Counter-Hack: Reloded by Ed Skoudis, who I understand to be the SEC504 course author, so I'll have to re-read it. Any additional reading material that might be useful?

rob1234

Take a look at this one: CERT-Certified Computer Security Incident Handler (CSIH). not done it before but thought I would throw it out there

akazero

SANS GCFA (FOR50

is designed for IR. It goes over evidence collection, live response, disk/memory forensics.