GCIA or CISA/GSNA training?
GarudaMin
Member Posts: 204
I am torn between GCIA and GSNA training. On one hand, I'd like to do GCIA for its technical aspect and going down into 'bits to bytes to packets to flow of traffic'. On one hand, I figure GSNA would be better suited if I were to move into management (probably won't be doing GCIA level stuffs in management position). And I like to move into management/oversight role for InfoSec if given the opportunity.
What value would I get out more from GSNA training? I mean I can challenge CISA without going to training. Granted, training will teach me more stuffs but how much of a difference in CISA and GSNA credential in terms of value? If it's not much, then I was thinking, maybe, I go for GCIA training then do CISA by self for credential. Or should I just skip GCIA and do GSNA training, as well as challenge CISA since my end-goal would be oversight/management position?
On the side note, GSNA is more practical in my current position and future position.
I appreciate your thoughts/inputs.
Thanks.
What value would I get out more from GSNA training? I mean I can challenge CISA without going to training. Granted, training will teach me more stuffs but how much of a difference in CISA and GSNA credential in terms of value? If it's not much, then I was thinking, maybe, I go for GCIA training then do CISA by self for credential. Or should I just skip GCIA and do GSNA training, as well as challenge CISA since my end-goal would be oversight/management position?
On the side note, GSNA is more practical in my current position and future position.
I appreciate your thoughts/inputs.
Thanks.
Comments
-
LionelTeo Member Posts: 526 ■■■■■■■□□□I don't have GSNA yet so I cannot comment, but GIAC is always focus more on hands on, this applies even for the GSLC course the Security Managers need to know several hands on stuff as well. I believe the same goes for GSNA that you will learn quite a fair share of hands on in technical auditing. CISA on the other hand will focus more on the management aspect and compliance in auditing, so in a way both would compliment each other.
I personally go for passion and stuff I want to learn, GCIA is a very sort of high level technical work use in SOC Forensic Environment, pentest also had a small used of it. I agree that GCIA don't get you much areas when you eventually move on to management.
As such, in this kind of delima, we talk about ROI, what's your expecting returns in regards to both course? If your expecting knowledge and passion, then GCIA would give your preferred ROI in this aspect; if your expecting job promotions, doing a better job, then GSNA will give you your preferred ROI in this aspect.
In regards to binary and hex analysis, there is a book call Internet Core Protocol. I would recommend you to pick it up and read. -
GarudaMin Member Posts: 204Thanks for the input. I will definitely check out the book. I will go with GCIA so I can challenge GSE at one point. I will pick up CISA for ROI.
-
LionelTeo Member Posts: 526 ■■■■■■■□□□If you want to challenge GSE, having GCIA as the first step is the best choice, because at some point you will have to pick up serious penetration testing; having GCIA skills while studying for penetration testing in the future is a bonus, as you can write tcpdump and wireshark filter as you are doing penetration testing at the same time, thus improving your packet analysis while learning penetration testing at the same time.
Since GSE is consist of packet analysis, incident handling, penetration testing and some system administration. My suggested study outline would encourage you to go for OSCP at some point of time, it could help to train your body for the 24hours practical and give you a good experience for penetration testing; packet analysis can be learnt by downloading lots of packet **** and analyse them while incident handling can be compliment by downloading lots of infected VMs environment and rebuild them.
Do visit the GIAC section at this forum if you need more information. -
GarudaMin Member Posts: 204Thanks. I have done OSCP (way back when it came out and was called offensive security 101. I should redo the one with Kali now since I am entitled for a discount as alumni ), CEH, CHFI, know and use forensic tools such as FTK, worked as system/network/VoIP admin, had Cisco network/storage/SIP/VoIP certs (I didn't renew network/storage/VoIP certs though as I don't work in those roles anymore but some knowledge is still there). GCIA should be a good addition.
-
LionelTeo Member Posts: 526 ■■■■■■■□□□Sounds like your doing really well, the next thing you will need to challenge the GSE its grab its pre-requsites. If you can try to get your company to send you for the respective training; If you can't and couldn't afford the 4k+ course, I think you should know you can apply for GIAC work study, if you need a list of buyable public books from amazon to challenge the GIAC Course (GSEC, GCIA, GCIH), I roughly know what books to get, I am constantly buying respective book to prepare for my GSE as well, if you need the list just drop me and pm or reply here, its rather huge, about 9 books to cover for GCIH, GCIA and GSEC. I also had books for GWAPT and GXPN as well, I am currently preparing to challenge them this year, I can provide you the list if you are interested as well
-
LionelTeo Member Posts: 526 ■■■■■■■□□□I had recently taken sometime to resort them. Taking the useful one out of the not so useful one.
The list as follow
GSEC - Requires (Compliance Knowledge Similar to CISSP, Basic Packet Analysis, Windows Hardening Essentials, Linux Hardening Essentials)
Network Security Bible - Written by Eric Cole, the sans instructor for GSEC. This book is a must grab to use with the GSEC course. It has almost everything you required for the certification
Microsoft Windows Server Administration Essentials - Server Administration is a big module for GSEC. This essentials covers active directory to basic latest windows server administration. Security is part of the book hence that is why its being selected
Linux Administration (A Beginner Guide) Sixth Edition - Read through and index this book well, you do not have to memorize everything from this book, but its necessary to equip with the latest up to date Linux Administration Skill for the GSEC exam.
GCIA - Requires (Tcpdump, Wireshark, Snort, Latest NSM)
Network Intrusion Detection - Written by Stephen Northcutt from GIAC. Although an old book, this book covers the necessary intrusion analyst skill you required. Mainly TCPDump and analysis some of the older and common traffic, including ICMP, fragmentation and scanning; most of this which had not changed much over the years.
Practical Packet Analysis - Written by Chris Sander, GCIA Certified. Everything you need to know about analyzing with Wireshark in this book. This book covers the wireshark knowledge requires for the exam.
Snort Manual - Snort is a big part of the exam, snort manual is good enough to teach you everything you need to know about the exam in regards to snort.
The Practice of Networking Security Monitoring - Written by Richard Betjlich, who has read every stephen northcutt books on intrusion analysis. Richard covers everything you need to know on NSM on this book, NSM is a ever changing environment; thus this book need to review every 2-3 years to see if it is applicable for the exam.
GCIH Requires (Every Hacker Technique Covers, Incident Handling, Law)
Counter Hack Reloaded - Written by Ed Skoudis, author of GCIH. Although an old book, the common attacks mention is this books are still applicable
Incident Response, Computer & Forensic - Although not affiliate with GIAC in anyway, the authors from this books are from Madiant. Great steps on incident response including covering all detailed incident handling steps that you required
GWAPT
Web Application Hacker Handbook - this book is so huge that is covers practical every web attacks out there.
SQL Injection and Counter Measure - I did not had this book yet, but had read a review of someone challenging GWAPT with this book WAHH
Violent Python - Written by a GSE, OCSE. This book is a highly recommended. Python is a necessary knowledge for GWAPT.
GXPN Requires (Scapy, Python, Immunity Debugger, GDB, Shellcodes, Assembly, Encryption)
Violent Python - This books covers python with scapy
Hacking, The Art of Explotation - This book covers the heavy use of assembly, shellcode and GDB.
Shellcoders Handbook - once again covers Shellcode, Debugger, Assembly.
The Hackers Playbook - This book is written by someone who holds a GXPN cert, but flipping through, I did not saw any mention of the shellcodes and related topics. I will review this book after taking my GXPN. -
GarudaMin Member Posts: 204It kinda make me think - when will I be able to stop with studying? I am not getting any younger and it feels like my whole life is nothing but studying, lol. Well, got to do what one's got to do.
I don't really need to worry about GSEC or GCIH (I should be able to challenge them right off), but I shall read the books anyway.
Thanks for the list. -
LionelTeo Member Posts: 526 ■■■■■■■□□□Hehehe, I think its good for a flip through, the GSE pract lab should be open book. So I guess it will come in handy. I just came across this." Network Forensics: Tracking Hackers through Cyberspace", its written by two SANS instructor. I guess its on my to buy list now. Well, I had the same question too. My aim is every single GIAC certs and all the offsec certs. I guess being too ambitious is my weakness, I had to admit it. Sometimes I rather I stopped. Now i need to play games to keep me sane, the amount of books I had read and planned to read just goes a long way. But I am young so I got the years ahead. About 27, so I should study more before I reach to the point I can't. I guess. Off to game now. Good luck for GSE, if you passed before me do write in the GIAC section on your exam experience eh? :P