GPEN v ECSA (also anyone done SANS 561?)

scascscasc Member Posts: 461 ■■■■■■■□□□
Dear all,

Have the option of doing either of the above through my company. Please let me know your thoughts. Have heard ECSA is good as hands on test is required prior to sitting for the exam. how is the GPEN in comparison? Looking for something to develop my hands on skills in pen testing.

Also has anyone taken SANS 561 - as I have option of attending this too in order to develop hands on skills following on from either of the above 2 courses.

Thanks in advance.
AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...

Comments

  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    I don't know your location, but I suggest going to indeed or whatever job board is focused on your region and doing a search for both certifications and see what comes up. As far as what's better... I haven't taken ECSA, but my manager did that and LPT, let's just say he was less than impressed. EC council has a fairly poor reputation around here for their certifications, but I have heard that their training is decent, just garbage tests.

    GPEN was a lot more introductory than I had expected and I haven't taken 561, so maybe the hands on portion would be better training. I wasn't impressed with GPEN, and the open book test focused more on switches for tools than it should have. The good thing is that GPEN is regarded much higher and asked for a lot more. I don't know the cost of the ECSA, but the SANS courses aren't cheap, so if your employer is willing to pay for it take what you can get.

    If you're trying to get good hands on training, I'd say let the company pay for the expensive courses, then go on to PWK/OSCP. That will help develop those hands on skills more than most training. eLearnSecurity's PTS/PTP courses are good options as well.
  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for the response - much appreciated. I am based in London and have worked for the last 10 years in Cyber - mainly in risk/architecture space. An opening has potentially come up in my company's red team and have always wanted to explore this area in greater depth thus the question. I have the CISSP/CEH etc. so have been looking for a really hands on course to develop the skills required. Will check out OSCP/PTS etc. Would prefer attending a course but lets see. Ironically the red team look for someone with CEH/LPT, GPEN or OSCP.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.