SANS certification recommendation

rfernandesrfernandes Posts: 4Registered Users ■□□□□□□□□□
Hello All,

My company has allowed me to get any SANS certification, the question is I'm not quite sure which one to chose and looking for some sort of advise from you please.
I have CCNA R&S / CCNA Security / CCNA Cyber OPS / SonicWall CCSA and CCSP / Palo Alto ACE / CheckPoint CCSA / ISC2 SSCP (Currently also studying for CISSP).

Do you have any recommendations for me please? I was thinking about GCIH (not sure if this is basic and worth investing at this point), GPEN and GNFA, but I'm also open to any other certs from SANS.

Thank you in advance.


  • Danielm7Danielm7 Posts: 2,255Member ■■■■■■■■□□
    What do you do? What do you want to do?
  • cyberguyprcyberguypr Senior Member Posts: 6,806Mod Mod
    What is your role and what do you do on a daily basis? That will help frame the recommendation.

    Edit: Daniel beat me
  • AtlasSolutionsPlusAtlasSolutionsPlus Posts: 9Member ■■□□□□□□□□
    What is your goal at your company? What are you looking to bring to the table 1-5 years down the road? Maybe that will help you decide... good luck!
  • SteveLavoieSteveLavoie Posts: 647Member ■■■■□□□□□□
    To complement other.. once you know what you want to go... use the SANS Cyber-Security Roadmap to determine the best course/certification
  • rfernandesrfernandes Posts: 4Registered Users ■□□□□□□□□□
    I'm an IT security Engineer, with system and network background, 10+ years of experience with about 4.5 are security related.
    Currently working in a bank and providing consultancy to projects in the network security area like Firewalls, NAC, NIPS, Netscalers.
    Other task I have are:

    ● Log analysis and security investigations of possible threats to internal and public systems.
    ● Administration of Endpoint Anti Virus and Data Loss Prevention Software.
    ● Risk Management: Support the on-going management of risk from a Cyber Security perspective – in line with regulatory guidelines and Internal/External frameworks.
    ● Internet and Email Gateway Management : Ensure that the banks internet and email channels are appropriately protected from malicious attacks.
    ● Disaster Recovery : Ensure adequate Disaster Recovery facilities are deployed to ensure continuity of operations for the IT Security environment and maintain up to date recovery plans.
    ● Security Certificates – monitor and support the currency of the banks Security Certificate estate and ensure all Certificates are up to date and current.
    ● Patch Management: Ongoing review of patch status – both internally and with Third Party Service Providers.
  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,015Mod Mod
    Hard to say what would best suit you

    What would you like to get into?

    GMON is great, but so is GCIA and GCFA
    Goal: MBA, August 2020
  • ansionnachclisteansionnachcliste Posts: 70Member ■■■□□□□□□□
    Get the CISSP then reward yourself with a SANS course.

    You might find an area in the CISSP studies that you want to expand on to get into the lower levels of knowledge.
  • rfernandesrfernandes Posts: 4Registered Users ■□□□□□□□□□
    In the long run, I want to get into Security Architecture or Security Management. As a plan I'm preparing for CISSP now and I have access to the eJPT elite course to get some knowledge in pentest.

    I'm know is quite difficult for you guys to tell me do this specific training as this could be the best for you, I totally understand.

    My first thought was to give a try to GCIH, as this is the certification with the most job offers where I'm based right now (Europe). Although, as I have CCNA cyber Ops and SSCP, I'm afraid that there could be a bit of overlapping. Do you guys think GCIH is worth it for my experience?

    Also, as my background in the last few years is with firewalls and network security, I thought that maybe GCIA could be helpful, but I think this is more related to IDS systems which I don't support (to note that I support IPS systems instead).

    GNFA seems to be a really nice course as this is network security related, but there aren't many job offers in Europe unfortunately.

    GPEN is also an option, but I don't have a lot of experience with Pentest and not sure if I want to work just as a pen tester in the future.
  • E Double UE Double U Posts: 1,550Member ■■■■■■■■□□
    Based on your duties described above, I can't say that I know of any SANS training that would really be good for you. So I recommend that you go to the SANS website to read through their offerings and select whatever you find interesting.
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • rfernandesrfernandes Posts: 4Registered Users ■□□□□□□□□□
    What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?[FONT=&quot] [/FONT]
  • yoba222yoba222 Posts: 1,003Member ■■■■■■□□□□
    The GCIA.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP | CISSP
  • krucial85krucial85 CISSP, CISA, CEH, GCIA, GCIH, GCWN, GSEC, GSNA, CCNA CyberOPS, SSCP, SEC+, ITILV3 Austin, TexasPosts: 83Member ■■■□□□□□□□
    From what you have and what you've stated I would recommend the GCIH. I believe your background lends itself to several of the SANS certifications, but being that I've recently completed several of them, I would recommend the GCIH because I believe you might improve the path to management with a handle on incident handling.
    "The way to succeed is never quit. That's it. But be really humble about it."
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 349Member ■■■■■□□□□□
    rfernandes wrote: »
    What you guys think of Certified enterprise defender - SEC501: Advanced Security Essentials - Enterprise Defender?

    From reading the description to SEC501, I always felt like this was a sort of broad stroke across many different topics at an analyst level. Seems ok.

    From what you've posted, I'm not sure what you want to get into. Sounds like you are looking for whatever will open up job opportunities. To be honest, many places likely just want any GIAC cert, but will probably react most favorably to CISSP. I'd focus on that.

    For SANS, though, I'd first ask if you wanted to get more in depth in defense or if you want to learn more about offense? Sounds like your background is heavy in defense, but do you feel comfortable in offense? If yes to offense, and you're feeling a bit new, GCIH is a great start.

    Beyond that, whatever strikes your fancy and you learn something from. Challenge yourself! :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
Sign In or Register to comment.