Doing GCIH exam without official training

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
My day job is incident response and digital forensics.

I have an OSCP certification and I hope to have CISSP in about 2 months.

My employer won't pay for GCIH but I want to do it so I can move on and have another certification.

I'm guessing you can sit the exam without any training? People here mention tests they're doing but I can't see any that are available. Any suggestions as I'm not sure how much I need to study.
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2021: CCSP
2022: OSWE (hopefully)

Comments

  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Cyber, I already have my CISSP and I don't know if with your OSCP and CISSP (tbd) that GCIH will be the best value to you. You may want to look into one of the forensics classes.
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    GCIH depends heavily on the tools mentioned in the book, half of which you may know from your job and OSCP but probably not all. With Techniques things can get tricky too especially how to counter them from IR stand point. But you can handle that with DFIR common sense i guess.

    Point is, SEC504 true value is in the training.. I highly recommend going first.. it's an experience that really worth it. If you can't afford it, apply for work study program, it's almost the same price as exam challenge anyway.
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    Side advise,

    I'm not sure about your background, but you may want to focus on one track instead of jumping around with heavy certs (OSCP and CISSP while your job is DFIR).

    Stick to a path, Excel at it, then move on ;)
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I agree with both of al88's posts. Although it is possible to pass the GCIH exam without the training it's not really worth it. The real value is in the actual training. While I understand the importance of knowing both red team and blue team I think there is more value to master one or the other initially.
  • j1mggj1mgg Member Posts: 45 ■■□□□□□□□□
    Don't bother with Excel.

    I think with your experience in IR and digital forensics, then the GCIH may not be worth the money as it is not an "advanced" course according to SANS, and you will already have a lot of the knowledge, picerl, 5 stages, netcat, wmic, enum, but there will also be specific things that you might not that are only mentioned in the book, ptunnel, coverttcp, and other stuff that make up a few marks here and there.

    When buying the exam, you get 2 mock tests and 4 months to pass. It may be possible to sit one and find out where you are, then revise, sit the other, but the books are where it is at.

    If I were you, I and set on doing a sans cert, then pay the cash for the course, but get an advanced cert.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I did it this way. I could do the GPEN as well but I probably won't. SANS certs are the only ones where the training is about equal in value to the cert. By self-studying for the GCIH I short-changed myself. You really need to get copies of the textbooks to pull this off, which are deliberately not for public sale.

    Which reminds me I should think about getting on one of those proctor programs so I could get both the training and the cert for the price of the cert.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • jjwolfejjwolfe Member Posts: 19 ■■□□□□□□□□
    Piggybacking on this one... I am grabbing Mile2's C)IHE which mirrors GIAC GCIH. Where can I find a cheap or free text to study from? I'm pursuing a CISSP and other certs so this one is a "stat padder" for me...
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Thanks everyone for the advice.

    To answer this comment:
    al88 wrote: »
    focus on one track instead of jumping around with heavy certs (OSCP and CISSP while your job is DFIR).




    I don't really agree with this in the current context. Although I am DFIR now, I am looking to move on to either general Cyber Security Management, consultant and maybe Incident Response. I have a few different options, and I just want a good blend.

    I think OSCP and CISSP are two certifications that can benefit so many people in IT. You don't have to become or be a pen tester to get an OSCP... it can help with security advising, with networking, with threat hunting, etc...

    You don't have to be or want to become an Information Security Manager to have a CISSP. This encapsulates so much of IT it's almost worth anyone having.

    So I don't think I am jumping around at all. It's not like I'm chasing a CCNA... then an MCSA, then some other random certification.

    ...........
    ...........

    I definitely can't afford the GCIH course, the reason I asked about this is because I've seen it mentioned in a lot of jobs I've been looking at. Also it's closely related to my current role, so thought it would be a fairly straight forward one to have.

    Will have a think, still need to pass CISSP though first! icon_twisted.gif
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Also a bit confused about some saying to do the course as the price isn't that different to the exam.

    The exam costs: $1699 USD

    The course costs: $6200 USD

    I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    Regarding switching security path, your points are valid, it only got me confused as OSCP is advance PT and CISSP advance Mgmt and now stepping back to GCIH which is core DFIR/PT (according to SANS's Roadmap). But hey, whatever works for you ;)

    Regarding the course price, you are correct. However, what we meant by taking it at almost the same price is via the Work-Study program, where you volunteer in one of their events and in return you get a discounted course.

    Check:
    https://www.sans.org/work-study/
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    Also a bit confused about some saying to do the course as the price isn't that different to the exam.

    The exam costs: $1699 USD

    The course costs: $6200 USD

    I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.

    You misread what they said... SANS offers a workstudy program at their events, which drops the course price for workstudy individuals down to about what you would pay for the exam alone
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • Robert PrestonRobert Preston Registered Users Posts: 4 ■■□□□□□□□□
    SANS work study isn't that easy to get into. Plus you have to be ready to travel at a moments notice and pay for all food, lodging, travel. If he is comfortable in his DFIR role I'd say give it a whirl in self study.  Take a practice test and see how you do.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Also a bit confused about some saying to do the course as the price isn't that different to the exam.

    The exam costs: $1699 USD

    The course costs: $6200 USD

    I know the course offers you a fantastic learning experience but I am self funding and so it's not really affordable.
    Depends on how you look at it, if taking the course helps you land a well paying position, even at $6,875 (course + discounted exam price), it's really not that much.  If you don't use the cert to help get you a better job, then yes, it's a huge waste of money. Yes you do get the experience and knowledge, but it's tough to quantify the gained knowledge into $.  
    Still searching for the corner in a round room.
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□

    Wouldn't the cert quantify/qualify his understanding of the material?

    Can't you self study, e.g. MP3s, course materials, videos, labs?

    I got my job to pay for GCIH and GPEN. I wouldn't pay for it myself.

  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Had done several of this certs without official course book. Usually you would want to buy books that covers gold standards of knowledge that usually wont go wrong. Learn the concept and apply it to the exam even though the applicability can be different. For GCIH you may want to pick up offensive counter measures by john strand since his the course instructor for SEC 504. Counter Hack reloaded is old but still good. A copy of nmap documentation. Also a general incident response book with good reviews on Amazon and the Blue team handbook will help.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    also you can buy a pratice test for about 200 USD and then Google print out excess notes that is not covered in ur list of books and used them for the official exam.
Sign In or Register to comment.