GSEC vs CEH - what's first?

codeacecodeace Member Posts: 38 ■■□□□□□□□□
Anyone who has done both GSEC and CEH, please advise me on which one of thwo should pursue first?

P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.

Thanks!
Failed to load the poll.
Everything happens for a good reason! Don't question it. Just accept it :)

Comments

  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Entirely different certifications. CEH is ethical hacking. GSEC is general security (like a slightly more advanced Security+). Either would be useful, but GSEC is more of a broad security certification.

    If this is your first dive into security, you may want to consider going after the Sec+ first. The advantage here is cost. You can probably study/take the Sec+ for under $400. GSEC to take the SANS course, and the certification is going to be more like $4,000.

    Are you planning to go more of a pentesting route, or are you thinking about going into something else? I guess that's going to be the biggest question. If pentesting is your goal then CEH is what you want to take. If you are just trying to break into security and have very little security knowledge, I would go Sec+. If cost isn't a concern, I would do GSEC.
    I bring nothing useful to the table...
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,823 Admin
    I agree that these certs are apples-and-elephants. And the GSEC exam is a lot harder than the Security+ exam. It'd better be for the money you pay for the class and the exam. And if you are getting certs to get a better job, make sure you select the certs that your prospective employers are asking for.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    codeace wrote: »
    P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.

    I would GSEC then C|EH in that case. You might want to look at these forums for more security specific thoughts on security certifications: The Ethical Hacker Network - EH-Net - Index
    Currently working on: Linux and Python
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,823 Admin
    The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.
  • rob7278rob7278 Member Posts: 57 ■■□□□□□□□□
    I was thinking of following the Sec+, SSCP, CISSP route that you mentioned. Are there any other decent stepping stone courses that I should look at (stepping stones to the holy grail CISSP, of course)
    CISM? Also GIAC has a whole bunch different security certs- GISF, GCWN, GCFA, GSE although I wasn't aware that the courses for these certs were so expensive. I thought I read on the GIAC website that their certs didn't have prerequisites. Or does not attending their classes mean you will have no shot at passing their tests? As I don't recall seeing many study guides for the GIAC certs; Amazon did have a few- GSEC
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    Well, I am going to be forced down the Security+ --> C|EH--> simply because I have no previous security experience. I definitely plan to do the GSEC down the line simply because it is so common on Monster. In fact, during my searching I found it to be the most common GIAC cert for security jobs on Monster.
    Currently working on: Linux and Python
  • SephStormSephStorm Member Posts: 1,732
    really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    SephStorm wrote: »
    really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.

    While I agree that OSCP is a much more difficult exam, it's not all that well known yet. CEH is on the DOD list, so that really helps its credibility. Let's face it, the point of getting certifications is to get a job or help you move up in the one you have. That's why I'm not overly crazy about the OSCP, just yet.

    codeace,
    Find an area of infosec that you want to do, and stick on that track. General security knowledge will go a long way to help you, but being specialized in something is a good thing.

    Veritas,
    The layout you have is fine. Sec+ and CEH should give you a very good foundational knowledge base. I've really enjoyed my Sans studies, but its out of range unless you have a company that's willing to pay for it.
    I bring nothing useful to the table...
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    The more I learn about the CEH the less I like about it. It is very outdated also. I would probably go after it if they update it here soon.

    I plan on something around this order

    Sec+ > SSCP > GSEC > GPEN > OSCP. I may throw in the CEH like i said if they update it. Also may do SCNP.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    What you say may be true, but for me it's also what is known to HR. That is the reason I don't do certain certifications, and do take other certifications.
    Currently working on: Linux and Python
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,823 Admin
    With the U.S. Department of Defense now recognizing the CEH, it is more interesting now for my resume as well. I'm just not looking forward to spending six-plus months studying the 70-some-odd modules covered by the CEH exam.
  • SephStormSephStorm Member Posts: 1,732
    I feel your pain on that one. I am trying to do the EC-Council ENSA certification with two? large books and a lab manual if im not mistaken. tough to dive into. Thats why I am keeping an eye out on the EC-Council Press books in stores now (I've seen Wireless|5 and CEH), as well as any ground courses.
  • codeacecodeace Member Posts: 38 ■■□□□□□□□□
    JDMurray wrote: »
    The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.

    Makes sense! But if they both were to help with my generic security foundation (again not targeting a specific role) for an Jr./entry level position, then the SSCP>GSEC>CEH seem to have the logical flow from GENERIC>SPECIFIC.

    Thanks folks!
    Everything happens for a good reason! Don't question it. Just accept it :)
  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    For DOD the training does not just include SEI identifiers for those Certifications under 8570.1. There is also billet requirements for those jobs. Those requirements have to be met in addition to 8570.1 requirements. An example of this in DOD is you are required to pass Security+ and then GSEC before you move on to CEH. CEH is not more difficult than GSEC it is just for a different purpose. After all how can you effectively hack systems without understanding how they are secured or common weaknesses system administrators overlook or ignore.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • muiadedejimuiadedeji Registered Users Posts: 1 ■□□□□□□□□□
    Anyone who has passed CEH, should please send me details on how to get complete package of the certification. Thanks
Sign In or Register to comment.