GSEC vs CEH - what's first?

Anyone who has done both GSEC and CEH, please advise me on which one of thwo should pursue first?

P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.

Thanks!

Find more posts tagged with

Comments

L0gicB0mb508

Entirely different certifications. CEH is ethical hacking. GSEC is general security (like a slightly more advanced Security+). Either would be useful, but GSEC is more of a broad security certification.

If this is your first dive into security, you may want to consider going after the Sec+ first. The advantage here is cost. You can probably study/take the Sec+ for under $400. GSEC to take the SANS course, and the certification is going to be more like $4,000.

Are you planning to go more of a pentesting route, or are you thinking about going into something else? I guess that's going to be the biggest question. If pentesting is your goal then CEH is what you want to take. If you are just trying to break into security and have very little security knowledge, I would go Sec+. If cost isn't a concern, I would do GSEC.

JDMurray

I agree that these certs are apples-and-elephants. And the GSEC exam is a lot harder than the Security+ exam. It'd better be for the money you pay for the class and the exam. And if you are getting certs to get a better job, make sure you select the certs that your prospective employers are asking for.

veritas_libertas

codeace wrote: »

P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.

I would GSEC then C|EH in that case. You might want to look at these forums for more security specific thoughts on security certifications: The Ethical Hacker Network - EH-Net - Index

JDMurray

The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.

rob7278

I was thinking of following the Sec+, SSCP, CISSP route that you mentioned. Are there any other decent stepping stone courses that I should look at (stepping stones to the holy grail CISSP, of course)
CISM? Also GIAC has a whole bunch different security certs- GISF, GCWN, GCFA, GSE although I wasn't aware that the courses for these certs were so expensive. I thought I read on the GIAC website that their certs didn't have prerequisites. Or does not attending their classes mean you will have no shot at passing their tests? As I don't recall seeing many study guides for the GIAC certs; Amazon did have a few- GSEC

veritas_libertas

Well, I am going to be forced down the Security+ --> C|EH--> simply because I have no previous security experience. I definitely plan to do the GSEC down the line simply because it is so common on Monster. In fact, during my searching I found it to be the most common GIAC cert for security jobs on Monster.

SephStorm

really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.

L0gicB0mb508

SephStorm wrote: »

really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.

While I agree that OSCP is a much more difficult exam, it's not all that well known yet. CEH is on the DOD list, so that really helps its credibility. Let's face it, the point of getting certifications is to get a job or help you move up in the one you have. That's why I'm not overly crazy about the OSCP, just yet.

codeace,
Find an area of infosec that you want to do, and stick on that track. General security knowledge will go a long way to help you, but being specialized in something is a good thing.

Veritas,
The layout you have is fine. Sec+ and CEH should give you a very good foundational knowledge base. I've really enjoyed my Sans studies, but its out of range unless you have a company that's willing to pay for it.

kriscamaro68

The more I learn about the CEH the less I like about it. It is very outdated also. I would probably go after it if they update it here soon.

I plan on something around this order

Sec+ > SSCP > GSEC > GPEN > OSCP. I may throw in the CEH like i said if they update it. Also may do SCNP.

veritas_libertas

What you say may be true, but for me it's also what is known to HR. That is the reason I don't do certain certifications, and do take other certifications.

JDMurray

With the U.S. Department of Defense now recognizing the CEH, it is more interesting now for my resume as well. I'm just not looking forward to spending six-plus months studying the 70-some-odd modules covered by the CEH exam.

SephStorm

I feel your pain on that one. I am trying to do the EC-Council ENSA certification with two? large books and a lab manual if im not mistaken. tough to dive into. Thats why I am keeping an eye out on the EC-Council Press books in stores now (I've seen Wireless|5 and CEH), as well as any ground courses.

codeace

JDMurray wrote: »

The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.

Makes sense! But if they both were to help with my generic security foundation (again not targeting a specific role) for an Jr./entry level position, then the SSCP>GSEC>CEH seem to have the logical flow from GENERIC>SPECIFIC.

Thanks folks!

Chris:/*

For DOD the training does not just include SEI identifiers for those Certifications under 8570.1. There is also billet requirements for those jobs. Those requirements have to be met in addition to 8570.1 requirements. An example of this in DOD is you are required to pass Security+ and then GSEC before you move on to CEH. CEH is not more difficult than GSEC it is just for a different purpose. After all how can you effectively hack systems without understanding how they are secured or common weaknesses system administrators overlook or ignore.

muiadedeji

Anyone who has passed CEH, should please send me details on how to get complete package of the certification. Thanks