docrice wrote: » I read through the course description a while back and it seemed like a great follow-up to 401, but I can see why not many people seem to do it. While I'm sure I could gain from it personally, I still think it feels rather basic compared to the SANS courses which goes in-depth into specific areas. At the moment, there are only 165 GCED certified professionals. Compare that to nearly 6000 GCIHs and almost 3000 GCIAs and you can see what the popular vote says. I'm sure it's a good course though. SANS hasn't disappointed me yet.
docrice wrote: » It's good to aim for the cert, but aim for the knowledge first. These four-letter acronyms provide a nice shiny-shiny on the resume and business card, but in the real world it's all about what you can deliver.
docrice wrote: » The GSEC is still a very honorable cert. If you know Windows and Unix decently and understand common crypto types and other security concepts, I think it's definitely possible to pass. I would have passed with just my experience alone. Plus, the cert's highly-recognized (at least for those who recognize GIAC to begin with). Remember, these are open-book exams and you can bring in whatever printed material you want as reference, as long as it all fits within a reasonably-sized bag.
docrice wrote: » If the GCIA scares you (and it should for the uninitiated), then it's just a matter of getting comfortable with TCP/IP (which the Wireshark book provides a strong start on), using tcpdump, understanding hex, knowing the layer 3 and 4 headers, and some basics of DNS and HTTP. Oh yeah, and knowing some Snort basics. This is all achievable with time and patience. The 503 course does provide some acceleration to your learning, but if cost is the factor, then just be patient and keep chipping away at the material which you can certainly learn on your own time. No one gets good at this within a few months.
Bl8ckr0uter wrote: » I keep hearing the opposite though. People seem to say GSEC is like Security+ level and it seems like I don't want to spend $900 on a test that isn't respected ya know?
docrice wrote: » I think this would be very dependent on your existing experience. To generalize (and keep in mind that I may be grossly over-simplifying some things and making assumptions in other areas), the GSEC provides a nice solid overview on a lot of things, but it doesn't really get into intrusion detection / analysis or incident handling. It's a good balance of practical theory and some practical application that's useful in the workplace. If you're a general sysadmin who doesn't really have a security focus or mindset, the GSEC gets you going. Sysadmins are concerned about availability and deployment. Security sysadmins are about that and doing it with proper caution. The higher-level stuff generally assumes that you have the requisite knowledge from the lower-level, but may not necessarily revisit many of those foundations. Instead, the 500-level SANS courses spends its focus tuned into its given area. Let's take the 504 / GCIH, for example. It assumes that you already know how operating systems work, some peculiars of Windows or Unix, and the use of existing crypto systems. It also assumes that you're not tied to a GUI. If you're scared of the command line, then you need to spend some quality time with Mr. Blinking Cursor, especially in Unix. Let's look at it from another angle. If your primary experience is in routing and switching, have some fluency in maintaining access lists, spend your lunchtime looking at logs and hunting down ghosts, and deal with site-to-site tunnels, then the GCFW may be the logical step. You still need to know TCP/IP decently (although not as much as the GCIA) and have some working knowledge of how common MITM attacks work, but for a network admin like that the GCFW might be easier than the GSEC. So as I said, it depends on your experience and interest. While SANS does have a flowchart of course / certification paths, a lot of these classes can be take / exams challenged based on your existing skill level in whatever area you're comfortable in.
