New here and Just Passed my GCIH

LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
Hi All,

To start of, I would like to introduce myself that I am from Singapore, I only have 2 years work experience and have gotten my CEH 22 Nov last year and just passed my GCIH 16 Jan (on this monday), both by self study means. I have planned to go into GIAC certifications instead of a degree after reviewing my local degree courses and found them disappointed in the info sec sector.

Anyway, just sharing my GCIH experience for those who are interested. The actual test and the practice test questions are entirely different. But still for the test it is good to refer to those books (with indexing) actively, answering the question hastily is definitely not recommended. I won't recommend question **** at all as it won't help much.

Back to topic, I actually took 22 Days to complete my GCIH self study (started Dec) and I am currently studying my GCUX now (about 50% completion, started studying before GCIH exam) and planned for it for February or March.I spend most of my travelling time (including walking) and free time studying. I would like to have some opinions on the following.


G2700 - Is this certification really important and does it cover any CISSP topics? I notice some companies are looking for people with knowledge of 2700x series compliance. Is it a must for everyone in the industry to know this?
GSEC - I know this is an important certification, but it cover a wide range of topic, I wonder if it have any applicability in real life work environment?
GCFW - Has anyone taken this? Is this test hard to pass?

Comments

  • kiran_09kiran_09 Member Posts: 5 ■□□□□□□□□□
    Hi,

    Congrats for passing GCIH. Can i know what books/resources did you refer for GCIH exam.

    Regards,
    Kiran
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    To add on to this List I will recommend
    http://www.techexams.net/forums/sans-institute-giac-certifications/68043-post-your-sans-giac-study-material-recommendations-here.html

    Netcat **** sheet
    http://www.sans.org/security-resources/sec560/netcat_****_sheet_v1.pdf

    Windows and Linux **** Sheet for SYSAdmin
    http://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf
    There is a linux one but I can't seems to find it at the moment

    **** Sheet for Incident Handler
    ISC Diary | 2 **** Sheets for Incident Handling

    NMap Reference
    Chapter 15. Nmap Reference Guide

    Metaplsoit Unleashed Chapter 8 to 12
    Metasploit Unleashed - Client Side Exploits

    Other Topics
    Loki and Convert Channels
    Netstumbler vs Wellenreiter
    AirCrack
    War Dialer vs Demon Dialer
    Different Type of Rookit and LRK
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think the GSEC has real-world applicability from a generalist's perspective. It does not drill deep into any specific area, but it certainly provides a strong foundation to dive into the next step (whatever path that may be) for any aspiring infosec professional. I think the material is good for people who do general IT work and not necessarily focused on security on a daily basis. At the very least, it would raise a lot of awareness of key topics which affect their environment's security stance.

    The GCFW / SANS 502 is a good course. It's not as hard as perhaps 503 in my opinion. I'm a little biased because I already some firewall and VPN experience when I took 502 so a good portion of material wasn't new to me.

    As for the G2700, I'd guess that unless you're directly going to be involved in compliance work, it's not going to be immediately beneficial. I personally have no plans to ever take that SANS MGT411 or pursue that particular GIAC cert.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Congratulations and welcome to TE! :)
  • Dakinggamer87Dakinggamer87 Member Posts: 4,016 ■■■■■■■■□□
    Congrats and welcome to TechExams!! :)
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Hey thanks for the advice and warmth coming. I am now doing lots of Unix Hardening practical (hopefully going UX next) and intended to go GPEN path after UX :)

    Just a few more IH materials (not everything though)
    dsniff
    SSLStrip
    Moxie Marlinspike >> software >> sslstrip

    Also, some white paper does helps

    SANS InfoSec Reading Room - Steganography
  • artieaartiea Member Posts: 1 ■□□□□□□□□□
    Congrats and thanks for the reference list.... good stuff.
  • pizzahutpizzahut Member Posts: 11 ■□□□□□□□□□
    I am planning to take GCIH exam this year.

    Any update on the recommended study materials?
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Welcome. Are you challenging the test?
  • pizzahutpizzahut Member Posts: 11 ■□□□□□□□□□
    Yes. I am planning for self study and are having SANS year 2010 student manual but are worried that might be out-dated.

    Any kind soul can share with me their latest study material?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    You might not be aware of this, but official SANS courseware is non-transferrable and is only for the original student who took the class. Specifically, the SANS Courseware License Agreement states:
    User may not copy, reproduce, distribute, display, modify or create derivative works based upon all or any portion of the courseware in any medium whether printed, electronic or otherwise, without the express written consent of the SANS Institute. Without limiting the foregoing, user may not reproduce, distribute, re-publish, display, modify, or create derivative works based upon all or any portion of the courseware for purposes of teaching any computer or electronic security courses to any third party without the express written consent of the SANS Institute.


    SANS courses also tend to get updated frequently and four-year old class material probably won't reflect the current exam questions very well.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • pizzahutpizzahut Member Posts: 11 ■□□□□□□□□□
    Does registering for the exam entitle access to the courseware?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    No. Registering for the exam gets you access to two practice tests (which resembles the real exam relatively closely in my experience) as well as the actual live exam. To get access to the courseware, you have to sign up for the respective SANS course, in this case SEC504.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • pizzahutpizzahut Member Posts: 11 ■□□□□□□□□□
    Thanks for the info.
Sign In or Register to comment.