GSEC/GCIH experience; path question?

l!ght · December 2011

So, I was thinking about taking one of those. However, how much expereince is needed? Is GSEC easier? Is it doable with self-study? I see many of you guys already passed these exams, so I was wondering if you can give me some advice.

docrice · December 2011

I've done both. You can self-study the GSEC, but in its own way it's harder than some other GIAC exams because of the breadth of information and topics covered. Think Security+ material with deeper focus across all subject areas along with Windows and Unix security. It's not meant to be super-deep like exams which are specifically geared towards a particular area (like GCUX). I think it would very much help to have 4 - 5 years of general IT experience with some security focus for the GSEC.

The GCIH could also be self-studied as well, but keep in mind the questions for the GIAC exams tend to be written based on the SANS course materials. There are some non-SANS materials out there that might get you by, but the GCIH exam covers a lot of specific tools which might not be mentioned in a lot of reading materials at the book store.

You can always take the courses without prior experience, but if you're just starting out in the IT world, a lot of things might be way over your head.

ptilsen · December 2011

docrice wrote: »

You can always take the courses without prior experience, but if you're just starting out in the IT world, a lot of things might be way over your head.

Aren't the courses like $2,800? I'm guessing l!ght (like others, and myself) is interested in these certs, but not interested in spending $3,000 - $4,000. Even spending $1,000 to me is very different than spending $3,000. There's also the time commitment, which makes self-study more attractive than the course.

l!ght · December 2011

docrice wrote: »

I've done both. You can self-study the GSEC, but in its own way it's harder than some other GIAC exams because of the breadth of information and topics covered. Think Security+ material with deeper focus across all subject areas along with Windows and Unix security. It's not meant to be super-deep like exams which are specifically geared towards a particular area (like GCUX). I think it would very much help to have 4 - 5 years of general IT experience with some security focus for the GSEC.The GCIH could also be self-studied as well, but keep in mind the questions for the GIAC exams tend to be written based on the SANS course materials. There are some non-SANS materials out there that might get you by, but the GCIH exam covers a lot of specific tools which might not be mentioned in a lot of reading materials at the book store.You can always take the courses without prior experience, but if you're just starting out in the IT world, a lot of things might be way over your head.

I am glad I got you to comment. You and ipchain are the people to go to for advice regarding GIAC stuff. 4-5 years in IT? Like general stuff or some specific domain? I have experience with Linux and Windows (there are still things I don't know, like kernel debugging when it oopses, etc.), exposure to proxy server (Squid), dabbled with firewall (BSD-based), did some jobs here and there with desktop hardening, securely erasing data. Have familiarity with metasploit, regular stuff like nmap, wireshark, password crackers. That being said... its not a very extensive full-time 4-5 years of IT-ing. I have Security+ so that could help me a little I guess. What do you think? There are suggested books for GSEC in another thread. Two of them I got already covered (Sec+ and CCENT stuff as I already have CCNA). Linux+ is a good suggestion. But I am not a novice, so I can try to comprehend new stuff.

l!ght · December 2011

ptilsen wrote: »

Aren't the courses like $2,800? I'm guessing l!ght (like others, and myself) is interested in these certs, but not interested in spending $3,000 - $4,000. Even spending $1,000 to me is very different than spending $3,000. There's also the time commitment, which makes self-study more attractive than the course.

Yes, SANS courses are for those who a) already work as a security practitioner and have loads of $$$ b) someone who doesn't work in security filed, but present job gives him loads of $$$ c) people who inherited loads of $$$.Sadly (or maybe happily?), I am in neither of these categories. Self-study is the only viable option for me. Even if I had money, I can't take time off work for courses. I am a family man, responsibilities and such...

beads · December 2011

To keep things in focus here, the SANS Institute is in reality just that - a graduate school. True they have two degree programs but a school nonetheless.

SANS is primarily focused on people who already work in the field of security, that much is true like any other school.

Is it expensive? To some degree but so is graduate school in general and as far as grad schools go SANS is pretty average for the most part.

Check out some of the other offerings from EC-Council, Foundstone and Mandiant. Mandiant also has a course in Incident Handling. Less expensive but based on their particular product line.

Good news is that I have spoken to close to a dozen companies in the past three weeks that either do Incident Handling or want/will be doing incident handling in the near future. So it seems to be a growth field. Had the fourth interview today for a Lead IH/Investigator position. Must something to it.

Start with GSEC first. Its a good overview of the security landscape and provides a much better base of which to work from as much of the material in GSEC (and by default Security+ as well) is covered into the GCIH course. GSEC is of course much more difficult and has a five hour completion time so its quite the challenge as well. GCIH was comparatively easy by comparison as had less difficulty with the GCIH course.

- beads

JDMurray · December 2011

beads wrote: »

To keep things in focus here, the SANS Institute is in reality just that - a graduate school. True they have two degree programs but a school nonetheless.

The SANS Institue has nothing to do with college-level degrees. There are actually three business organizations involved here:

The SANS (SysAdmin, Audit, Networking, and Security) Institute is a private US company, founded in 1989, that specializes in computer and network security training, and security research and archives. SANS also offers professional IT security certification through GIAC. For this reason, GIAC certifications are commonly--and erroneously--referred to as "SANS certifications."

Global Information Assurance Certification (GIAC) is an information security certification organization that offers vendor-neutral security certifications in a wide variety of fields in Information Security. GIAC was founded by the The SANS Institute in 1999.

The SANS Technology Institute (STI) is a Masters-level educational institution opened in 2008. STI currently offers Masters of Science degrees in Information Security Management (MSISM) and Information Security Engineering (MSISE) and accredited only in the state of Maryland. The courses offered in the STI curriculum are not the SANS workshop courses. GIAC certifications are acceptable for some course prerequisites.[/QUOTE]

docrice · December 2011

l!ght wrote: »

4-5 years in IT? Like general stuff or some specific domain? I have experience with Linux and Windows (there are still things I don't know, like kernel debugging when it oopses, etc.), exposure to proxy server (Squid), dabbled with firewall (BSD-based), did some jobs here and there with desktop hardening, securely erasing data. Have familiarity with metasploit, regular stuff like nmap, wireshark, password crackers. That being said... its not a very extensive full-time 4-5 years of IT-ing.

Based on this, I'd say you could probably just self-study for the GSEC. I had about twelve years of general IT industry experience with some hands-on with firewalls, VPN devices, etc. before I took SANS SEC-401. I think it helped me improve my foundations and confirm what I've learned through experience, but overall I thought I could have put that budget to better use on a 500-level course. I finished the exam in about two hours and scored 93 percent (with the course books in-hand though). I believe the exam difficulty really stems from the broad coverage of technical infosec in general, but you really don't need to know about kernel-level debugging, etc.. That's a lot deeper than GSEC's intended scope.

l!ght wrote: »

Yes, SANS courses are for those who a) already work as a security practitioner and have loads of $$$ b) someone who doesn't work in security filed, but present job gives him loads of $$$ c) people who inherited loads of $$$.Sadly (or maybe happily?), I am in neither of these categories. Self-study is the only viable option for me. Even if I had money, I can't take time off work for courses. I am a family man, responsibilities and such...

There's also d) people who spend all their vacation and personal entertainment funds on technical training. I'm certainly not in the higher end of the salary scale, but I sacrifice a lot in regards to what most people take for granted. That means no TV (I don't even own one), no movies, no pets, no family get-togethers ... nothing but work. It's sad, but I love it.

l!ght · December 2011

docrice. Thank you for your input. So you spend your vacation and personal entertainment? Sounds about right... I don't even remember when was the last time I had a vacation. Maybe 3 years ago... About GSEC. So, you are sying that other exams (500-level) are "easier"? Because they cover less, right? I would also prefer not to waste money on a exam that will not give me much. Would you say GCIH is a better "bargain"?

docrice · December 2011

I think whether taking a 500-level course is a better bargain or not really depends on your interests and your existing infosec foundations. I can really only guess as to your current knowledge level, but in some ways the more focused courses such as 504 are "easier" simply because you're mentally tuned to a narrower set of topics. It doesn't mean that 503 was easy for me, and I think many people can argue that 503 and the GCIA would definitely be harder to achieve than going through 401 and obtaining the GSEC.

Many 500-level courses will assume core fundamentals inherent in 401. I don't regret taking 401 as it was still a good stretch for me, but in hindsight I probably I went in thinking that it was this super-dense-über-level class that would improve my infosec kung-fu by a factor of ten. It wasn't. The GSEC tends to get emphasized through many channels (the old CISSP vs. GSEC debate, HR requirements, etc.) simply because it's a commonly-referenced foundation, at least in circles which recognize GIAC.

At your level, it might be good for you. You don't want to be "that guy" who knows about some of the more intricate topics without understanding the basics. You'll have to make that call based on what you know and your impression of the 401 syllabus. You can always email one of the instructors to get his or her opinion. None of the SANS courses I've ever taken has made me an expert on anything. It simply incremented my understanding and mindset on a given set of topics and increased my awareness a bit so I'm better equipped at work to execute plans in a better-informed manner.

Be careful with approaching SANS courses and GIAC certs with the goal of obtaining another merit badge (certification). While a GCIH looks nice on a resume, at the same time many of us in the infosec industry shrug at them. What's more interesting is what you can accomplish with the knowledge you've obtained. I'm a walking example of someone with a growing wall of certs, but in real-life context they're kind of meaningless because it only implies that I can do a job well. I've interviewed candidates too many times to think that certs really qualify anyone for anything. However, it does show self-investment and motivation so that's a good thing.

l!ght · December 2011

docrice wrote: »

I think whether taking a 500-level course is a better bargain or not really depends on your interests and your existing infosec foundations. I can really only guess as to your current knowledge level, but in some ways the more focused courses such as 504 are "easier" simply because you're mentally tuned to a narrower set of topics. It doesn't mean that 503 was easy for me, and I think many people can argue that 503 and the GCIA would definitely be harder to achieve than going through 401 and obtaining the GSEC.Many 500-level courses will assume core fundamentals inherent in 401. I don't regret taking 401 as it was still a good stretch for me, but in hindsight I probably I went in thinking that it was this super-dense-über-level class that would improve my infosec kung-fu by a factor of ten. It wasn't. The GSEC tends to get emphasized through many channels (the old CISSP vs. GSEC debate, HR requirements, etc.) simply because it's a commonly-referenced foundation, at least in circles which recognize GIAC.At your level, it might be good for you. You don't want to be "that guy" who knows about some of the more intricate topics without understanding the basics. You'll have to make that call based on what you know and your impression of the 401 syllabus. You can always email one of the instructors to get his or her opinion. None of the SANS courses I've ever taken has made me an expert on anything. It simply incremented my understanding and mindset on a given set of topics and increased my awareness a bit so I'm better equipped at work to execute plans in a better-informed manner.Be careful with approaching SANS courses and GIAC certs with the goal of obtaining another merit badge (certification). While a GCIH looks nice on a resume, at the same time many of us in the infosec industry shrug at them. What's more interesting is what you can accomplish with the knowledge you've obtained. I'm a walking example of someone with a growing wall of certs, but in real-life context they're kind of meaningless because it only implies that I can do a job well. I've interviewed candidates too many times to think that certs really qualify anyone for anything. However, it does show self-investment and motivation so that's a good thing.

Thank you. Very good info. I do think that it is better to go for GSEC, based on what you said and my own" internal gauge". You know, walk before you run sort of thing. The thing is, where I currently reside, experience and certificates means the most (very, very conservative place). As I have no "enterprise" experience, my only other way is to get certificates. However, for CISSP and ISA stuff you need "experience" to qualify. GIAC is the only one besides CompTIA that lets you get some certs without all the hassle.

beads · February 2012

Keep in mind that GSEC is also used for training for Security+. The only real difference is that GSEC has a couple more days of class time than what would be Security+. So, a smart individual might self study for the Security+ and gage one's abilities on that test first and save themselves a few thousand dollars in cost with the cheaper more well known cert first.

On the other hand if you were to take, even challenge (about $900) the GSEC and passed you'd likely do exceptionally well on the Security+ exam. Did the Security+ exam a few years ago in under 33 minutes with a 97%. GSEC? Well that went down to the wire (4 hours 57 minutes) and scored a 92%. Security+ was practically a pleasure compared to five hours.

- beads

ptilsen · February 2012

beads wrote: »

Keep in mind that GSEC is also used for training for Security+. The only real difference is that GSEC has a couple more days of class time than what would be Security+. So, a smart individual might self study for the Security+ and gage one's abilities on that test first and save themselves a few thousand dollars in cost with the cheaper more well known cert first.

On the other hand if you were to take, even challenge (about $900) the GSEC and passed you'd likely do exceptionally well on the Security+ exam. Did the Security+ exam a few years ago in under 33 minutes with a 97%. GSEC? Well that went down to the wire (4 hours 57 minutes) and scored a 92%. Security+ was practically a pleasure compared to five hours.

- beads

Would you not say GSEC has much more value than Security+, despite Security+ being more well known? Security+ really seems like the A+ of the security world -- as entry level as it gets.

GSEC/GCIH experience; path question?

Comments