Renewed GCIH, going for GPEN, what next?

jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
Hey guys,

So I recently renewed my GCIH on my own dime and found out more about my company's tuition assistance after the fact. So I'm signed up for the GPEN course coming up. I'll have used up most of the tuition budget ($5000+) on the GPEN for this year 2012. I'm wondering if I should just focus on that to close out the year (have to submit my proof of certification by Dec 14th) or if I should try to double-up and get another cert in. I'm leaning towards the former but I've been wanting to get the CISSP.

I feel like the CISSP is going to be harder for me though since it's longer and more broad (and will likely require a ton of memorization).

Otherwise, in 2013 I'll have another $5000+ to go towards tuition.

I've also considered taking one of the more advanced SANS pentesting courses (GXPN or GWAPT) for 2013, and am wondering if I should go for one of those instead of allocating all the budget to CISSP prep.
SANS offers that Mgmt 414 course, which is basically CISSP prep, but there are also CISSP prep courses that cost less. Either way, if I took any of these prep course, I wouldn't have enough allocate for one of the SANS advanced pen testing courses.

I'm wondering if I'll be fine just self-studying for CISSP. Budget-wise, I think I'd be able to squeeze in a SANS course + CISSP exam fees to get it at or under budget. It would just suck if I ended up not passing.

The other one I was considering in the back of my mind is the OSCP - I know that costs significantly less than the SANS courses, but the adv pentesting (GXPN) course seems to cover even more in that respect.

Any thoughts?

Comments

  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    Actually, I just checked and I can appeal for post-approval to get reimbursed for my the GCIH re-cert, so I'm gonna try for that. Hopefully it works out. Then I'll feel better about maximizing on the tuition assistance.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,711 Admin
    You are very lucky that your employer's tuition assistance program covers SANS training and GIAC certification. Most tuition assistance programs limit payment and reimbursement to only courses taken at CHEA accredited places of learning, such as community colleges and universities. Most technical colleges and training centers are excluded unless individually approved by the program.

    You will get far more career mileage out of the CISSP than any of the GIAC certs, so give budget priority to what you think it will take for you to pass the CISSP exam. And have you considered the GCIA to round out your GCIH and (future) GPEN?
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    JDMurray wrote: »
    You are very lucky that your employer's tuition assistance program covers SANS training and GIAC certification. Most tuition assistance programs limit payment and reimbursement to only courses taken at CHEA accredited places of learning, such as community colleges and universities. Most technical colleges and training centers are excluded unless individually approved by the program.

    You will get far more career mileage out of the CISSP than any of the GIAC certs, so give budget priority to what you think it will take for you to pass the CISSP exam. And have you considered the GCIA to round out your GCIH and (future) GPEN?


    Yes, I am very fortunate to be working here. I actually used to at this office before they were bought out by a bigger company (so I now work for the bigger company as we are now one of their divisions). A majority of my co-workers, at the time I left, are still around so it's really cool to see how much it's grown here. Regarding the list of approved institutions/universities, I actually had to request that SANS be added to the list and I was surprised that they added them without question.

    My last couple places of employment were very stingy with their training budgets to say the least. I did the work-study program for the GCIH and paid on my own dime two companies ago; oh, and I took a week of *vacation* time for it too - they wouldn't even let me take a week off for work-related training that I paid for! Anyway, that's all in the past.

    Do you think it's worth taking one of those CISSP prep courses? I bought the Shon Harris All In One (4th edition) a while back and my work actually has an online training unit for CISSP. It's basically just a bunch of slides with someone reading the text on each slide, and then there's some questions throughout each module and a short quiz at the end. You are graded percentage-wise at the end based on each quiz, and this is subsequently tracked in my employer's training dashboard (although I'm not sure what exactly they do with this data).

    I haven't considered the GCIA yet, but now that I think about it that probably would be a good one to do. Possibly even GCFW as well. These shouldn't be too difficult to justify since my manager is pretty encouraging about continuing education.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    Actually, I could probably sign up for the GCIA if I wanted to. For those of you who have both GCIA and GPEN, which test ended up being hardest? I heard there's a A LOT of material in the GCIA. There's a course coming up in October that I can probably double-up on. In order to get reimbursed I have to submit the proof of certification within or at 90 days after the last day of the course. If I did this I'd basically be going for two certs within a couple months of each other. One I would take prior to December 14th to get within this year's budget, and then other I'd have to take some time in January to qualify for next year's budget.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,711 Admin
    jplee3 wrote: »
    Do you think it's worth taking one of those CISSP prep courses?
    I tend to think the boot camp courses are for people who can't (or won't) properly study and learn the material, so they need a 5-day cram session immediately before they take the exam. I don't think you will need a cram class if you have the time and patence to properly study the CISSP CBK from the materials commonly available. This is the best way to retain the CISSP CBK information, which will be of great benefit in your present job and career.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    Thanks for the tip! Any other resources or study materials that you highly suggest for self-study?

    BTW: I think I have the unofficial green-light to do GCIA now. I figured I'd try to tackle the next one starting in October and try for the exam next year maybe in Jan or Feb (also so the budgeting works out). Unless I should do the GCIA first and tackle the GPEN after.

    Either way, the next 6 months will be busy :)
  • uyen_nguyenuyen_nguyen Member Posts: 32 ■■□□□□□□□□
    Again, you are so lucky to get your employers pay for SANS courses. If I were in your circumstance, I would take GXPN instead of paying for CISSP prep course. CISSP, you can study on your own pace room with 1 light, 1 pencil, books and videos. On the other hands, GXPN is the most prestigious certification in my opinion in exploitation and as I see SEC660's objectives on SANS websites, this course is really unique for pen test and exploitation. I am going to take SEC660 in 2013.
    English is my second language. My apology for my grammar errors.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    Thanks for the insight. I think I'll follow the advice of self-study for the CISSP. As far as the SANS stuff, do you think it's better, since I'm doing GPEN right now, to get the GCIA first and then go for the GXPN after? I think the GCIA stuff would be good to pick-up on cause I'll sort of have a gap there now that I've done the GCIH and am going through the GPEN.
  • uyen_nguyenuyen_nguyen Member Posts: 32 ■■□□□□□□□□
    I haven't looked at GCIA objectives yet but I will soon as I am putting all of my energy for GSE title which GCIA is compulsory. It would be a right path as you suggested, GPEN then GCIA. Actually, I m preparing for GPEN exam too. Intrusion Analyst and Exploitation is not really relevant so I cannot say :). GXPN definitely will be my next destination in Feb 2013.
    English is my second language. My apology for my grammar errors.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    I'm actually starting to wonder if I should just go for the MSISE. The only hesitation I have is that SANS isn't fully accredited yet. But my company does reimburse almost twice as much for Master's courses as they do undegrad/certification courses, so if they can pay for the MSISE, I figure why not.

    Do you guys think it's worth going for the MSISE if the company reimburses for it? Or is that money better spent elsewhere?
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    I would definitely get an accredited degree over SANS. CMU offers a 100% online MS IA. I would get that instead, no question. SANS is not regionally accredited. CMU is ranked #1 in the world for IT management education. The GIAC certs and SANS training have a lot of value, but the MSISE is not the right career move IMO.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    ptilsen wrote: »
    I would definitely get an accredited degree over SANS. CMU offers a 100% online MS IA. I would get that instead, no question. SANS is not regionally accredited. CMU is ranked #1 in the world for IT management education. The GIAC certs and SANS training have a lot of value, but the MSISE is not the right career move IMO.

    Thanks for the tip. I may consider delaying in that case and stick with just building up on certs. Tuition costs seem fairly high for CMU's INI program: 20k per semester?
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    jplee3 wrote: »
    Tuition costs seem fairly high for CMU's INI program: 20k per semester?
    That does seem high. Did you miscalculate their rates?

    15 credit-hours/semester x $477/credit-hour = $7,155 per semester

    Additionally, many universities and government programs offer grants and/or loans, in particular if you are in financial need or have demonstrated academic talent.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    That does seem high. Did you miscalculate their rates?

    15 credit-hours/semester x $477/credit-hour = $7,155 per semester

    Additionally, many universities and government programs offer grants and/or loans, in particular if you are in financial need or have demonstrated academic talent.


    Oh I was looking off this site:
    Tuition

    "The tuition rate for students entering INI programs in Fall 2012 has been established at $19,450 per semester. (Note: the part-time tuition rate is $540/unit.)"

    I guess I missed the part in parens :)
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    Aha! Good find. I was looking at their MS IA, the one Paul had mentioned.

    From their INI FAQ, "Most graduates entering the program receive some assistance in the form of a tuition scholarship." Most universities don't want "It costs too much!" to be a serious deterrant for determined students. Here's one they offer--

    "Scholarship for Service (SFS) program gives students scholarship funds in exchange for service in the federal government for a period equivalent to the length of their scholarship, typically two years."

    Good luck with your choices. :)
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    I pulled CMU just as an example, by the way. Iowa State also offers a distance MS in IA. Distance Education | Information Assurance Center It looks like tuition would be about $20K a year, presumably $40K for the whole degree (I didn't look too hard).

    There are other reputable schools out there, presumably with less expensive programs.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    Aha! Good find. I was looking at their MS IA, the one Paul had mentioned.

    From their INI FAQ, "Most graduates entering the program receive some assistance in the form of a tuition scholarship." Most universities don't want "It costs too much!" to be a serious deterrant for determined students. Here's one they offer--

    "Scholarship for Service (SFS) program gives students scholarship funds in exchange for service in the federal government for a period equivalent to the length of their scholarship, typically two years."

    Good luck with your choices. :)

    I'm interested in how SFS works - what exactly does "service in the federal government" mean too? That wouldn't be full-time service would it?

    The other concern is that I don't have my undergrad degree in computer science - it seems a majority of Masters programs for InfoSec make that a prerequisite.
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    What is your undergrad? I haven't looked, but I doubt that is a requirement for most. I bet they would take any BS and some IT or business BAs. Work experience can easily make up for a non-ideal undergrad for these programs.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    ptilsen wrote: »
    What is your undergrad? I haven't looked, but I doubt that is a requirement for most. I bet they would take any BS and some IT or business BAs. Work experience can easily make up for a non-ideal undergrad for these programs.

    BA International Studies haha, so not even close. Maybe closer to business if at all.
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    jplee3 wrote: »
    Oh I was looking off this site:
    Tuition

    "The tuition rate for students entering INI programs in Fall 2012 has been established at $19,450 per semester. (Note: the part-time tuition rate is $540/unit.)"

    I guess I missed the part in parens :)
    So even at $540/unit, their MSIT-IS is 144 units... bringing it to the total of $77K+... or am I misreading the numbers?
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    This is the program I was referring to.
    Here is the finance page, and here is the expenses page. It is still pretty pricey at $64K going part-time, though keep in mind some of that is fees that don't apply to distance students. I'm having trouble finding the CMU Heinz College tuition rate.

    Obviously at $20K a year it's going to be expensive out of pocket. Which, again, is why it was an example of an alternative to the SANS MS. There are several distance masters programs in information assurance or security that I've found, so there should be some cheaper options, such as the one from Iowa State.

    I still think you can get away with a BA International Studies as long as it is from a reputable school. Work experience and/or a good GMAT score will negate the importance of your undergrad for a lot of masters programs.

    Edit: CMU also has the MS Information Security Policy and Management program, which appears to be much cheaper.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    jplee3 wrote: »
    I'm interested in how SFS works - what exactly does "service in the federal government" mean too? That wouldn't be full-time service would it?
    From my reading yesterday, it simply means you take a full-time internship or job with the federal government. The apparent goal is to encourage America's brightest to take federal positions, even though the pay is less than private industry would provide. Still, if your degree increases your pay rate significantly, two years of making more than you do now but less than you would with your degree aren't such a poor deal, especially when those two years are gaining you experience. You'd have to check the details.
  • jplee3jplee3 Member Posts: 49 ■■□□□□□□□□
    From my reading yesterday, it simply means you take a full-time internship or job with the federal government. The apparent goal is to encourage America's brightest to take federal positions, even though the pay is less than private industry would provide. Still, if your degree increases your pay rate significantly, two years of making more than you do now but less than you would with your degree aren't such a poor deal, especially when those two years are gaining you experience. You'd have to check the details.

    Makes sense. The way I see it it's one of those things like "big risk = big reward." Right now I'm pretty cushy at the current job, and have several coworkers who are doing their MBAs or Masters in CompSci while still working here. So if I can do something along those lines, I'd probably opt for it, rather than seeking to get a scholarship or what not. Even then, if I have to foot $10k of a $20k tuition that my company only covers half of, that's really not that much assuming the pay increase negates it (this may or may not be more ideal than taking an internship w/ the fed govt - although, how many internships w/ the govt result in moving to full-time? And I guess the other question would be: is it better working for the fed govt or a large corporation that sells to the govt as well as other organizations?)

    Anyway, focusing on the now, I think I may just sign up for the Advanced Pen testing course as it would probably be the most immediately relevant to my position and what is being asked of me. I figure I can save the GCIA for later down the road.
Sign In or Register to comment.