Looking for info/advice on GISP/GIAC

Hi, I'm new to the forums and would like to ask about the GISP exam. How is the material on it and is it comparable to the CISSP? In terms of aiming towards a general infosec certification (like the CISSP) is the GISP a good alternative or would you recommend a different exam from GIAC? Eventually I would like to gravitate more towards web apps and some web pen testing.

In addition, if GISP is the way to go, how would one go about studying for it if I do not have access to the SANS training? Would CISSP books cover the material sufficiently?

Before you say why dont you just take the CISSP.. if that were an option for me I probably would, but my company was able to obtain approval for GIAC certifications only. No other certs or training are funded so I'm stuck with GIAC and really dont want to spend 5k for the SANS training. Any and all advice is appreciated, thanks!

Find more posts tagged with

Comments

LionelTeo

You can take GISP via self study. There isnt a need to go for their traning. However, GISP is slightly touger than CISSP. There is a couple of folks I know on this forum who pass the GISP pratice test without referncing books during exam and just by studying external CISSP study materials alone.

GISP isnt probably a recognise cert out there. I use it to serve as the pratice for my CISSP. Since 2 pratice + actual exam (the exam package) total up to 750 question, hence I went for it and eventually get my company to reinburse for it. It also help me a lot for my CISSP exam.

Recognition wise, probably serve as a resume purpose to bypass HR requirements look for GIAC cert. Employers probably dont recognise this, instead of empahsizing in the concepts, the CISSP word is too wired into their brains.

Superpeon

Is there another cert that you would recommend in place of GISP? GIAC is my only option so I need to pick one to go for, figured GISP is the closest to CISSP I will get

justjen

I think the GSEC is more recognized than the GISP. It is a little more technical, and covers all the same domains in more depth. Less emphasis on how managers think though. That was a great SANS class, SEC401.

I'm doing the GISP exam today, as prep for the CISSP, but I won't bother to renew it in 4 years. It is just the means to an end, the CISSP, for me.

Superpeon

justjen, you bring up a good point, it seems like many people use GISP to study for the CISSP and knock out both back to back. after some contemplating I think I'll go for the GSEC. wish I had access to SANS training but I guess some self study will suffice.

How was the GISP exam and how much does it differ from the GSEC exam?

justjen

The GIAC GSEC (SANS SEC401) covers all 10 domains, but in more depth and from a much more detailed technical perspective.

For example, with the GISP (SANS MGT414), you only need to know a little bit of basic information about a TCP header, such as the length without options is 20 bytes, and the type is in byte 9. For the GSEC, you need to know all the details about several different types of protocol headers, TCP, UDP, etc. You need to be able to look at an IP packet and disect it down to the individual bits and bytes, including all the little flags,and which bit is which.

You might consider looking at the course outline on the SANS website to get an idea of what it covers, to see what would generally be on the GSEC:
https://www.sans.org/course/security-essentials-bootcamp-style

I'm not aware of any books to study for the GSEC other than the SANS course (different course delivery options at different price points), but someone else around here might know of some non-SANS study materials. Although it's a little dated, you might check out this thread:
http://www.techexams.net/forums/sans-institute-giac-certifications/58574-can-you-recommend-some-books-gsec.html

Someone said in that thread that GSEC is like Security+ on steroids.

[I don't know because I never took Security+ and never bothered with certs until the last few years. Back when dinosaurs roamed the earth and computer bugs were real bugs, basic intelligence and some experience was all I ever needed.

]

justjen

Just google 'GIAC GSEC book' and you will find there are indeed books out there, including a GIAC GSEC All-in-One study guide published in 2013. There are also others, but I don't know which of them are the best, or if any are current enough and comprehensive enough to substitute for the SANS training.

Superpeon

Yeah I just picked up the All-in-One as well as the Network Security Bible that may still be useful. I'll be leveraging different material as I go along, we'll see how well it goes.

Thanks for the info!

LionelTeo

GSEC only covers 8 domain out of 10 domain of the CISSP. They replace the other two domain with windows and linux administration. Windows Administration is a very big section of GSEC course, you would find it easy if you are a system administrator maintaining Windows ADs and Server security. Otherwise, that section is going to be tough, I have posted a book in the second page of first post on this forum section, you may refer to it and review the books if you are interested in additional materials.

The bottom line is that if your company reimburse for exam, the reason to grab GISP is because it gives you 750 questions just to prep for CISSP, pass that GISP and got the company to pay for that amount, you get a cert and in addition it ensures your good for CISSP.

Superpeon

LionelTeo wrote: »

GSEC only covers 8 domain out of 10 domain of the CISSP. They replace the other two domain with windows and linux administration. Windows Administration is a very big section of GSEC course, you would find it easy if you are a system administrator maintaining Windows ADs and Server security. Otherwise, that section is going to be tough, I have posted a book in the second page of first post on this forum section, you may refer to it and review the books if you are interested in additional materials.

The bottom line is that if your company reimburse for exam, the reason to grab GISP is because it gives you 750 questions just to prep for CISSP, pass that GISP and got the company to pay for that amount, you get a cert and in addition it ensures your good for CISSP.

Yeah that makes sense, so perhaps it makes more sense for me to hold off on the GISP and take it once I'm ready to start prepping for the CISSP. My company likes SANS and usually only reimburses their tests, so the chance will come again. I'll challenge the GSEC this time around, luckily I worked as a sysadmin for several years before going into cyber security, so I'm familiar with windows/linux administration. Will definitely look into your book suggestions, thanks!