Paying for GSEC, by yourself...

So, I recently came into about $15k... (wasn't a good circumstance the reason I got it if you're curious) Debating on going for GSEC and taking the OnDemand course and paying for it by myself. My wife and I are live pretty comfortable right now, so I'm not really worried about bills or anything.

I've been in IT for about 4-5 years working with small companies doing lower level JOAT roles. And have just started working on general security certifications. Just passed my Sec+ a couple week ago. And am studying for the SSCP right and planning on taking that in 3-4 weeks. (was planning on taking the CISSP but after debating with people on here about it, and the fact I would have to have ISC2 endorse me because I don't know anyone personally with a CISSP, I think ISC2 would probably only count my last 2 years towards the requirements...

)

After my SSCP, I'm not sure exactly what else I would want to go for. My goal is get to a Security Analyst position in the near future and thinking the Wireshark Cert will help there to learn packet analysis.

The GSEC exam seems like it would teach me a lot, it just hard to dish out that much money... What do you guys think? As someone fairly new to Security would think it would be worth it to pay it? Is there any other cert that you recommend? Was thinking maybe CEH too. I know it's more of a pentesting cert, but think it would be good knowledge to know the basics of that as well.

Also, I did attempt to do the SANS work-study program but did not get accepted a few months back when they were near me. And most likely am going to be applying for a Master's in Information Assurance program at Dakota State U in the Spring.

Find more posts tagged with

Comments

BlackBeret

I see the GSEC as a good course if you don't have a lot of IT experience. There are several books out there on Amazon that cover GSEC in-depth for under $50. If you just want to burn the money I'd say go for it, it could be fun. If you want the most bang for the buck I would suggest getting the GSEC All-in-one from Amazon, reading through it to get a good idea of the overall parts, then take SEC503/GCIA as an actual course.

As a side, I've also heard good things about the SEC501/GCED course, more security knowledge and less basic knowledge. I haven't reviewed the material myself yet.

BlackBeret

As for the CEH, the test itself is garbage, but some of the books are good if you go through the material to learn and not to pass a test. I've worked with people who are "experienced analysts" with GCIA/CEH/blah blah blah, and they still can't tell me what a SQL injection is. Knowing the attacks and some pentesting basics should be mandatory as an analyst IMHO.

The CEH courses are hit and miss. Some instructors think the test is garbage and will teach intro pentesting courses using their tools, then give you a test **** so that you can pass the exam at the end. Other instructors will teach the CEH test only and not cover many things that are useful. Some rare ones will teach all of the material properly so that you can continue learning it on your own and pass the exam later. This is another one that I would recommend a book for.

For decent priced courses with excellent training I recommend eLearnSecurity honestly. I've found their courses to be MUCH better and cheaper than SANS. The only reason I still do SANS courses is because the company pays and seems to prefer them.

OM602

Depending on which direction, you wanna go, I would go for one of the 5XX-certs.
Better aim high than too low IMO

cyberguypr

501 will be fine to give you a 1,000 ft overview of the different areas the 500 courses cover. It may open your eyes to help narrow down what you would like to specialize in. I think it's a better investment than GSEC. The only potential issue with GCED is that is less HR friendly, if that matters to you. See my 501 review here: http://www.techexams.net/forums/sans-institute-giac-certifications/103583-sec501-review-chicago-2014-a.html. On the other hand, if you know you like network forensics, incident response, or something else, I would go directly for one of those courses such as 503, 504, etc.

In regards to the CISSP, you may be short-changing yourself with your experience. Many times there's way more that you think in your background that qualifies. Feel free to PM me to discuss.

LionelTeo

Base on experience I had, the ROI for GIAC course is about 12k-15k (PA) increase in salary for every two GIAC certification. That is if you successfully got hired for a better job because you had these certifications. This of course factor in your work experience, career directions, technical skill and a bit of luck. If you went for two certification, it will take you a year and a half in your new job to recoup your loss. I think the ROI isn't really fantastic when compare to other certifications like CISSP. I would advice to self study for them. There is plenty of security books at amazon that cover the topics similar to GSEC. You may have to study more for it, but the ROI is much more fantastic than going for course.

However, I would also want to highlight that you should know judge the option available as you would know your circumstances better. We can only provide suggestion up to a certain point. Weight your options well and make a leap for it.

iBrokeIT

I threw down for the SEC501 class and GSEC attempt but skipped the OnDemand portion (wondering if that was a mistake?) and will be going to SANS Network Security 2015 in Las Vegas this year. I'll let you know how it goes since this will also be my first experience with a SANS course.

JoJoCal19

I just passed the GSEC two weeks ago after taking SEC401 back in April. I'd say print off the list of exam objectives from GIAC's site and the topics for each day of the SEC401 course and just self study them and then challenge the exam. Make notes for each topic as you can take them into the exam.

NetworkNewb

JoJoCal19 wrote: »

I just passed the GSEC two weeks ago after taking SEC401 back in April. I'd say print off the list of exam objectives from GIAC's site and the topics for each day of the SEC401 course and just self study them and then challenge the exam. Make notes for each topic as you can take them into the exam.

I'm definitely tempted to self-study for it and take the exam. I wish they didn't make so damn expensive!!

I kind of like the idea of getting the GSEC All-in-One book and reading it, and then taking the GCIA course and exam... Still a little ways out from making decision on this. Appreciate and like these ideas though!!

guy9

I think the GSEC is a waste of money, all do respect. I would not pay over 5K (including training either training you choose) for a cert slightly higher than Security+. Yes, you can catch these $200-$800 off specials they run for OnDemand and traning. Now the Exam is about 900 bucks if my memory serves me correctly when I looked a few months ago. I believe I paid about 599 to sit an exam.

Moral of the story it is my opinion that whoever will give you a chance with GSEC will give you the same chance if you had Security+. CEH has good and bad reviews. If you are looking into or around a govt area get CEH you will need it in any Classified/Secure environment for the govt. If you are not talking about govt do not get CEH. I can not speak for the Security Field as a whole, but where I work everyone who has a G cert has this from most to less GCIH-)GCIA-) whatever else starts with a G

Some people just like any G cert and will give you a chance if you're a 20 year old college student just because.

Khaos1911

Instead of 5K, just apply for the work study program when it's near your area and hopefully save 4 grand off the price tag if you're selected.

gespenstern

I would never pay that money for courses. With so many resources, books and videos on the internet which are either free or low-cost I can't justify paying for SANS courses. But it's just me.

cyberguypr

Or "spray and pray" and apply to EVERY work study coming up in the next few months. Even factoring in travel cost, you'll come ahead. I am leaving this Saturday for the DC event to facilitate FOR 408 and the cost even with travel was less than half of the regular $5k.

paul78

guy9 wrote: »

I think the GSEC is a waste of money...

I would agree. I've actually taken 2 SANs On-Demand courses. I paid for them myself and it wasn't worth it. I took MGT414 - which I thought was decent but not worth the expense. I decided to then take the SEC542 because I thought maybe the MGT414 was an anomaly. But I felt the same way about the SEC542.

My suggestion is to work towards your CISSP instead. And since you still need 3 years of experience, self-study may be a more cost-effective approach if you are dedicated to the subject. There are plenty of resources such as:

https://www.coursera.org/learn/cyber-security-domain
https://www.edx.org/course/wiretaps-big-data-privacy-surveillance-cornellx-engri1280x

I haven't actually taken above but I like Coursera and EDX.

There is also great material on Safaribooksonline for $400/year. And that's all-you-can-study.

IaHawk

paul78 wrote: »

I would agree. I've actually taken 2 SANs On-Demand courses. I paid for them myself and it wasn't worth it. I took MGT414 - which I thought was decent but not worth the expense. I decided to then take the SEC542 because I thought maybe the MGT414 was an anomaly. But I felt the same way about the SEC542.

My suggestion is to work towards your CISSP instead. And since you still need 3 years of experience, self-study may be a more cost-effective approach if you are dedicated to the subject. There are plenty of resources such as:

https://www.coursera.org/learn/cyber-security-domain
https://www.edx.org/course/wiretaps-big-data-privacy-surveillance-cornellx-engri1280x

I haven't actually taken above but I like Coursera and EDX.

There is also great material on Safaribooksonline for $400/year. And that's all-you-can-study.

Another great, FREE resource! https://www.cybrary.it/course/cissp/

JoJoCal19

paul78 wrote: »

I would agree. I've actually taken 2 SANs On-Demand courses. I paid for them myself and it wasn't worth it. I took MGT414 - which I thought was decent but not worth the expense. I decided to then take the SEC542 because I thought maybe the MGT414 was an anomaly. But I felt the same way about the SEC542.

Anyone that thinks the courses in general (especially the in-person conference) aren't worth $5k doesn't understand SANS' target audience (organizations, not individuals). The knowledge gleaned from the courses, and especially with the in-person conferences where the instructor will throw out extra case study examples, and tidbits, as well as answer any and all specific questions you may have with your own organization's situation, is worth many times ROI to the $5k+ paid by the organization. Hell, even within the SEC401 course (GSEC) I found enough things that would tremendously help my company and could save many times the full cost (in my case they only paid $900 since it was work study). I wouldn't pay $5k for the course by myself because the ROI just isn't there (maybe for SEC560, but debatable). I would however pay the $900 Work Study fee. I do feel the on-demand version isn't ideal because you do miss a good bit of stuff from the instructor as I stated. I know in SEC401 students would stay on breaks and after class and ask Dr Cole for advice with regards to products, situations, etc. Same with Mike Poor in SEC503 that I just took. But Paul, I can understand where YOU feel that YOUR investment of $5k wasn't worth it.

NetworkNewb

cyberguypr wrote: »

Or "spray and pray" and apply to EVERY work study coming up in the next few months. Even factoring in travel cost, you'll come ahead. I am leaving this Saturday for the DC event to facilitate FOR 408 and the cost even with travel was less than half of the regular $5k.

I wish I could do that, wife with a demanding job, a 7 month old baby, and neither of our families living nearby to look after the baby, makes that a tough option. Otherwise I would definitely do that.

UnixGuy

I haven't done any GIAC courses before so take my advice with a grain of salt.

For CISSP, many people in this forum can endorse you so you don't have to know someone in person. Think about it, CISSP will give you excellent ROI. Keep that 15K in the bank for now.

Since you have Sec+, I would personally skip the GSEC and shoot for GCIH if I really want to. But honestly, just do the CISSP and try to get that Analyst job and take it from there. I got an analyst job without CISSP, and I'm gaining experience so it can happen, you don't need GSEC to get an infosec analyst job.

LionelTeo

Just want to add GCIH is very easy to pass via self study. Counter Hack Reloaded, Blue Team Handbook, Incident Response and Forensics. The challenge comes with two free practice test, which you can use the results to google anything that is not covered and add it in your pile of notes. The exam is definitely more doable than other GIAC certification exam.