+ Reply to Thread
Results 1 to 25 of 26
  1. k-r4d l33t 1nf0s3c g33k
    Join Date
    Jan 2009
    Location
    407
    Posts
    191

    Certifications
    CISSP, GCIH, GCIA, C|EH, Security+, Network+, MCP
    #1

    Passed GIAC Certified Incident Handler (GCIH)

    I just got back from the testing center where I passed my GCIH certification. I got an A. I missed a few out of the 150 questions, and finished in 2 of the allotted 4 hours. Some of the questions I missed were just stupid on my part (I completely misread them), the others were educated guesses because I could not find the answer in the material.

    I basically took the SANS Self Study route. My study plan was reading and indexing Counter Hack: Reloaded by Ed Skoudis. It was beneficial because some test questions were lifted directly from the book. Combined with the SANS SEC504 course material, the Counter Hack index filled in some gaps. I listened to the Ed Skoudis SANS SEC504 MP3s and read through the SANS SEC504 course ware. I also had the course CD-ROM, but I did not use it because I had good exposure to the tools when I was doing my C|EH. I indexed all the slides from the course material as well as putting page markers in the course material and in CH:R. I also had printed out all the SANS cheat sheets, the wiki on NetCat, and commonly used backdoor ports. I wish I would have had commonly used port print-out, but I survived without it.

    The test itself was exactly like the practice test, but more difficult. The practice test was more cut and dry, What do you use X for? While I felt the actual test was more applying the knowledge, ex. if you wanted to do x and y, what would you use? I felt my test was covered all topics evenly, and that all the tools were well represented, the IH process, and the details of each phase of IH. The testing center was annoying. In Florida we just had out first cold front of the fall and they had the HEAT ON! Luckily, I wore shorts. I wish I would have had more room to spread out my books, but I managed. Once I knew I passed, I took a break, went to the bathroom, and re-arranged my work area.

    All in all, I enjoyed the experience. I am looking forward to the live training event in DC for GCIA. Then.. who knows what else I might go for. GCFA? GCFA? Maybe back to EC-Council for CFHI? Or should I go for the GOLD?! Or just focus on school until I'm done.
    Last edited by unsupported; 09-30-2009 at 05:21 PM.
    Quote  


  2. The Colosus of Clout
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #2
    I'm glad to hear that you enjoyed your SANS learning experience. I'm taking the GCFW on November 13th and have been blown away at the quality of the material and instruction. I haven't learned a lot of individual technologies and concepts but I have learned many new ways to apply them.

    The testing center where I have to go is also cramped. I, like you, will be sweating just not having enough space to lay out my materials. I've integrated that into my practice exams though - working with a small volume of space.

    When are you doing the live training for the GCIA? I blew my training budget on Cisco tests and the GCFW but in January when my $4000 resets I'm signing up for the GCIA immediately. I'd be very interested in what you think of the GCIA. I don't know anyone that has taken it so my interest in the course stems from personal interest in the material. I think GCFW and GCIA will complement each other nicely.

    Is your employer paying for SANS or are you out of pocket?
    Quote  

  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #3
    Nice review. I've really been impressed with the SANS material, just from what I've seen by peeking at Paul's stuff.

    Are you doing incident handling/forensics now? That seems like an interesting area to be involved in.

    Congratulations on the pass!
    Quote  

  4. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #4
    I'd love to take the GCIH as it seems to be all I do these days even challenge it for $900 but without any real study material ouside of SANS it'll stay on the backburner. And my training budget would get decimated if I used it on that especially when I have so much other things to do.
    Quote  

  5. The Colosus of Clout
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #5
    Originally Posted by GAngel
    I'd love to take the GCIH as it seems to be all I do these days even challenge it for $900 but without any real study material ouside of SANS it'll stay on the backburner. And my training budget would get decimated if I used it on that especially when I have so much other things to do.
    In my experience unless you know someone that will lend you the course books and MP3s you're really screwed on a straight up challenge. You have no way to know what's going to be on the exam, no way to prepare for how they'll ask questions, and no idea what is expected.
    Quote  

  6. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #6
    Originally Posted by Paul Boz
    In my experience unless you know someone that will lend you the course books and MP3s you're really screwed on a straight up challenge. You have no way to know what's going to be on the exam, no way to prepare for how they'll ask questions, and no idea what is expected.
    Exactly I'm not going to spend that money on a 50/50 chance at best. Does anyone know if SANS has a policy against sharing there material?

    And if not where we could get a hold of it.
    Last edited by GAngel; 09-30-2009 at 07:16 PM.
    Quote  

  7. The Colosus of Clout
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #7
    Originally Posted by GAngel
    Exactly I'm not going to spend that money on a 50/50 chance at best. Does anyone know if SANS has a policy against sharing there material?

    And if not where we could get a hold of it.
    Pretty sure they don't like having their material distributed. If they were cool with it no one would spend $3500 on self study and exam challenge.
    Quote  

  8. k-r4d l33t 1nf0s3c g33k
    Join Date
    Jan 2009
    Location
    407
    Posts
    191

    Certifications
    CISSP, GCIH, GCIA, C|EH, Security+, Network+, MCP
    #8
    Originally Posted by Paul Boz
    When are you doing the live training for the GCIA? I blew my training budget on Cisco tests and the GCFW but in January when my $4000 resets I'm signing up for the GCIA immediately. I'd be very interested in what you think of the GCIA. I don't know anyone that has taken it so my interest in the course stems from personal interest in the material. I think GCFW and GCIA will complement each other nicely.

    Is your employer paying for SANS or are you out of pocket?
    I'm going to the December CDI SANS event in D.C. My employer is paying for the SANS training.. well.. there was some horse trading with another department, so my manager does not have to pay for the SANS training, but they are popping for the test and travel.

    I believe it that you have known anyone who has taken GCIA, because there is only 2,059 certified professionals (twice that for GCIH). I will give my impressions of the training at the end of December, and then a review of the exam within 4 months after that.

    I have enough to pay for out of pocket with my schooling, until the end of the semester when I get reimbursed.
    Quote  

  9. k-r4d l33t 1nf0s3c g33k
    Join Date
    Jan 2009
    Location
    407
    Posts
    191

    Certifications
    CISSP, GCIH, GCIA, C|EH, Security+, Network+, MCP
    #9
    Originally Posted by dynamik
    Nice review.
    Thank you

    Are you doing incident handling/forensics now? That seems like an interesting area to be involved in.
    I have been moved into a first level IHish role. I handle a lot of the noise that our corporate incident response team does not have the time to handle. Mainly, half my time is working a project to detect and eliminate peer-to-peer software and the other half is reviewing/tuning IDS alerts. I hope to be moved into a traditional IH role soon, either by dumb luck (org changes) or by hard work.

    Previously I was doing a lot of log monitoring and vulnerability scanning.

    Congratulations on the pass!
    Thank you.
    Quote  

  10. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #10
    I applied for there work study program for:
    (GPEN)(GSEC)

    Gpen course is end of november in my city so we'll see. I'm not expecting to get through as it's so close to the actual date but worth a shot and a steal at $700. GSEC is next year march so hopefully have a better shot at that.
    Last edited by GAngel; 10-02-2009 at 08:17 PM.
    Quote  

  11. The Colosus of Clout
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #11
    I've roadmapped the GCIH and will be buying the course in January when my training budget resets. I spoke with a GCIA yesterday and he told me that the GCIA re-hashes 99% of the material from the GCFW, so it would really be a serious waste of $3500 since I will have the GCFW by then. I verified by looking at the day to day breakdown. There is nothing unique in the GCIA that the GCFW doesn't cover.
    Quote  

  12. Network Security
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,881

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #12
    I want to pursue some SANS training but no way on my own. My new job which I start soon said I would be required to go for the position I got which is cool with me. I was going incident handling/reporting at my last job. Or they could just be blowing smoke
    Quote  

  13. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #13
    I've just realized we have access to all kinds of online content and GSEC is in there. Too bad its the only SANS one but maybe i'll try and challenge it after CISS.P
    Quote  

  14. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #14
    I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now .

    It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.
    Last edited by GAngel; 10-14-2009 at 04:56 AM.
    Quote  

  15. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #15
    Originally Posted by GAngel
    I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now .
    Sweet! Where did you apply for that?

    (It's too early to google...)

    Originally Posted by GAngel
    It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.
    Good luck!
    Quote  

  16. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #16
    Under the training/workstudy section of the website. I just put in the request for the three closest to me as it shows them into early next year.

    I applied for toronto/cleveland and ottawa. Toronto was the closest and the soonest one. You have to apply for them individually and in the app state why you want to do the course etc.
    Quote  

  17. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #17
    I don't want to say how long I spent on the GIAC site trying to find that link. I got it now though

    Thanks!
    Quote  

  18. The Colosus of Clout
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #18
    Originally Posted by GAngel
    I've just gotten an email that i'll be facilitating at the GPEN course in toronto in just over a mth from now .

    It's a week before my CISSP exam so i'll be hitting the books big time over the next mth trying to get prep'd for both.
    I've studied the GPEN material to the point where I could probably sit and pass the exam. You should enjoy the material, I did. It has a lot of very practical, hands on information in it.
    Quote  

  19. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #19
    Originally Posted by Paul Boz
    I've studied the GPEN material to the point where I could probably sit and pass the exam. You should enjoy the material, I did. It has a lot of very practical, hands on information in it.
    I feel relatively comfortable with the theory side of it so it's just getting as much hands on as I can. Hopefully I feel comfortable enough to sit it in january and then OSCP in feb.

    I'm just excited to get going. It's my first SANS.
    Quote  

  20. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #20
    We had one of our senior guys come up a bit short on the OSCP yesterday, so now I'm freaking out. I've gone through the videos already, and there was a decent amount on configuring your own exploits via a debugger, etc. I did pretty good with the other sections, but that was over my head for the most part. The course is awesome, but I'm not looking forward to the exam
    Quote  

  21. Audentis Fortuna Iuvat
    Join Date
    Feb 2009
    Posts
    5,625

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CCNA (expired), MCTS
    #21
    Originally Posted by dynamik
    We had one of our senior guys come up a bit short on the OSCP yesterday, so now I'm freaking out. I've gone through the videos already, and there was a decent amount on configuring your own exploits via a debugger, etc. I did pretty good with the other sections, but that was over my head for the most part. The course is awesome, but I'm not looking forward to the exam
    I didn't know you were going after Dynamik, keep us updated on how it goes. Good luck.
    Currently working on: Studying for the CISSP
    Quote  

  22. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #22
    Yea, it officially started on the 11th. I'm going to try to get ICND2 out of the way ASAP, so I can focus on that. I have a lot of ground to cover!
    Quote  

  23. Junior Member
    Join Date
    May 2009
    Posts
    23
    #23
    i am a GCIH and I know the certification holds weight in the industry, but their training was useless for me. If you are a network admin with zero security experience, it may be ok. I took the 5 day 504 Hackers Technique course in DC a couple of years ago. You will be better off reading Hacking Exposed. Thats basically all it is. I was really disappointed.
    Quote  

  24. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #24
    Originally Posted by wera711
    i am a GCIH and I know the certification holds weight in the industry, but their training was useless for me. If you are a network admin with zero security experience, it may be ok. I took the 5 day 504 Hackers Technique course in DC a couple of years ago. You will be better off reading Hacking Exposed. Thats basically all it is. I was really disappointed.
    Bummer. Any other resources you'd recommend for the exam?
    Quote  

  25. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #25
    Originally Posted by dynamik
    Bummer. Any other resources you'd recommend for the exam?
    I was reading the e-hacker website and someone said they self studied using counter hack reloaded.
    Quote  

+ Reply to Thread

Social Networking & Bookmarks

vceplus-200-125    | boson-200-125    | training-cissp    | actualtests-cissp    | techexams-cissp    | gratisexams-300-075    | pearsonitcertification-210-260    | examsboost-210-260    | examsforall-210-260    | dumps4free-210-260    | reddit-210-260    | cisexams-352-001    | itexamfox-352-001    | passguaranteed-352-001    | passeasily-352-001    | freeccnastudyguide-200-120    | gocertify-200-120    | passcerty-200-120    | certifyguide-70-980    | dumpscollection-70-980    | examcollection-70-534    | cbtnuggets-210-065    | examfiles-400-051    | passitdump-400-051    | pearsonitcertification-70-462    | anderseide-70-347    | thomas-70-533    | research-1V0-605    | topix-102-400    | certdepot-EX200    | pearsonit-640-916    | itproguru-70-533    | reddit-100-105    | channel9-70-346    | anderseide-70-346    | theiia-IIA-CIA-PART3    | certificationHP-hp0-s41    | pearsonitcertification-640-916    | anderMicrosoft-70-534    | cathMicrosoft-70-462    | examcollection-cca-500    | techexams-gcih    | mslearn-70-346    | measureup-70-486    | pass4sure-hp0-s41    | iiba-640-916    | itsecurity-sscp    | cbtnuggets-300-320    | blogged-70-486    | pass4sure-IIA-CIA-PART1    | cbtnuggets-100-101    | developerhandbook-70-486    | lpicisco-101    | mylearn-1V0-605    | pass4itsure-400-101    | tomsitpro-cism    | gnosis-101    | channel9Mic-70-534    | ipass-IIA-CIA-PART1    | forcerts-70-417    | tests-sy0-401    | ipasstheciaexam-IIA-CIA-PART3    | mostcisco-300-135    | buildazure-70-533    | cloudera-cca-500    | pdf4cert-2v0-621    | f5cisco-101    | gocertify-1z0-062    | quora-640-916    | micrcosoft-70-480    | brain2pass-70-417    | examcompass-sy0-401    | global-EX200    | iassc-ICGB    | vceplus-300-115    | quizlet-810-403    | cbtnuggets-70-697    | educationOracle-1Z0-434    | channel9-70-534    | officialcerts-400-051    | examsboost-IIA-CIA-PART1    | networktut-300-135    | teststarter-300-206    | pluralsight-70-486    | coding-70-486    | freeccna-100-101    | digitaltut-300-101    | iiba-CBAP    | virtuallymikebrown-640-916    | isaca-cism    | whizlabs-pmp    | techexams-70-980    | ciscopress-300-115    | techtarget-cism    | pearsonitcertification-300-070    | testking-2v0-621    | isacaNew-cism    | simplilearn-pmi-rmp    | simplilearn-pmp    | educationOracle-1z0-809    | education-1z0-809    | teachertube-1Z0-434    | villanovau-CBAP    | quora-300-206    | certifyguide-300-208    | cbtnuggets-100-105    | flydumps-70-417    | gratisexams-1V0-605    | ituonline-1z0-062    | techexams-cas-002    | simplilearn-70-534    | pluralsight-70-697    | theiia-IIA-CIA-PART1    | itexamtips-400-051    | pearsonitcertification-EX200    | pluralsight-70-480    | learn-hp0-s42    | giac-gpen    | mindhub-102-400    | coursesmsu-CBAP    | examsforall-2v0-621    | developerhandbook-70-487    | root-EX200    | coderanch-1z0-809    | getfreedumps-1z0-062    | comptia-cas-002    | quora-1z0-809    | boson-300-135    | killtest-2v0-621    | learncia-IIA-CIA-PART3    | computer-gcih    | universitycloudera-cca-500    | itexamrun-70-410    | certificationHPv2-hp0-s41    | certskills-100-105    | skipitnow-70-417    | gocertify-sy0-401    | prep4sure-70-417    | simplilearn-cisa    |
http://www.tmagroup.org/    | http://www.tmagroup.org/    |