GSEC or GCIH, for a Security Analyst?

Question

I've been with this confusion of getting a certification for a long time!! With the aim of becoming a Security Analyst/Tester, and for a good kick start, which one of these two is good?
GSEC or GHIC??
I took a look at the objectives of both these certs.
GSEC objects to end to end concept with a basic toolset/practical problems (IMHO)
GHIC objects to real problems/practical solutions.. (at least that's what i think).

P.S. I have some basic(Theoretical) understanding of security concepts

(Update) edit: omg!! i just took a look at their training program which costs $4000 !! real? also, i took a look at few gsec books at amazon and they were outdated.. so, is there a way to get a proper course-ware outside of sans and expect it to cover the syllabus?

hmm.. i went for isc2 and sans since i see these two more often.. — Karthik, Oct 04 '11 at 10:07
@Cheekysoft - CREST is a certification to show you are at the top standard of penetration testing. It certainly won't be a starting point :-) — Rory Alsop, Nov 03 '11 at 11:01

score 3 · Answer 1 · edited Sep 05 '12 at 01:27

I would say do both to be honest.

GSEC will give you the foundations that you need to know (similar to the information you would get from doing a CISSP) but it won't give you the knowledge you want to be a Security Analyst or Tester.

GCIH is all about incident handling and basic hacker techniques, and as your career progresses you'll learn that they are basic.

To be a good security analyst you need experience, but having those certs will get you on your way. I would also look at the OSCP offering by Offensive Security and the GPEN cert by SANS/GIAC.

score 2 · Accepted Answer · edited Mar 17 '17 at 10:46

ISC2 CISSP will not give you what you need to be a tester, although it does give you access to a range of useful information for a security practitioner.

You can get a lot of practical experience and learning through free online resources such as OWASP's WebGoat - and by playing around with tools such as the Backtrack suite, so I would recommend them first before spending too much money.

Have a look at these questions:

Or in fact any of the Related Questions on the right.

As @Cheekysoft mentioned, CREST is the UK's gold standard on penetration testing, and it is also being rolled out in other countries.

You should also look at the Penetration Testing Execution Standard, which is being developed as a methodology/toolset for how to manage penetration tests.

score 0 · Answer 3 · answered Sep 06 '12 at 15:07

0

Do whichever your job requires/boss will give you a raise for ;) Ultimately they don't matter, the knowledge required to do your job does.

answered Sep 06 '12 at 15:07

Marcin

2,508
1
15
14

GSEC or GCIH, for a Security Analyst?

3 Answers3

Linked