View Poll Results: GSEC or CEH - whats first

Voters
14. You may not vote on this poll
  • CEH

    7 50.00%
  • GSEC

    7 50.00%
+ Reply to Thread
Results 1 to 16 of 16
  1. Member
    Join Date
    Jan 2010
    Posts
    38
    #1

    Talking GSEC vs CEH - what's first?

    Anyone who has done both GSEC and CEH, please advise me on which one of thwo should pursue first?

    P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.

    Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #2
    Entirely different certifications. CEH is ethical hacking. GSEC is general security (like a slightly more advanced Security+). Either would be useful, but GSEC is more of a broad security certification.

    If this is your first dive into security, you may want to consider going after the Sec+ first. The advantage here is cost. You can probably study/take the Sec+ for under $400. GSEC to take the SANS course, and the certification is going to be more like $4,000.

    Are you planning to go more of a pentesting route, or are you thinking about going into something else? I guess that's going to be the biggest question. If pentesting is your goal then CEH is what you want to take. If you are just trying to break into security and have very little security knowledge, I would go Sec+. If cost isn't a concern, I would do GSEC.
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,614
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #3
    I agree that these certs are apples-and-elephants. And the GSEC exam is a lot harder than the Security+ exam. It'd better be for the money you pay for the class and the exam. And if you are getting certs to get a better job, make sure you select the certs that your prospective employers are asking for.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #4
    Quote Originally Posted by codeace View Post
    P.S: I know GSEC is expensive. I'm looking for the logical sequence of certifications.
    I would GSEC then C|EH in that case. You might want to look at these forums for more security specific thoughts on security certifications: The Ethical Hacker Network - EH-Net - Index
    Currently working on: Resting
    Reply With Quote Quote  

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,614
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #5
    The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  7. Member
    Join Date
    Apr 2010
    Location
    Minnesota
    Posts
    57

    Certifications
    MCP(70-270, 70-290, 70-291), A+, Security+, MCSA, MCTS:Upgrade to 2008 (70-648), ITIL v3 Foundations
    #6
    I was thinking of following the Sec+, SSCP, CISSP route that you mentioned. Are there any other decent stepping stone courses that I should look at (stepping stones to the holy grail CISSP, of course)
    CISM? Also GIAC has a whole bunch different security certs- GISF, GCWN, GCFA, GSE although I wasn't aware that the courses for these certs were so expensive. I thought I read on the GIAC website that their certs didn't have prerequisites. Or does not attending their classes mean you will have no shot at passing their tests? As I don't recall seeing many study guides for the GIAC certs; Amazon did have a few- GSEC
    Reply With Quote Quote  

  8. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #7
    Well, I am going to be forced down the Security+ --> C|EH--> simply because I have no previous security experience. I definitely plan to do the GSEC down the line simply because it is so common on Monster. In fact, during my searching I found it to be the most common GIAC cert for security jobs on Monster.
    Currently working on: Resting
    Reply With Quote Quote  

  9. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #8
    really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.
    Reply With Quote Quote  

  10. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #9
    Quote Originally Posted by SephStorm View Post
    really? That is interesting. I generally avoid monster, as I have a memory of recent issues with that company, I dont remember the specifics, but anyway, that is interesting. If I had to pick a "holy grail" for pentesting, I would say OSCP or OSCE, or another more performance based certification. You can read review of the CEH, which can tell you of the content of the exam. Nice title, okay info, little use.
    While I agree that OSCP is a much more difficult exam, it's not all that well known yet. CEH is on the DOD list, so that really helps its credibility. Let's face it, the point of getting certifications is to get a job or help you move up in the one you have. That's why I'm not overly crazy about the OSCP, just yet.

    codeace,
    Find an area of infosec that you want to do, and stick on that track. General security knowledge will go a long way to help you, but being specialized in something is a good thing.

    Veritas,
    The layout you have is fine. Sec+ and CEH should give you a very good foundational knowledge base. I've really enjoyed my Sans studies, but its out of range unless you have a company that's willing to pay for it.
    Reply With Quote Quote  

  11. Senior Member kriscamaro68's Avatar
    Join Date
    Apr 2008
    Location
    Utah
    Posts
    1,149

    Certifications
    MCSA: 2012R2, MCS: Server Virtualization, MCTS-Win7, Security+, Server+, Net+, A+
    #10
    The more I learn about the CEH the less I like about it. It is very outdated also. I would probably go after it if they update it here soon.

    I plan on something around this order

    Sec+ > SSCP > GSEC > GPEN > OSCP. I may throw in the CEH like i said if they update it. Also may do SCNP.
    Reply With Quote Quote  

  12. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #11
    What you say may be true, but for me it's also what is known to HR. That is the reason I don't do certain certifications, and do take other certifications.
    Currently working on: Resting
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,614
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    With the U.S. Department of Defense now recognizing the CEH, it is more interesting now for my resume as well. I'm just not looking forward to spending six-plus months studying the 70-some-odd modules covered by the CEH exam.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  14. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #13
    I feel your pain on that one. I am trying to do the EC-Council ENSA certification with two? large books and a lab manual if im not mistaken. tough to dive into. Thats why I am keeping an eye out on the EC-Council Press books in stores now (I've seen Wireless|5 and CEH), as well as any ground courses.
    Reply With Quote Quote  

  15. Member
    Join Date
    Jan 2010
    Posts
    38
    #14
    Quote Originally Posted by JDMurray View Post
    The "logical sequence" depends on what specialty you are combining with InfoSec. For example, some people go the Security+->SSCP->CISSP route for a general technical track. Network security people can go the Security+->CCNA Security->CCSP route. And those whose employers will pay for it go the Security+->GSEC->(additional SANS GIAC certs here) path. For hacking, Security+ followed by CEH is a typical start.
    Makes sense! But if they both were to help with my generic security foundation (again not targeting a specific role) for an Jr./entry level position, then the SSCP>GSEC>CEH seem to have the logical flow from GENERIC>SPECIFIC.

    Thanks folks!
    Reply With Quote Quote  

  16. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #15
    For DOD the training does not just include SEI identifiers for those Certifications under 8570.1. There is also billet requirements for those jobs. Those requirements have to be met in addition to 8570.1 requirements. An example of this in DOD is you are required to pass Security+ and then GSEC before you move on to CEH. CEH is not more difficult than GSEC it is just for a different purpose. After all how can you effectively hack systems without understanding how they are secured or common weaknesses system administrators overlook or ignore.
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Jul 2010
    Location
    LAGOS ,NIGERIA
    Posts
    1

    Certifications
    CCNA,CCNP,
    #16

    Exclamation Ceh complete package

    Anyone who has passed CEH, should please send me details on how to get complete package of the certification. Thanks
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks