I am burning my way through CEH self study and I am going to test in a few weeks.  I wanted to know if it would be worth my while to also go back for GCIH.  GCIH was my first pick for my next certification, but due to department budget issues not being resolved, I went with my second choice.  Is there a lot of overlap in CEH and GCIH?  I've been told that GCIH focuses more on defense and incident response, where CEH is more of attack (which is what I am finding).

Your opinions are appreciated!

Hi again Unsupported!

I would def go with GCIH. In my opinion, as well as my bosses, GCIH is more marketable to employers. Incident Handling is a valuable skill to have, especially in these times. As a plus you also get the hacker exploits and techniques part which preps you for offensive security and pentesting if that's what you are looking to do.

There are about three reviews below your topic in the forums reviewing GCIH and I also recommended reading here:

http://blog.networkfoo.org/?tag=sans-504

Also i tend to tell students to look into getting the Certified Network Defense Architect if they will be consulting gov or state agencies. Same test as the CEH, different name. State/gov offices don't like the word "hacker" in anyone's title, the exam code for that CNDA is 312-99 and you have to email EC to get to take it.

Good luck!

Alternatively, once you have earned CEH you can pay a $50 (last I checked) fee to receive CNDA (and I'm sure there's some sort of application/paperwork that goes along with it).

BillV

I believe its in the faq section... maybe...

They tell you when you email them. And as stringent as the requirement sounds it not hard to convince them to let you switch the title.

On a side not i one saw a guy touting BOTH certs... i didnt want to say anything, but i thought it was funny. Using 1 test for two titles.. cmon!

Thank you all for the information regarding GCIH.  My team is moving towards a security operations center (CIRT level 1) role and I think once I self study I can get my manager to pop for the cheapest SANS training option.

Thanks for the link to the CNDA application.  I may be able to swing it, as long as their interpretation of US Govt. Agency is loose.  I work for a big company who is good friends with the government and I have enough ties to an agency/program to be able to keep "secrets".

Does anyone have experience with converting a CEH to CNDA?

If GCIH is your first choice then it sounds you are looking to go down the incident handler path. If that is the case then the CEH won't really help you achieve your goal, however, it is isn't a bad supplement. If you know more about the potential ways an intruder will be getting it to your network then that always helps in incident response. It won't help with the detection and eradication portions of IH, but it never hurts to keep learning.

If you are looking to go down the offensive path then I would recommend the GPEN from SANS. The SANS class does a good job explaining attacks and also includes valuable sections for reporting your findings to the client which is not included in the CEH. If you can effectively communicate, classify, and prioritize your findings to the client then the it doesn't matter how good the attack was. At the end of the day there has to be value for the client.