Hello Everyone,

I have been saving couple of bucks this year to spend on training.  So decided i should look into Incident handling( which i have no experience ).  Browsed sans course curriculum website, seems similar to a pen testing course. So I'm not sure that whether i should go for this course specially when I'm spending around 4k myself. Members over you have previously done this course could advise me " what exactly i would get out of the course" I'm really interested in incident handling.

Are there any better courses courses for incident handling  ( I'm looking to get good knowledge don't care about the value of certification )

Should I be look into sans 408 ?? or ECIH

Please advice

Hello Dark Knight thanks for replying.


No this is not my 1st security cert and i have previously taken courses with sans.

well I'm have been working in security operations/auditing for a while.

Thanks for the info dymanik. I'm definitely don't want overlap as i would be planning for OSCP or similar kind of course in future as well i have ECSA/LPT.

I would believe GCIH is about how to counter the incidents using various tools & tricks along with methodologies ??

Hello crossover,

I really like the SANS IH course as it’s a great introduction to the incident handler process and from what you’re saying, I’d think this is a good starting point.

More advanced or very focus IH courses are from US CERT http://www.cert.org/ or one I’d love to take is Richard Bejtlich's course http://www.blackhat.com/html/bh-ad-10/training/bh-ad-10-training_ts.html

COm_BOY –

If you have the time, energy, resources and luck to find everything you need and then can make sense of it online, then go for it. There’s a lot of very poor information out there on the web, so paying for training that has been peer reviewed and raved about mean you get an excellent education in a very short time space. Money outlays from courses can be a problem, but as long as it’s invested wisely, it pays for itself in the long run and over the course of your career.

I really enjoyed the back track course, but even with the 60 day labs, I was under a lot of time pressure. Given the option of having six days in a class room with like-minded people over sitting at home for a month with a million real world distractions, I’d opted for the classroom. :-)