I know I want to be a "security analyst" and eventually security engineer but I am not sure if I want to work with firewalls, IDS/IPS, systems, web applications or a mix of all of the above.  The GCIA seems interesting but so does GPEN, GWAPT, and GCFW. At the cost of 900-3500 a pop though, it is a bit out of reach.

I am gainfully employed but I know they wouldn't pay 3k+ for a class (and I wouldn't ask).
More than likely I might try to challenge a cert or two but even that is starting to sound like a tough pill to swallow. 1k is a good amount of money. The OSCP looks awesome but it is 1k but at least that includes training and stuff. 1K just to challenge a test? Seems a bit pricey lol.

I might just try to knock out the "cheap stuff", MCTS, C|EH, SSCP, Elearn, offensive security and possibly learn security online. Then I'll find an employer who will pay for the big stuff (SANS).

I did it last year and I agree, it's awesome! Best part is the networking. I met ALOT of bright people I still keep in contact with.

I haven't taken the actual test for the GCIA, but I can tell you that its the only practice test for GIAC exams that I've taken that I failed. I guess that either means that the test is harder or I'm pretty crappy at packet analysis.

I do a lot of the Technical Screening at my company so i will give you a quick breakdown of what we look for in our analysts.  It likely varies from job to job, but this will give you an idea.  


Firm Understanding of general Networking  and protocols such as (TCP, UDP, ICMP, HTTP, HTTPS, FTP, SSH, SSL, DNS, SMTP etc..)

Understanding of IP Addresses and Subnetting.  For example what is an RFC1918 address and what is special about it.

Comfortable using Linux and various utilities such as (grep, awk, tcpdump, cat, tail, head, etc..)

Firm Understanding of web attacks such as (SQL Injection, XSS, RFI, CSRF, directory traversal etc..)

Good Understanding of Regular Expressions

Good Understanding of how networks devices work such as routers, switches, hubs, bridges, Host Based and Network based IDS/IPS, Firewalls, Web Application Firewalls, Proxies etc..

Some familiarity with nmap or other scanning tools

Experience using Databases such as MySQL, SQL, Oracle


Also as an Analyst you need to be able to pick up minor details.  It really is a job that requires a lot of attention to detail.  This is likely why people say that the test is tough.  SANS has a tendency to formulate the answers to the questions very similar so when you glance over them they all look the same, but there may be 1 minor detail that separates that answer from the rest like 1 octet may be different or the port number.  Stuff like that is what is the biggest hang up.  I hated it at first but after being in the position for 3 years I have learned that it is a necessity for you to be able to pick that kind of stuff out or you will easily miss attacks.

I'm doing GWAPT and SANS Metasploit course in April but I've been seriously considering WCNA after that. It's either that or RHCE. I'm still interested in OSCP but Im thinking I'll wait a bit on that as I've been focusing on the pentest stuff lately and need to round out a bit some of my core skills. I have the WCNA book and it's really good stuff.

@nothingelse: Great write up! Thanks, for your insight!