Has anyone here taken and/or challenged the GCIA certification? There doesn't seem to be much talk about it here on these boards and I am curious to see if anyone here has done it.

I took it via SANS OnDemand and did the cert in spring of 2010. It's a fantastic course/cert. What do you want to know?

In a nutshell (I've taken all 3 but did not sit for the GCIH exam):

GCIA - deep dive into packet analysis, hex math, intrusion analysis, yum. This is a blue team course. You will walk away seeing packet dumps in your head and tcpdump switches embedded on the inside of your eyelids.

GPEN - network pentester skills - this is a red team course. It does cover pentest methodology but differs slightly from GCIH in that things like maintaining access and covering tracks are not covered (typically not part of a pentest). Awesome course, take it with Ed Skoudis if you can.

GCIH - responding to attacks, understanding black hat mindset, and some nifty tricks for incident detection and response. Incident handling methodology is covered as well. this is a blue team course.

Exactly. SANS has a cyber guardian program that lays out their roadmap for blue team and red team members, obviously using SANS courses since that's their business. 

http://www.sans.org/cyber-guardian/

I haven't done this program yet as I still require 2 of the baseline skills certs and 1 of the courses but I tend to focus more on red team activities. (took Sec504 but didn't sit for GCIH, and never took the SEC508 or GCFA exam) The bonus here is that  completion of this program also qualifies you for the GSE exam. I'm determined to get there one day, but if you focus only on red team types of skills I think passing the practical for GSE may be a bit difficult. We have a few GSE's on the boards who could probably talk more about that if you are interested. I know I am.

I can't talk for GCIA, but I did GSEC and GPEN without taking SANS courses.

However, I took Pentesting With Backtrack (PWB) from Offensive-Security before trying GPEN. It doesn't cover everything, but it covers a great deal of what you need for GPEN.

But that being said, if I had the money, I would have taken a SANS course anytime...

Last thing, the two practice exams helped me a lot get ready for both exams. When I "thought" I was ready, the practice exams help me focus my study and prepare my notes on areas I was a bit weak.

So it is feasable, but harder...

I really like http://www.packetstan.com/ for packetfu. The authors Mike poor and Judy Novak are also course authors for the GCIA course.

You could probably self study the GCIA if you used the right materials. I'd probably start with TCP/IP illustrated vol 1 and the Wireshark Network Analysis book by Laura Chappell. Richard Beitlich's Tao of Network Security Monitoring would be good as well. You will want to get familiar with Snort and also download the TCP/IP cheatsheet at http://www.sans.org/security-resources/tcpip.pdf

Many many questions will require that cheatsheet so get it for sure.

The certification objectives are at

http://www.giac.org/certbulletin/gcia.php

I also used the following cheatsheets:

http://packetlife.net/media/library/8/IPv6.pdf

http://packetlife.net/media/library/12/tcpdump.pdf

http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf

http://packetlife.net/media/library/23/common_ports.pdf

as well as printouts of the manpages for p0f, tcpdump, tshark, tcpreplay, snort, and other related tools

I also used the http://www.sans.org/security-resources/idfaq/oddports.php list of well-known trojan ports and you may find other good resources at the SANS intrusion detection FAQ http://www.sans.org/security-resources/idfaq/

There's also tons of good IDS papers in the SANS reading room and I found some good resources at http://www.whitehats.ca/main/members/Seeker/ which is Guy Bruneau's page there. he wrote parts of the GCIA course as well. he also wrote this post at SANS on installing SGUIL http://www.sans.org/security-resources/idfaq/slackware.php

I could probably keep posting various links on barnyard, acid and other topics but this should get you started. Like mentioned before, the poractice exams are a very good indicator. I would personally recommend taking the course though. it's really good and if you go the volunteer route at SANS you can attend a conference, get 4 months of ondemand and the cert for only 800.00.

Excellent links.

I am even more determined to go for it now!

Now if someone could just give me $900 dollars.

I took the SANS OnDemand Intrusion Detection In-Depth.  I liked the class, learned alot and passed the test earlier this week.

Right now I am the only sec guy so I do a large amount of different things.  I spend about a quarter of my time doing IDS and log analysis.