I just passed my SANS GCIH exam and I'm very excited about it. It was a great certification and I learned quite a bit studying for it.

If you have any questions on my preparation for the exam, please let me know. I'll help you where I can, without giving away anything about the test itself.

Honestly, it's been a few years since I've taken any exams and I need to catch up on a few. I'm most likely going to take the CEH exam and move onto the OWSP.

Any recomendations?

Congrats on the pass!

What type of position do you currently hold? Where do you want to go? What are your goals?

Recommendations will be vary greatly depending on if you want to be a pen tester compared, or if you want to go into management, or if you want to do something else entirely.

Recommendations will be vary greatly depending on if you want to be a pen tester compared, or if you want to go into management, or if you want to do something else entirely.


Currently I'm an engineer, but would like to work my ways towards more of a managment position. Does this help?

+1 CISSP will get you the most bang for you buck, but IMHO, CISM had more relevant material. The CISSP is commonly referred to as being a mile wide and an inch deep, and covers everything from physical security to encryption. The CISM focuses on information security management and doesn't include all the ancillary topics.

The CISA is geared more towards auditing, but it will likely be useful knowledge to have in a management role since you will likely be dealing with SSAE16 audits, PCI audits, internal audits, etc.

To be honesty with you I was going to attempt the following this year:

1. CEH
2. OWSP
3. CISM

If I'm able to I'm going to attempt the CISSP or a course to take it by the end of the year or earlier next year.

Regarding the CEH how difficult it is compared to the GCIH exam?

Congratulations matt81 for your GCIH cert!!

I would go for CISSP next if you aim at being a manager. Like the others said, it is a necessary evil...