April 6, 2011 Karn Ganeshen

Passed GIAC GCIH Exam

Hey fellas,
After around a month’s preparation post passing GPEN, I sat for and passed  GIAC Incident Handling exam yesterday.
Here is the program detail:
This subject teaches about Incident Handling skills, and dives deep into various attack vectors. Also, interesting is to learn how to understand and apply this knowledge to attacks vis-a-vis the 6 Incident Handling phases.
The exam was gripping at all times, and I found a handful of pretty tricky questions in there too. I will not delve any detail on the questions, only that you should have decent experience in most / all the topics mentioned in the syllabii as well as have at least some exposure to handling events / incidents from a high level.
Here is the GCIH certification bulletin:

Day 1 today, and I am already finding this knowledge very helpful. It is comforting to be able to relate methods n thought process of a penetration tester in confirming / exploiting security weaknesses in a customer environment, with the defensive approach of an Incident Handler. This brings out all the worth of GPEN n GCIH cos it is crucial to be able to help customers’ infosec / security team understand ways an attacker can get in as well as recommendations pertaining to each of the phases of Incident handling process; i.e. 
preparation / identification / containment / eradication / recovery and lessons learned. And lastly and equally importantly, as a consultant, you can show the playground and the game to (non-tech) executives.
What say? Go for it!
Tagged: , , , , , , , ,

Comments (2)

  1. tF

    Karn, can you explain how self-study works? When you pay for and schedule an exam, you will receive some official course material? Why does the GIAC website list “Bulletin (Part 2 of Candidate Handbook)”? Where is Part 1, and what is the Candidate Handbook? I do not have the $$ to pay for the training, so what is the self-study alternative? Is it simply look at the “Bulletin” objectives and try to learn as much as possible about the topics?

    • Karn Ganeshen

      Hi tF,

      When you go for the self-study option, SANS will provide you with books and mp3 audio for the course. It is an expensive option just like instructor led class, I hear you.

      Can you talk a bit about your skills and professional experience? Going the self-study, non-GIAC route will also require you to research on each of the Bulletin objectives. I would recommend getting experience in PenTesting and related topics first, i.e. the offensive security domain first. If you are comfortable with PenTesting, both theory and hands-on, you should be able to cover most of the topics with ease.

      Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *