After around a month’s preparation post passing GPEN, I sat for and passed GIAC Incident Handling exam yesterday.
Here is the program detail:
This subject teaches about Incident Handling skills, and dives deep into various attack vectors. Also, interesting is to learn how to understand and apply this knowledge to attacks vis-a-vis the 6 Incident Handling phases.
The exam was gripping at all times, and I found a handful of pretty tricky questions in there too. I will not delve any detail on the questions, only that you should have decent experience in most / all the topics mentioned in the syllabii as well as have at least some exposure to handling events / incidents from a high level.
Here is the GCIH certification bulletin:
Day 1 today, and I am already finding this knowledge very helpful. It is comforting to be able to relate methods n thought process of a penetration tester in confirming / exploiting security weaknesses in a customer environment, with the defensive approach of an Incident Handler. This brings out all the worth of GPEN n GCIH cos it is crucial to be able to help customers’ infosec / security team understand ways an attacker can get in as well as recommendations pertaining to each of the phases of Incident handling process; i.e. preparation / identification / containment / eradication / recovery and lessons learned. And lastly and equally importantly, as a consultant, you can show the playground and the game to (non-tech) executives.
What say? Go for it!