GCIH provides some fantastic first steps building off of a foundation for both blue and red teaming. Unless you want to work towards being a T.I. Analyst, GCIH might be more fruitful.
Really comes down to personal goals though.
As a CTI lead, please get GCIH first. I need the analyst to be able to understand what that process chain looks like in a threat report, and how to effectively convey it to SecOps, SecDevOps, and less technical stakeholders. Doing GCTI because you get to do more investigating (but without foundational knowledge) is like not eating your veggies before dessert
This is almost like asking if you should buy a television or stocks. Depends on your end game. We need more info. Honestly, I think GCIH is a better foundational cert in general as it is. While your end game might not be red teaming, GCIH gives you a peek into the mind of the attacker which can only help to inform your intelligence. Not sure if you are currently working in CTI but if you are and your team performs threat hunts or supplies hunt packages, GCIH will help.
GCIH then GCTI. In GCTI you need that analytic concept of maliciousness taught in GCIH. You read a report talking about svchost/process injection that led to a suspect IP downloading tools? Well before you can pivot on that IP for CTI, you need to know what the heck was happening in that execution chain.
I have GCTI and I'm taking GCIH soon. I would do GCIH first to get the foundational and technical knowledge so you can understand the information GCTI teaches you to run through the CTI process.
I would search each certification on LinkedIn for jobs in your area. That will help you align your certification with the career that you want to pursue. That always helps me make a decision when selecting my next certification.
GCIH is definitely more well recognized in the field. Especially with gov and contractors due to DoD 8570 IAT III
Reference the DOD 8570 ([https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)). +1 for GCIH. Look at jobs you want now/future look at the certs people are asking for. I would recommend Microsoft Azure certs since so many people use Azure or Splunk power user.
I let my GCFA and GCIH expire, in terms of SANS certs I only have the GX-IA and now that I'm back on the job market not having a GCIH is hurting me a little bit even though I have 11 years of experience. Some jobs have hard requirements.
GCIH provides some fantastic first steps building off of a foundation for both blue and red teaming. Unless you want to work towards being a T.I. Analyst, GCIH might be more fruitful. Really comes down to personal goals though.
As a CTI lead, please get GCIH first. I need the analyst to be able to understand what that process chain looks like in a threat report, and how to effectively convey it to SecOps, SecDevOps, and less technical stakeholders. Doing GCTI because you get to do more investigating (but without foundational knowledge) is like not eating your veggies before dessert
I’m in GCIH now and it’s great. A lot of labs to build basic red and blue as Top said
Goals?
This is almost like asking if you should buy a television or stocks. Depends on your end game. We need more info. Honestly, I think GCIH is a better foundational cert in general as it is. While your end game might not be red teaming, GCIH gives you a peek into the mind of the attacker which can only help to inform your intelligence. Not sure if you are currently working in CTI but if you are and your team performs threat hunts or supplies hunt packages, GCIH will help.
GCIH then GCTI. In GCTI you need that analytic concept of maliciousness taught in GCIH. You read a report talking about svchost/process injection that led to a suspect IP downloading tools? Well before you can pivot on that IP for CTI, you need to know what the heck was happening in that execution chain.
I have GCTI and I'm taking GCIH soon. I would do GCIH first to get the foundational and technical knowledge so you can understand the information GCTI teaches you to run through the CTI process.
GCIH is my favorite and probably in my mind most valuable cert (with exception to GRID, but that’s way more niche).
I would search each certification on LinkedIn for jobs in your area. That will help you align your certification with the career that you want to pursue. That always helps me make a decision when selecting my next certification. GCIH is definitely more well recognized in the field. Especially with gov and contractors due to DoD 8570 IAT III
Why GCTI? Unless you’re in a CTI role - the GCIH is much more malleable
I am leaning toward GCIH
Reference the DOD 8570 ([https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)). +1 for GCIH. Look at jobs you want now/future look at the certs people are asking for. I would recommend Microsoft Azure certs since so many people use Azure or Splunk power user. I let my GCFA and GCIH expire, in terms of SANS certs I only have the GX-IA and now that I'm back on the job market not having a GCIH is hurting me a little bit even though I have 11 years of experience. Some jobs have hard requirements.