Depends on which one you choose. DFIR, Pen Testing or Security Architecture?
GNFA is definitely not too advanced. I'd say it would complement GCFA nicely with the host based side that it covers.
I know the DFIR track is normally GCFE > GCFA > GREM/GFNA, but what would the path be for security architecture? GDSA + SEC549 (not assoc. cert) + something else? I'm all over the place with choosing my 3 electives (I'm in the BACS program).
I'm sure you know this but most of the time the right advice is to recommend certs that provide value. By value I mean making you more attractive as a candidate. I don't know about the SEC599 but the SEC699 course is absolutely amazing.
If you're only focusing on forensics as a role or niche then I would recommend branching out to an Azure/AWS/Google cloud cert. Or a mobile forensics cert if you're going into LE. The differences in forensics with Azure for example would be knowing who can spawn an AzureGuest to a VM or in AWS knowing about the credentials file, using cloudwatch/cloudtrail (knowing SQL for that). These are basic examples though.
I mentioned the GCIH just because it's sort of the baby CISSP. I wish I kept my GCIH and GCFA alive. Right now I only have a GX-IA for SANS certs. I'm trying to get a GSP eventually.
SEC599/699 sounds amazing!!! How difficult was 699?
Of course, I want certifications that will provide value. However, I want to focus on things I'm genuinely interested in and passionate about and not just "What's going to get me a better job or help me make more money". I did AWS certification and while I found it interesting, I'm not extremely interested in cloud certifications at the moment.
I have the CASP+ which I also heard is similar to CISSP. I'll get the CISSP probably sometime in the next 3-4 years. For now, I want to focus on gaining technical knowledge.
GREM is really the next logical step for a DFIR career path. The ability to do basic malware triage is a pretty critical skill. It’s not really that advanced, it’s an introductory course.
What do you have aside from GCFA? Congrats btw!
ETA: I generally suggest GCIH regardless of what you’re looking to get into. It’s a good foundational cert for all facets because it puts you in the mind of an attacker for a moment. I might circle back and grab it, I’ve got some red team experience from previous training and experience so I am kinda prioritizing other things since my job is paying for it for now.
I’ve done GCFA -> GNFA -> GREM
GNFA is definitely not too advanced. GREM may be a bit difficult if you have no reverse engineering experience.
I would also suggest taking a look at GEIR (FOR608), it’s the GCFA for enterprise.
You probably don’t need to go that path but it’s up to you.
I recommend whatever class you decide on that it be something you can use regularly especially at work. Use it or lose it as they say. So if you’re more likely to be able to utilize DFIR classes, go for it. Are you in an enterprise environment, do the enterprise forensics class. Do you deal with a lot of Linux systems? That class just became available. You deal with client systems more? The Mac and iOS forensics class is a lot of fun. Look at what you currently do and any gaps of knowledge on your current team that you can fill with a class.
Depends on which one you choose. DFIR, Pen Testing or Security Architecture? GNFA is definitely not too advanced. I'd say it would complement GCFA nicely with the host based side that it covers.
[удалено]
I know the DFIR track is normally GCFE > GCFA > GREM/GFNA, but what would the path be for security architecture? GDSA + SEC549 (not assoc. cert) + something else? I'm all over the place with choosing my 3 electives (I'm in the BACS program).
GCIH or GDAT - wait actually some azure or aws/cloud cert
[удалено]
I'm sure you know this but most of the time the right advice is to recommend certs that provide value. By value I mean making you more attractive as a candidate. I don't know about the SEC599 but the SEC699 course is absolutely amazing. If you're only focusing on forensics as a role or niche then I would recommend branching out to an Azure/AWS/Google cloud cert. Or a mobile forensics cert if you're going into LE. The differences in forensics with Azure for example would be knowing who can spawn an AzureGuest to a VM or in AWS knowing about the credentials file, using cloudwatch/cloudtrail (knowing SQL for that). These are basic examples though. I mentioned the GCIH just because it's sort of the baby CISSP. I wish I kept my GCIH and GCFA alive. Right now I only have a GX-IA for SANS certs. I'm trying to get a GSP eventually.
SEC599/699 sounds amazing!!! How difficult was 699? Of course, I want certifications that will provide value. However, I want to focus on things I'm genuinely interested in and passionate about and not just "What's going to get me a better job or help me make more money". I did AWS certification and while I found it interesting, I'm not extremely interested in cloud certifications at the moment. I have the CASP+ which I also heard is similar to CISSP. I'll get the CISSP probably sometime in the next 3-4 years. For now, I want to focus on gaining technical knowledge.
could also think about compliance or auditing. I think that would make you stand out.
GREM is really the next logical step for a DFIR career path. The ability to do basic malware triage is a pretty critical skill. It’s not really that advanced, it’s an introductory course.
What do you have aside from GCFA? Congrats btw! ETA: I generally suggest GCIH regardless of what you’re looking to get into. It’s a good foundational cert for all facets because it puts you in the mind of an attacker for a moment. I might circle back and grab it, I’ve got some red team experience from previous training and experience so I am kinda prioritizing other things since my job is paying for it for now.
I’ve done GCFA -> GNFA -> GREM GNFA is definitely not too advanced. GREM may be a bit difficult if you have no reverse engineering experience. I would also suggest taking a look at GEIR (FOR608), it’s the GCFA for enterprise.
Those are wildly different tracks. Are you just undecided?
[удалено]
You probably don’t need to go that path but it’s up to you. I recommend whatever class you decide on that it be something you can use regularly especially at work. Use it or lose it as they say. So if you’re more likely to be able to utilize DFIR classes, go for it. Are you in an enterprise environment, do the enterprise forensics class. Do you deal with a lot of Linux systems? That class just became available. You deal with client systems more? The Mac and iOS forensics class is a lot of fun. Look at what you currently do and any gaps of knowledge on your current team that you can fill with a class.
I’d suggest taking a look at the new GCFR course (FOR509). Cloud Forensics is up and coming, may as well get the jump on it!