If you want to work in incident response, two certifications dominate the conversation: EC-Council's ECIH and GIAC's GCIH. They cover similar ground (incident triage, containment, eradication, recovery) but differ sharply in price, depth, exam style, and hiring perception. Here's an unsentimental comparison.
- Cost (India): ~₹50,000 with ATC
- Exam: 100 questions, 3 hours, online
- Depth: Broad — IR planning, malware, insider, cloud, SCADA
- Lab: iLabs included
- Renewal: 120 ECE credits / 3 years
- Cost (India): ~₹6,50,000 with SANS course
- Exam: 100-150 questions, 4 hours, open-book proctored
- Depth: Deep — adversary tradecraft, hands-on triage
- Lab: SEC504 hands-on labs
- Renewal: 36 CPE / 4 years + retest
What ECIH covers
ECIH (v3) covers nine domains: IR fundamentals, IR planning, first response, malware incidents, email security incidents, network security incidents, web app incidents, cloud incidents, and insider threats. It maps neatly to NIST 800-61, ISO 27035 and the SANS PICERL model. Strong for breadth, especially for analysts who need a single certification to demonstrate IR competence to management or auditors.
What GCIH covers
GCIH (paired with SANS SEC504) is built around 'Hacker Tools, Techniques and Incident Handling'. It teaches you the attacker's playbook deeply and then layers detection / response on top. Expect to deal with command-line forensics, network artefacts, malware behaviour, and Windows / Linux triage. The open-book proctored exam rewards you having organized notes, not memorization.
India hiring landscape
- Indian Big4 / consultancies: Both accepted; ECIH is more common because it's cheaper and more widespread
- Internal CSIRT at BFSI majors: GCIH preferred where budget allows
- MSSPs / MDR providers: Either; GCIH carries weight in senior triage roles
- Government CERTs and PSUs: ECIH common because of EC-Council's CERT-In partnership history
- Startup CSIRT: Either is fine; OSDA + practical labs often more valuable
Cost analysis (₹)
| Item | ECIH (with Macksofy ATC) | GCIH (with SANS) |
|---|---|---|
| Course + courseware | ₹38,000 | ₹5,40,000 |
| Exam voucher | ₹12,000 | ₹78,000 |
| Lab access | Included | Included |
| Renewal cost (per cycle) | ECE credits — typically free | ₹35,000 + 36 CPE |
| Total upfront | ~₹50,000 | ~₹6,18,000 |
Decision tree
- Need IR cert fast for promotion / role change → ECIH
- Employer reimburses SANS → GCIH (do it, the depth is worth it)
- Aiming for FAANG / GCC senior IR / DFIR roles → GCIH > ECIH
- Aiming for Indian BFSI / MSSP / consultancy → ECIH first, GCIH later if budget allows
- Want hands-on red-aware blue depth → OSDA > GCIH > ECIH for tradecraft
Our ECIH and IR training is one of several hands-on tracks Macksofy delivers across India and the UAE. CERT-In empanelled, OffSec/EC-Council authorized, with weekend cohorts and corporate batches.