I just wrapped up the 5-hour GSEC Security Essentials exam after having studied for the last 6 weeks, and I have to say that I am so relieved! My goal wasn't just to pass the exam, but to get on their coveted Advisory Board, which I ended up achieving.
SANS401 is not just another cybersecurity course, it's a way of thinking. It conditions your mind to think of security as a layered approach, and I loved it!
Here are my thoughts on what it was like studying for a GIAC examination and attending the 6-day bootcamp...
Although I'm an Engineer, my major was in Instrumentation Technology, which primarily deals with Industrial Control Systems (ICS)/SCADA, and Automation. After university, I worked at IBM in Support, Infrastructure, Incident Management, and the Service Desk. So by no means am I very technical, but I am not a novice either. That being said, cyber security was a whole new field for me.
Security Essentials, for those new to the course, is a beginners course in cyber security that's designed for people new to the industry, IT professionals looking to switch roles or move up, and those looking to fill gaps in their learning. GIAC, the governing body, and SANS, the organization that teaches the course, have ensured that it's a sought after certification by keeping the standards high, and the knowledge gained from it invaluable. I believe it's offered as a self-learning course apart from a bootcamp style classroom session. I would definitely recommend taking the bootcamp as there is a lot of information to grasp (60 hours, 6 books + 1 workbook spread close to 1500 pages) in very little time.
I had the pleasure of attending the bootcamp live with the lead author of the course - Bryan Simon, in what was an amazing 6 days. Don't get me wrong it is definitely grueling, to be sitting in front of a computer learning new material for 10 hours straight, but at the end it left me saddened, sad that the course had ended and wondering if it could have gone on for a couple of days more. SANS takes a lot of pride in the quality of their courses, and this being my first experience with them, was fantastic! Right from the quality of teaching to the meticulously structured easy to carry out labs, everything is so well thought and laid out beautifully. It was of course made much better with Bryan, who is an excellent instructor and takes you through the course like it's a story. Even if he's not your author, listen to the MP3 included in the course!
Coming back to the exam, studying for it was no easy task. You usually get 4 months to study for the exam, but being part of an accelerated program at Ryerson University, we just had 6 weeks! Sure, GIAC certifications are open book exams, but you still have lots to learn, and so much more to index so you can look stuff up when you need to. Working a full time job left me exhausted at the end of the day not wanting to pick up a text book, let alone do anything except watch TV and eat comfort food (hello Double Chocolate Chunk Brownie from Starbucks!). The pandemic surely made things a lot easier though - with work from home now being the norm, I saved at least 2 hours a day in travel, not to mention I got to spend my breaks between work with my partner.
Cut the crap, how do I pass?
Fair enough. I've heard lots of different ways to study for this exam, but at the end of the day it comes down to what suits your learning style, of course. For me, I just wanted to be done with the 6 books given my worst fear was running out of time. So I didn't index at all, but set my goal to finish studying the books in 4 weeks. I charted out a schedule, took a couple of days off from work, and marked on the calendar (a real paper calendar, don't use your phone, so you can see it everyday) the day I was looking to take my first practice.
I blew past it.
What it taught me was that schedules are just that - guidelines. Things come up, birthdays, events, family and friends. You cannot lock yourself in the house studying and working 7 days a week, especially since working from home meant not seeing anyone other than a small circle of people regularly. So I had to go out, have a beer every now and then, kick back and spend half the day doing nothing but enjoying the rain.
What I did do right was this - highlighted words that I thought were important. Words, not sentences. Words that aren't necessarily topics or the title of the page, but names of tools, concepts, and jargon even. Every single unique word I found, I highlighted. This helped immensely when 5 weeks down the line I started my index. Sure, you're going to have a lot of duplicates - but now you know every single page that concept was mentioned in. With GIAC, they ask you questions from every nook and cranny - as Bryan put it, anything in the textbook is fair play. While SANS/GIAC prohibits you from discussing specifics, that's my 2 cents - index everything you can think of. At the end of 6 books, you might know what all of the WiFi standards are, and that it's primarily discussed in book 1, but you probably won't realize it's also mentioned somewhere in book 4, in passing nonetheless, on how you can mitigate wireless risks by decreasing the signal strength. This way at least, you have an index which tells you all of the nooks and crannies WiFi was mentioned.
I also created a separate sheet with all the ports and the common services associated to them. One of the ladies in the cohort compiled an amazing list of all the Windows commands that are mentioned in the books, and I thought that was a great piece of information to have handy too, though I didn't need much.
Finally, I also used a sheet with all the abbreviations compiled in them that was put together by another generous soul, again from the women's stream. This was super helpful, as it filled in the gaps in my index.
That's apart from understanding the topics, of course. By the end of my second read through, concepts such as defense in depth and principle of least privilege were inculcated in the way I was thinking. All those years of working for a bank, RDPing from one jumpbox to another, wondering why I couldn't just directly logon to that second server, suddenly makes sense!
Well, in both my practice tests I scored 93%. The experiences were vastly different though. The first test I felt was quite easy - I breezed through all 180 questions in 2.30 hours. The second test made me work a bit more, questions weren't as direct, and showed me how/where my index was lacking. This shook my confidence up quite a bit; forget getting on the Advisory Board, I was now looking to pass as I had heard from my peers about the actual exam being a lot more difficult. My takeaway from this - the practice tests are nice to help understand how the questions are framed, phrased and worded. It also made me go through my labs and the output screens again, which was good, as it really made a lot of difference in the final. But practice tests are not indicative of the real thing. If anything, prepare a lot more after your practice tests!
What could I do differently or more?
While I loved the labs, I would always get carried away after finishing them. There's so much information out there and so little time, I think this is an area I missed out on exploring more of given the time constraint. If this was an 8-week course, I might have had more time for that. Or, I might have slacked off, who knows!
The MP3 recordings were another key piece of learning I would have liked to have taken more advantage of, but I felt as the recordings were again of the lead author who also taught our class, I didn't spend too much time on that. For the next SANS course, I definitely intend to listen the MP3 to further expand my learning.
SANS401 is not just another cybersecurity course, it's a way of thinking. It conditions your mind to think of defense as a layered approach, and I loved it! Onward to my next SANS course... the GCIH with Nik Alleyne.Header image originally posted at Mike Ship