I just wrapped up the 5-hour GSEC Security Essentials exam after having studied for the last 6 weeks, and I have to say that I am so relieved! My goal wasn’t just to pass the exam, but to get on their coveted Advisory Board, which I ended up achieving.
SANS401 is not just another cybersecurity course, it’s a way of thinking. It conditions your mind to think of security as a layered approach, and I loved it!
Here are my thoughts on what it was like studying for a GIAC examination and attending the 6-day bootcamp…
Although I’m an Engineer, my major was in=
Instrumentation Technology, which primarily deals with Industrial Control Systems (ICS)/SCADA, and Automation. After university, I worked at IBM in Support, Infrastructure, Incident Management, and the Service Desk. So by no means am I very technical, but I am not a novice either. That being said, cyber security was a whole new field for me.
Security Essentials, for those new to the course, is a beginners course in cyber security that’s designed for people new to the industry, IT professionals looking to switch roles or move up, and those looking to fill gaps in their learning. GIAC, the governing body, and SANS, the organization that teaches the course, have ensured that it’s a sought after certification by keeping the standards high, and the knowledge gained from it invaluable. I believe it’s offered as a self-learning course apart from a bootcamp style classroom session. I would definitely recommend taking the bootcamp as there is a lot of information to grasp (60 hours, 6 books + 1 workbook spread close to 1500 pages) in very little time.
I had the good fortune of attending the bootcamp live with the lead author of the course – Bryan Simon, in what was an amazing 6 days. Don’t get me wrong it is definitely grueling, to be sitting in front of a computer learning new material for 10 hours straight, but at the end it left me saddened, sad that the course had ended and wondering if it could have gone on for a couple of days more. SANS takes a lot of pride in the quality of their courses, and this being my first experience with them, was fantastic! Right from the quality of teaching to the meticulously structured easy to carry out labs, everything is so well thought and laid out beautifully. It was of course made much better with Bryan, who is an excellent instructor and takes you through the course like it’s a story. Even if he’s not your author, listen to the MP3 included in the course!
Coming back to the exam, studying for it was no easy task. You usually get 4 months to study for the exam, but being part of an accelerated program at Ryerson University, we just had 6 weeks! Sure, GIAC certifications are open book exams, but you still have lots to learn, and so much more to index so you can look stuff up when you need to. Working a full time job left me exhausted at the end of the day not wanting to pick up a text book, let alone do anything except watch TV and eat comfort food (hello Double Chocolate Chunk Brownie from Starbucks!). The pandemic surely made things a lot easier though – with work from home now being the norm, I saved at least 2 hours a day in travel, not to mention I got to spend my breaks between work with my partner.
Cut the crap, how do I pass?
Fair enough. I’ve heard lots of different ways to study for this exam, but at the end of the day it comes down to what suits your learning style, of course. For me, I just wanted to be done with the 6 books given my worst fear was running out of time. So I didn’t index at all, but set my goal to finish studying the books in 4 weeks. I charted out a schedule, took a couple of days off from work, and marked on the calendar (a real paper calendar, don’t use your phone, so you can see it everyday) the day I was looking to take my first practice.
I blew past it.
What it taught me was that schedules are just that – guidelines. Things come up, birthdays, events, family and friends. You cannot lock yourself in the house studying and working 7 days a week, especially since working from home meant not seeing anyone other than a small circle of people regularly. So I had to go out, have a beer every now and then, kick back and spend half the day doing nothing but enjoying the rain.
What I did do right was this – highlighted words that I thought were important. Words, not sentences. Words that aren’t necessarily topics or the title of the page, but names of tools, concepts, and jargon even. Every single unique word I found, I highlighted. This helped immensely when 5 weeks down the line I started my index. Sure, you’re going to have a lot of duplicates – but now you know every single page that concept was mentioned in. With GIAC, they
ask you questions from every nook and cranny – as Bryan put it, anything in the textbook is fair play. While SANS/GIAC prohibits you from discussing specifics, that’s my 2 cents – index everything you can think of. At the end of 6 books, you might know what all of the WiFi standards are, and that it’s primarily discussed in book 1, but you probably won’t realize it’s also mentioned somewhere in book 4, in passing nonetheless, on how you can mitigate wireless risks by decreasing the signal strength. This way at least, you have an index which tells you all of the nooks and crannies WiFi was mentioned.