Passing the GIAC GSEC Certification
|The assembled tools.
I needed to figure out something for a real first post...but I'm not an expert in anything. Hell, some days it feels like hitting fine in anything is a high bar to clear. Realistically, I'm not an expert in passing certification exams, but we're going to put that aside and live in a land of make believe for a bit on this one.
The GIAC Security Essentials Certification seemed like the Security+ on steroids. As they say, it's a mile wide and a foot deep in terms of what it covers (Is that actually a thing people say?). The GSEC has sections dedicated to Windows, Linux, MacOS, the Cloud, security testing...pretty much everything is hit in at least a brief overview with the exam. It's a 5-hour test that gives you between 106 and 180 questions, and expects you to get a score of 73% or higher. The exam is multiple choice, and has hands-on labs thrown in that will have you getting hands on time with things like Wireshark and Snort logs among other things.
The most interesting part to me (and the part that probably saved me) was the fact that it's an open book exam. Some people hear this and think "Cool, I can just grab the books and sit down for the exam" but the exam still expects you to know the material, or at the very least to have read it and made some notes. I don't know that it's possible to just go in with a bunch of books fresh from the box they were shipped in and managed to find everything you need in the time you are given.
So, all of that said, I figured I would cover what I did to pass the exam. I want to point out that these tips may not work for everyone, but it was something I found mentioned frequently online, and something that worked well for me.
|I'm not kidding about the size of these things...
So where do you start? I think this is where I first messed up. I was treating this like a normal studying session with books or videos, where I would try to take in the material, make my own notes in a notebook and then go over my notes to make sure I understood things. While this certainly isn't a bad way to learn things, it presented problems that I wouldn't find until I was about half way through the included books and videos. I had my own notes...but I could use the books they provided, and I wasn't highlighting as I went. Basically I was creating a less organized and less useful system of notes when I could have read the books and highlighted as I went.
So that's what I did. I stopped re-writing the words in the book and instead went through reading and highlighting as I went. When I would wrap up a chapter I would go back and look back over my highlighted sections and check the sentences around it to make sure I didn't leave anything important out. This was also where I grabbed a 6-color pack of highlighters, so I could have one color assigned to each book, which comes in handy later on. I would assign a color to the book and highlight everything important as I read through it with that color, making it easy to find it on the page. I made it a point to highlight everything in the paragraph of importance, so I didn't have to waste time skimming and re-reading for specifics.
|The Amazon Basics highlighters that survived all 6 books.
When the highlighting and reading was all finally done, this is where I moved to the stage of organizing my notes into the spreadsheets that would eventually become my quick reference guide. You will want to maximize the space available by shrinking the margins on the sides of your sheets as much as possible. I also made sure to get everything sorted into Landscape mode, as this gives you the most room for the descriptions that follow the definitions. These will also be color coded, which will make it easy to quickly tell which book to grab should you need to find more information. Basically my rows looked something like this:
|The Module/Chapter number and the corresponding page number.
So, all of that pretty well concludes my suggestions for GIAC test prep. I can't say that it will work for everything, though my coworkers have told me they used similar results on their test prep, and between the handful of us we've covered things from Web App testing to Digital Forensics. The most important things I think are to make sure you go through and read the books and look up videos for things you don't get. I'm a very visual learner, and if we're being honest, I generally don't learn well at all from books (shoutout to the "Learn Powershell in a Month of Lunches that's been anchoring a spot on my bookshelf for an ignored eternity). At the same time, I found the videos that came with the books in an "On Demand" capacity to be not as useful, and I stopped watching them after the first 3 books worth. I just wasn't learning as much from them, and with the open book nature of the exam, it felt more beneficial to focus primarily on where the questions would likely be pulled from. Oh, and one last thing. Definitely do the hands-on labs before the last week of your studying time before the exam. They are actually pretty enjoyable and in my experience were a pretty faithful 1:1 comparison to the hands-on section of the exam itself. Highlight the commands you use with your workbook walkthrough, as it's likely you will be asked questions that will be similar enough to the ones you practiced with that you can reference the provided commands when you get stuck.
Overall, I feel like the GSEC was a nice certification exam to take, and definitely had a lot of information that I likely wouldn't have had any exposure to, even in my day-to-day work as a Security Analyst. It covers a lot of higher level things that might be common knowledge to CISO's or other high-level people in security who handle the "big picture" items, but are generally above the paygrade of your average Analyst. It also touched on things like permissions and general hardening of systems from Linux to Windows that might not be something you experience every day, but will absolutely help you when you're examining an Alert in sentinel or trying to make heads or tails of a query in Elastic.
If you've made it this far, thanks for reading! I hope you find something better to do with your time, but in the absence of that, feel free to leave a comment below with study tips you've used to take your exams. I love getting new perspective on these things, as finding the way to study best with my ADHD was something I didn't fully grasp until well past college.