Passing the GIAC GSEC Certification

Madness may or may not have been setting in by the time I got to marking the books...
The assembled tools.

I needed to figure out something for a real first post...but I'm not an expert in anything. Hell, some days it feels like hitting fine in anything is a high bar to clear. Realistically, I'm not an expert in passing certification exams, but we're going to put that aside and live in a land of make believe for a bit on this one.

The GIAC Security Essentials Certification seemed like the Security+ on steroids. As they say, it's a mile wide and a foot deep in terms of what it covers (Is that actually a thing people say?). The GSEC has sections dedicated to Windows, Linux, MacOS, the Cloud, security testing...pretty much everything is hit in at least a brief overview with the exam. It's a 5-hour test that gives you between 106 and 180 questions, and expects you to get a score of 73% or higher. The exam is multiple choice, and has hands-on labs thrown in that will have you getting hands on time with things like Wireshark and Snort logs among other things.

The most interesting part to me (and the part that probably saved me) was the fact that it's an open book exam. Some people hear this and think "Cool, I can just grab the books and sit down for the exam" but the exam still expects you to know the material, or at the very least to have read it and made some notes. I don't know that it's possible to just go in with a bunch of books fresh from the box they were shipped in and managed to find everything you need in the time you are given.

So, all of that said, I figured I would cover what I did to pass the exam. I want to point out that these tips may not work for everyone, but it was something I found mentioned frequently online, and something that worked well for me.

I'm not kidding about the size of these things...

So where do you start? I think this is where I first messed up. I was treating this like a normal studying session with books or videos, where I would try to take in the material, make my own notes in a notebook and then go over my notes to make sure I understood things. While this certainly isn't a bad way to learn things, it presented problems that I wouldn't find until I was about half way through the included books and videos. I had my own notes...but I could use the books they provided, and I wasn't highlighting as I went. Basically I was creating a less organized and less useful system of notes when I could have read the books and highlighted as I went.

So that's what I did. I stopped re-writing the words in the book and instead went through reading and highlighting as I went. When I would wrap up a chapter I would go back and look back over my highlighted sections and check the sentences around it to make sure I didn't leave anything important out. This was also where I grabbed a 6-color pack of highlighters, so I could have one color assigned to each book, which comes in handy later on. I would assign a color to the book and highlight everything important as I read through it with that color, making it easy to find it on the page. I made it a point to highlight everything in the paragraph of importance, so I didn't have to waste time skimming and re-reading for specifics. 

The Amazon Basics highlighters that survived all 6 books.

When the highlighting and reading was all finally done, this is where I moved to the stage of organizing my notes into the spreadsheets that would eventually become my quick reference guide. You will want to maximize the space available by shrinking the margins on the sides of your sheets as much as possible. I also made sure to get everything sorted into Landscape mode, as this gives you the most room for the descriptions that follow the definitions. These will also be color coded, which will make it easy to quickly tell which book to grab should you need to find more information. Basically my rows looked something like this: 

Azure AD | Microsoft's cloud version of their AD Service | 100

This let me quickly find Azure AD if a question asked about it, see a description that might be enough to answer the question correctly, and if I needed something more specific than my description, the page number on the right allowed me to quickly find the page with the needed information. Initially, my notes were all added as I was reading through the books. I would read my highlighted notes, create the row and add the description and page number. Finally, when I was done with the notes from a book, I would highlight all of the rows and make the row color match the book's assigned color. After I had all of the books added into my notes (I would recommend keeping each book as an individual tab in Excel and then having a "Everyone in the Pool" tab for merging them all, that way you won't accidentally undo hours of hard work with one mistake) I merged all of the rows together and sorted them alphabetically by the definition in the first column. This gave me a rainbow spreadsheet, with all of the 6 books now sorted in terms of notes by the first letter of the definition. This made it easy to stumble on something like a question about HIDS on the test and quickly jump to the chunk of my quick-reference guide talking about HIDS, with any time I made note of them across all 6 books in a row and easily searched through for my potential answer. 

Another thing that I initially did and would do differently in hindsight was trying to mark every 10-pages with a tab for a quick reference. This ended up being tedious and not too helpful, as a ~250 page book means you're now fitting 25 tabs with a page number on the side. This ends up being a tough thing to fit if you want tabs you can read, so after the first book I gave up on that idea. What I ended up doing instead was marking the start of each Chapter, or "Module" as GIAC calls them. This gave me a handy page reference that was enough for me to get a rough start on finding a page number when I looked it up on my reference sheet.

The Module/Chapter number and the corresponding page number.

So, all of that pretty well concludes my suggestions for GIAC test prep. I can't say that it will work for everything, though my coworkers have told me they used similar results on their test prep, and between the handful of us we've covered things from Web App testing to Digital Forensics. The most important things I think are to make sure you go through and read the books and look up videos for things you don't get. I'm a very visual learner, and if we're being honest, I generally don't learn well at all from books (shoutout to the "Learn Powershell in a Month of Lunches that's been anchoring a spot on my bookshelf for an ignored eternity). At the same time, I found the videos that came with the books in an "On Demand" capacity to be not as useful, and I stopped watching them after the first 3 books worth. I just wasn't learning as much from them, and with the open book nature of the exam, it felt more beneficial to focus primarily on where the questions would likely be pulled from. Oh, and one last thing. Definitely do the hands-on labs before the last week of your studying time before the exam. They are actually pretty enjoyable and in my experience were a pretty faithful 1:1 comparison to the hands-on section of the exam itself. Highlight the commands you use with your workbook walkthrough, as it's likely you will be asked questions that will be similar enough to the ones you practiced with that you can reference the provided commands when you get stuck.

Overall, I feel like the GSEC was a nice certification exam to take, and definitely had a lot of information that I likely wouldn't have had any exposure to, even in my day-to-day work as a Security Analyst. It covers a lot of higher level things that might be common knowledge to CISO's or other high-level people in security who handle the "big picture" items, but are generally above the paygrade of your average Analyst. It also touched on things like permissions and general hardening of systems from Linux to Windows that might not be something you experience every day, but will absolutely help you when you're examining an Alert in sentinel or trying to make heads or tails of a query in Elastic. 

I'm hoping to take TCM Security's PNPT later this summer, as the Penetration Testing side of things is interesting, and at the very least will make me a better Analyst, so look for some blog posts regarding studying for that in the future. 

If you've made it this far, thanks for reading! I hope you find something better to do with your time, but in the absence of that, feel free to leave a comment below with study tips you've used to take your exams. I love getting new perspective on these things, as finding the way to study best with my ADHD was something I didn't fully grasp until well past college.


Popular posts from this blog

Hacking Windows Domains: Introduction

What Would Life Be Without a Few Roadblocks?

Small Life Update!