GSE Roadmap

NovaHax

I just got my GCIH (challenged the exam w/o SANS course) and am thinking I'm gonna continue down this whole GIAC path and do one cert each quarter til I get my GSE.

I'm thinking the following (in this order):
1. GCIH (DONE)
2. GCIA
3. GPEN
4. GWAP
5. GSEC
6. GSE

Should take just over a year.

Anyone here have their GSE or have plans to move in that direction?

zxbane

I haven't done the GSE or any SANS certs yet but I am interested to hear what you used to prepare for the GCIH and how long it took you? I would like to try and do the same!

NovaHax

Pretty much followed the exact steps outlined by Dynamik (who also occasionally posts on here) in this post:

https://www.ethicalhacker.net/forums/viewtopic.php?f=90&t=11757#p62170

Took me 3 months. My bonuses with my current company are based on completion of quarterly objectives. So pretty much any cert I get is going to be done in a 3 month period.

zxbane

Thanks for the insight Nova, that guy has a crazy list of accomplishments via self study. I see he mentioned knowing PEN Testing is a huge plus for the GCIH. I am sure this probably applied to you as well since you mentioned that's what you do, and you also have the OSCP

NovaHax

Yeah, Dynamik is a beast. We actually work for the same company. I asked him for insight into how he had tested out of all of his GIAC certs, and he pointed me to that post.

And yes...pentesting knowledge is a definite plus in GCIH, as a large part of it consists of identifying attacks...usually by logs. Knowing the attacks helps a lot.

zxbane

I noticed his referenced study material for GCIH is a book titled "Real Digital Forensics" it sounds interesting since it comes with a DVD where you actually perform and follow along forensic investigating. However I was a little surprised to see the book is from 2005 and still considered relevant for the GCIH exam

NovaHax

Actually, the book he recommended to me, which was quite helpful, was Counterhack by Ed Skoudis

LionelTeo

Hi NovaHax,

I am going into that direction.

Here is the book list I recommended

http://www.techexams.net/forums/sans-institute-giac-certifications/100210-giac-certifications.html

And please read my godly plan to prepare GSE. I think its tough but if you use this method you will surely pass!

http://www.techexams.net/forums/sans-institute-giac-certifications/100194-gse-practical-exam-preparation.html

CyberfiSecurity

NovaHax wrote: »

I just got my GCIH (challenged the exam w/o SANS course) and am thinking I'm gonna continue down this whole GIAC path and do one cert each quarter til I get my GSE.

I'm thinking the following (in this order):
1. GCIH (DONE)
2. GCIA
3. GPEN
4. GWAP
5. GSEC
6. GSE

Should take just over a year.

Anyone here have their GSE or have plans to move in that direction?

Do you plan to do self-study? Otherwise, this path cost you at least $30,000.00. I want to do some SANS expert certification, but GSE requires lot of junior, intermediate certifications. Therefore, I am only work on GXPN and GREM, these two costs me at least $2,500.00 for self-study and assume that I pass on the first try.

NovaHax

Yes, I intend to challenge them all. The cost for those SANS courses is ridiculous, and I will never pay it. Even the cost to challenge the exams is way too high. But the cost to challenge can be mostly covered by my training budget for work...so I'll got that route.

JoJoCal19

Congrats on your successful challenge. I've followed some peoples challenge attempts here and also bookmarked Dynamik's thread. Aside from Dynamik's success doing it (God mode in real life haha), how realistic do you think it is for us mere mortals to challenge the SANS certs in that manner? I think the method of pulling the SANS/GIAC syllabus and learning all of the topics, then creating a fully indexed study guide of your own seems like a great way to learn the material inside and out, but will that adequately prepare us to have a good chance at being successful to challenge the exams?

Khaos1911

What'd you score on your GCIH?

NovaHax

JoJoCal19 wrote: »

how realistic do you think it is for us mere mortals to challenge the SANS certs in that manner?

JoJo, I think its a realistic option for me. GCIH went well. And I image GCIA and GSEC are probably about the same level of difficulty. So I guess the only real question is how bad the mid level certs are (for me, GWAPT and GPEN). Though in the end, they may be even easier for me...since these days, I do more penetration testing than incident response or analyst work anyways.

I'm sure its largely going to depend on your exposure to different security issues and your ability to take tests. I get a lot of exposure to different stuff since I'm in consulting and I've also always been pretty good at testing.

Khaos1911 wrote: »

What'd you score on your GCIH?

88% (72% was required to pass)

kanecain

Silly question, but what does it mean to "challenge" an exam?

NovaHax

With GIAC exams, the only official study material for the exams comes from SANS. There is a SANS course that directly corresponds to each GIAC exam (example: the SEC504 course corresponds to the GCIH exam).

Challenging is taking one of the exams without ever taking the corresponding SANS course. Its an option that is significantly cheaper (however, still not cheap), but obviously takes at least a little more self-discipline and refined study and research habits.

Khaos1911

What materials did you use to prepare for the GCIH, Nova?

NovaHax

Mostly just independent research I did from each of the questions from the two practice exams. Other than that, the only hardcover book I used was Counterhack by Ed Skoudis

NovaHax

Update on progress:

1. GCIH (DONE)
2. GCIA (DONE)
3. GPEN
4. GWAP
5. GSEC
6. GSE


Just finished testing out of the GCIA. I found this one to be a little more difficult than the GCIH...but still not bad. If you know TCPdump, Wireshark and are able to read packet hexdumps, you should be pretty good. My weakness on this was definitely Snort and Bro IDS.

As far as resources that I brought in with me...by far the most helpful things that I had and used consistently throughout the test were:
1. TCP/IP Illustrated Volume 1 (TCP/IP Illustrated, Vol. 1: The Protocols (Addison-Wesley Professional Computing Series): W. Richard Stevens: 9780201633467: Amazon.com: Books)
2. And a simple hex/binary/decimal chart saved a ton of time (http://tonystrains.com/download/DCC_DecBiHex_Chart.pdf)
3. Man page for TCPdump (even for someone who is pretty familiar with tcpdump and uses it a lot...I still referenced this quite a bit)
4. Practice of Network Security Monitoring (http://www.amazon.com/Practice-Network-Security-Monitoring-Understanding/dp/1593275099/ref=sr_1_22?s=books&ie=UTF8&qid=1415493241&sr=1-22&keywords=wireshark"

cgrimaldo

Awesome...Thanks for the update!

GAUDARD

NovaHax wrote: »

Update on progress:

1. GCIH (DONE)
2. GCIA (DONE)
3. GPEN
4. GWAP
5. GSEC
6. GSE

Thanks for the suggestions for GCIA, I would be interested in your study resources for GPEN. I took a look at this post: https://www.ethicalhacker.net/forums/viewtopic.php?f=90&t=11757#p62170 which has some resources I'm planning on studying, but I'll take any other recommendations I can get!

NovaHax

GAUDARD wrote: »

I would be interested in your study resources for GPEN

That's a good question. I haven't started gathering resources for GPEN yet, but I'll definitely make a post here when I do. To be honest, I think GPEN will probably be one of the easiest for me, since PenTesting is 95% of the work I do in my current job.

For one, I'm sure CounterHack by Ed Skoudis (which I also used for GCIH) will come in handy for GPEN.

GAUDARD

I'm reading Hacking Exposed as recommended in that thread I posed, I'll be sure to read CounterHack next.

NovaHax

Another one down:


1. GCIH (DONE)
2. GCIA (DONE)
3. GPEN (DONE)
4. GWAPT
5. GSEC
6. GSE

Just finished GPEN enroute to GSE. As always, did not take any SANS course for this. Completely self-study. For this one, I used my notes from the two practice exams and RTFM (http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/).

JoJoCal19

Congrats Nova! Now that I'm finishing up the GSEC and am facilitating SEC503 next month, I'm leaning towards working towards the GSE myself.

Mike-Mike

very impressive, Nova is in beast mode

NovaHax

Another one down:




1. GCIH (DONE)
2. GCIA (DONE)
3. GPEN (DONE)
4. GWAPT
5. GSEC (DONE)
6. GSE

All I have left to qualify to sit the GSE is GWAPT.

Khaos1911

Awesome, Nova!

I want to do GSE, but I'm just so burnt out on certs at the moment.

JoJoCal19

That's awesome man. You have the same list that I am planning on using for the GSE. Mine looks like this:

1.GSEC (Done)
2.GCIA (In progress)
3.GCIH (1H 2016)
4.GPEN (1H 2016)
5.GWAPT (2H 2016)
6.GSE (1H 2017)

rudegeek

Sweet, what has your avg rate of completions been so far? 1 every how many months?

NovaHax

Finally finished all the pre-requisites.

1. GCIH (DONE)
2. GCIA (DONE)
3. GPEN (DONE)
4. GWAPT (DONE)
5. GSEC (DONE)
6. GSE

Only thing left standing between me and the GSE is tons of lab time, a ridiculous $2500 fee, and a brutal 2-part test.

NovaHax

rudegeek wrote: »

Sweet, what has your avg rate of completions been so far? 1 every how many months?

Well, I started this thread 2.5 years ago, and have updated every step of the way. So 5 certs down in 30 months...approximately a cert every 6 months.