The road less traveled - GIAC Security Expert (GSE)

xirtlook

Hi my name is [insert name here]; and I have a problem.

I love a challenge, and I'm a bit of a certification whore.

Ever since I took my first SANS course, I fell in love with it.

So I've decided to take that journey to going for the GSE, GIAC Security Expert.

Complete:
GSEC - Aug 2013
GCIH - Nov 2014

Scheduled:
GPEN - Feb 2015
GCFA - Mar 2015
GCIA - Apr 2015

I already have many certs (see profile), and have many books that I have read and plan on reading.
I wanted to use this thread to track my progress.

I know I would be eligible for the GSE with GSEC, GCIH and GCIA + 2 Golds, but I hate writing and I figured more courses and training with hands on experience will help with the actual test(s).

So wish me luck, and feel free to share any suggestions.

**PS- I do not plan on attempting the actual GSE until Winter/Spring 2016**

slinuxuzer

Nice!, Mind sharing info on your background? How many years in infosec and what type of background?

docrice

More power to you. Please document your journey as the GSE would certainly be a serious accomplishment.

xirtlook

slinuxuzer wrote: »

Nice!, Mind sharing info on your background? How many years in infosec and what type of background?

2.5 Years in InfoSec
3 Years in IT Support (Helpdesk/Desktop) and System Admin/Network Admin

2 Associates Degrees (Network Technology and Information System Security)
I'm currently a CapTechU Student pursuing my B.Sc in Information Assurance.
CapTechU, Capitol Technology University, formerly Capitol College.

Certifications:
A+ N+ S+, MCP, MCSA, MCSE, MCSE:Security, CCNA, CCNA Security, CCT:RSTECH, MCTS, RHCSA, CCDA, GSEC, GCIH

I attend security conferences yearly, I volunteer for a few of them.

docrice wrote: »

More power to you. Please document your journey as the GSE would certainly be a serious accomplishment.

I definitely will.

Right now I'm gearing up for GPEN in February.
I want to be ready so I can win a coin. I missed out on it during the GCIH

xirtlook

GPEN Status:

Completed my SANS560 course. I had a lot of fun, especially on the last day, Capture The Flag.

Unfortunately, I did not win the coin... I had some difficult competition.

Even though I chose to be my own team, I did manage to find all the flags.

Thus far, I've started my Index, and scheduled my test for end of February.

Just using SANS provided books. I did purchase the Red Team Field Manual and Blue Team Handbook: Incident Response for leisure/references.

http://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504
http://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756

veritas_libertas

Not sure how I missed this. Exciting goal. Good Luck!

Neo322

The SANS courses are always over my training budget, plus dropping a grand on self study cert isn't supported by the wife. Does work pay or are self funding this expedition?

xirtlook

Luckily, work is paying for the courses. The SANS courses available are limited and very competitive to obtain.
Once again, I lucked out in gaining all the ones that would make me eligible for GSE.

I was scheduled for exam last Friday, however due to inclement weather it was cancelled.
I'm currently sitting through SANS 508, Advanced Computer Forensics Analysis & Incident Response.

I've rescheduled my GPEN exam for April, right before my Intrusion-In-Depth course.
I will most likely sit in for my GCFA in June/July. I thought I had a good grasp on Digital Forensics until I took this course. I feel like waving the white flag already. Instructors thus far have been extremely knowledgeable and overall awesome. I just need to put in extra study time for this one. Possibly some extra reading to help my understanding of Operating System internals and File System structures.

UnixGuy

Impressive certs and great work ethics, best of luck to you

you said you're working within the InfoSec field, what's your job duties like?

GForce75

That's awesome! I'm getting more inspired to take such courses, but the cost is a nightmare. Hopefully down the road, I can have the job pay for it. I had them pay plenty enough for the last few months. Keep at it and best of luck!

zxbane

Great goal, good luck and many of us will be interested in following your progress.

xirtlook

For those that are overwhelmed by the cost.

There is a way to get the course for under $1000.
You can sign up to be a volunteer/helper.

For the most part you're in the class, you get the books, the voucher.
However anytime the Instructors needs something, copies, papers, books, hell..lunch.
You go and get it.

I don't have any links, but I'm sure everyone here is technical enough to find it

cyberguypr

It's called the Work Study program and the correct term of what you are is a facilitator. I've done it 3 times and can't recommend it enough. Details here: https://www.sans.org/work-study.

Yes, you can participate in the facilitator program and apply for waivers in the graduate program. You need to keep in mind that only 25% of the required credit hours can be waived this way.

xirtlook

Thanks cyberguypr!

I just completed SEC503 and I cant express how much I enjoyed it. Quite possibly more than SEC560 (PenTesting).

Networking is my passion, and deep packet analysis is overwhelming but so much fun. I loved learning how to read hex!

I've scheduled my GIAC exams all for MAY, JUNE and JULY.
May = GCIA
June = GPEN
July = GCFA

I have a lot of studying to do... especially for the GCFA. I don't want to be pessimistic, but I don't think I'm going to pass it... but we'll see.

Back to studying!

EngRob

503 sounds awesomely nerdy and right up my ally!

Have you already passed 408/GCFE or are you skipping straight to 508/GCFA? I'm just curious as to the difference in difficulty as I have GCFE scheduled this month.

Best of luck on the next three months of exams.

H3||scr3am

xirtlook wrote: »

Thanks cyberguypr!

I just completed SEC503 and I cant express how much I enjoyed it. Quite possibly more than SEC560 (PenTesting).

Networking is my passion, and deep packet analysis is overwhelming but so much fun. I loved learning how to read hex!

I've scheduled my GIAC exams all for MAY, JUNE and JULY.
May = GCIA
June = GPEN
July = GCFA

I have a lot of studying to do... especially for the GCFA. I don't want to be pessimistic, but I don't think I'm going to pass it... but we'll see.

Back to studying!

Best of luck on each of your Exams!

xirtlook

So change of plans... life hit me.

JUNE = GPEN
JULY = GCFA
AUGUST = GCIA

I'm happy to say that I passed GPEN today!!!
I was nervous because I really hadn't had time to study, (Summer will hit you like that)
Plus I was sick all this week when I had time to study.

I did not take FOR408 simply because I didn't know about it.
My work offered FOR508 and I took it. Looking back, I regret it.
I had a headache every day, and most of it was beyond my understanding.
So I have the next month to read up, catch up, study hard, cross my fingers, and pray to all the gods I pass that one. LOL

SEC503/GCIA is awesome. I love networking, I love TCP/IP, and how it all breaks down. Extra nerdy, and I love it.
I'm looking forward to that one.

Thanks for all the good wishes!

SaSkiller

Hi Xirt! Congrats on your accomplishments so far!

I'm going to have a similar path it seems,

I'll have to see if I can find my old GSEC material, hopefully it is enough to brush up on the areas i'm weak in.

If everything works out I may try for a GSEC attempt in July prior to the start of FOR610 or may push it to August/September and take it with GREM. I expect work will have me attempt the GCIA before the end of the year to start a written attempt within 3 months and a Lab 3 after that.

xirtlook

Cool! GPEN, GCIH, CEH... should be a walk in the park for you, sir.

I would love to take SEC561, SEC573, SEC580, SEC660, SEC760 and FOR610!!
but I highly doubt my employer will shell out the money for it :P
If I'm lucky I can grab SANS501 (GCED) and SEC542 (GWAPT)

Best of luck to you.

NovaHax

I'm working towards mine as well...

COMPLETED:
GCIH
GCIA

SCHEDULED:
GPEN (this month)

FUTURE:
GWAPT
GSEC


...And yes...GSEC will be last...because why the hell not...

renacido

Wow, it must be nice to have a job that pays for all this SANS training and certs. I feel like a homeless guy walking through Beverly Hills on this thread.

NovaHax

renacido wrote: »

Wow, it must be nice to have a job that pays for all this SANS training and certs. I feel like a homeless guy walking through Beverly Hills on this thread.

Nope...there is no way I would EVER pay for SANS training. WAY too expensive. Both my GCIA and GCIH were acquired with self-study. And same for GPEN which I am taking end of this month.

I have every intention of getting my GSE without ever taking a SANS course.

WilliamK99

NovaHax wrote: »

Nope...there is no way I would EVER pay for SANS training. WAY too expensive. Both my GCIA and GCIH were acquired with self-study. And same for GPEN which I am taking end of this month.

I have every intention of getting my GSE without ever taking a SANS course.

Aren't you still paying a grand a pop to challenge them?

renacido

WilliamK99 wrote: »

Aren't you still paying a grand a pop to challenge them?

I was about to ask that myself.

NovaHax

WilliamK99 wrote: »

Aren't you still paying a grand a pop to challenge them?

Yes. But $1k to challenge an exam is still WAY cheaper than $5k for a course.

NovaHax

At this rate, I will be able to challenge the GSE after $5k in expenses ($1k for each exam...GSEC, GCIH, GCIA, GPEN, GWAPT), instead of $25k.

WilliamK99

NovaHax wrote: »

At this rate, I will be able to challenge the GSE after $5k in expenses ($1k for each exam...GSEC, GCIH, GCIA, GPEN, GWAPT), instead of $25k.

You don't even have to challenge GWAPT or GPEN, you could write Gold Paper's instead....

It's an impressive feat but if someone can get their company to pay for it, I still think attending the actual courses are more beneficial purely from a "networking" standpoint...

renacido

WilliamK99 wrote: »

You don't even have to challenge GWAPT or GPEN, you could write Gold Paper's instead....

It's an impressive feat but if someone can get their company to pay for it, I still think attending the actual courses are more beneficial purely from a "networking" standpoint...

Certifying by writing Gold Papers is more impressive to me than passing exams for sure. You're actually contributing to the field.

NovaHax

renacido wrote: »

Certifying by writing Gold Papers is more impressive to me than passing exams for sure. You're actually contributing to the field.

That's debatable. I contribute to the field in a number of ways. I've written a book, have my own training series, have a blog, and a youtube channel. But for this, I don't feel like there is much marginal benefit to upgrading a GIAC cert to gold. I'd rather go for multiple certs. Not to say you're wrong...just my opinion. To each his own.

WilliamK99

NovaHax wrote: »

That's debatable. I contribute to the field in a number of ways. I've written a book, have my own training series, have a blog, and a youtube channel. But for this, I don't feel like there is much marginal benefit to upgrading a GIAC cert to gold. I'd rather go for multiple certs. Not to say you're wrong...just my opinion. To each his own.

If you look at the GSE requirements you can substitute Gold Papers in lieu of certifications...

NovaHax

Yeah, I understand that. I was saying that renacido's comment, that its "more impressive" to go the Gold route, rather than stacking up the certs...is debatable.

I was stating that I see more benefit in more certs, rather than simply obtaining GSE through upgrading existing GIAC certs.