Taming the Firehose! Taking the GSLC Challenge!
I always admire and like the GSLC title, Security Leadership looks appealing to me to learn more about management. Therefore, after researching and researching about how counter hack reloaded complimenting the course here (http://www.techexams.net/forums/sans-institute-giac-certifications/92985-my-gslc-track.html). Given the overlapping materials with counterhack reloaded and GCIH, I went on to prepared using GCIH course book materials that I had received on March during my certification renewal and Eric Conrad Study guide for CISSP materials.The SANS folks describe the course as "drinking from the firehose", this definitely shows some difficulty to this exam, talking about challenging an exam which so much topics coverage as you can see here (GIAC | Cyber Security Leadership | GSLC Certification), this exam would be is definitely difficult to challenge!
I was very skeptical on the materials I had, so I did a practice try out for 139 USD. I was disappointed on the coverage with GCIH books. I ended referring more from the CISSP study guides. My first try ended with a 70% score on just passed, with many questions topics ranges from the management, marketing and negotiation that pull down my score.I kept an extra window to google up everything single topics that I have never came across during the exam, that is really A LOT of things to cover. At times, I am really thinking I should just give up on this one, since the topic that says counter hack reloaded compliments the course really got me, as there seems there isn't really reference require from that book.So I went on to printed out more notes regarding those areas I never heard of to study.
After some considerations, I went on to buy the full challenge exams (that comes with 2 practices test). First time, got 85%, google up more topics. Second tries, got 92%, and google up even more topics.I end up having about 300+ pages of printed notes for the exam.
The day of the actual exam came, it wasn't smooth. The exam center I had booked is having latency issue, and I have to wait about 1-2 minutes between due to the network issue before I can proceed to the next question. This happens for about 20 of the questions. The clock continues to ticks while waiting, I ended losing about 20-30 minutes of the exam time due to this. This is definitely frustrating.Luckily, I managed to keep on track and finish the exam with a score of 80% with reference to only CISSP Study Guides and Printed Notes.
I am still slightly disappointed with the exam, it seems that this course definitely gear for managers that is new to cyber security especially if that manager have to due with products and vendors. Too many of the questions seems to high level, and I do wish that this has more coverage towards incident response, given that counter hack reloaded was highlighted that to compliment the course, but there isn't seems to have a requirement to use it.
I think GSLC is somewhat like GSEC, GSEC is CISSP except that software development and hardware architecture is replace by Linux and Windows Introduction. GSLC coveres some portion of software development and hardware architecture, and extends beyond marketing, negotiations, management, ethical, security awareness, packet analysis and several other similar concepts.
Overall, I think GSLC is easier than GSEC, to justify a difficulty, it should be slightly easier than CISSP, I would say to rank GSLC in this order among all certs I had
GCIH, GPEN, GSLC, CISSP, GISP, GSEC, GWAPT, GCIA
http://en.wikipedia.org/wiki/Modular_programming
http://www.washingtonpost.com/news/local/wp/2015/02/09/ceo-ryan-carson-works-a-four-
day-work-week-heres-how/
http://www.inc.com/encyclopedia/licensing-agreements.html
http://inventors.about.com/od/definations/g/Assignment.htm
http://en.wikipedia.org/wiki/Value-added_tax#Imports_and_exports
http://linux.die.net/man/3/gethostbyaddr
http://missouribusiness.net/article/reducing-employee-turnover/
http://en.wikipedia.org/wiki/EDGAR
http://en.wikipedia.org/wiki/U.S._Securities_and_Exchange_Commission
http://blog.transparentchoice.com/analytic-hierarchy-process/3-steps-to-reduce-the-number-of-comparisons-in-ahp
http://en.wikipedia.org/wiki/Marketing_mix
http://tentiltwo.com/running-your-business-blog/1099-vs-employee-you-need-to-know-the-difference/
http://www.businessballs.com/meetings.htm
http://www.brighthubpm.com/project-planning/65918-avoid-project-management-failures/
https://www.deming.org/theman/theories/fourteenpoints
http://www.valuadder.com/glossary/business-valuation-approaches.html
http://en.wikipedia.org/wiki/SMART_criteria
http://en.wikipedia.org/wiki/Poster_child
http://en.wikipedia.org/wiki/Zero-sum_game
http://en.wikipedia.org/wiki/PDCA
http://en.wikipedia.org/wiki/ISO/IEC_27000-series
http://en.wikipedia.org/wiki/ISO/IEC_27002
http://en.wikipedia.org/wiki/Whitelist
http://www.sans.edu/research/security-laboratory/article/sys-interrupts
http://www.sans.edu/research/security-laboratory/article/log-bmb-trp-door
https://www.truste.com/about-truste/
http://www.sans.edu/research/security-laboratory/article/367
http://www.sans.edu/research/security-laboratory/article/321
http://www.sans.edu/research/security-laboratory/article/threat-vector-did
http://www.sans.edu/research/security-laboratory/article/convergence-did
www.sans.edu/student-files/projects/200608_001.ppt
http://searchsecurity.techtarget.com/magazineContent/Tying-log-management-and-identity-management-shortens-incident-response
http://citadel-information.com/wp-content/uploads/2012/08/nist-sp800-50-building-information-security-awareness-program-2003.pdf
https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcTDsnr3aprCOU6G_Ll8JFiv8iAJTmmGE2hwuvdmE7-146FC5u5egj1Z3I4
http://nmap.org/book/images/hdr/MJB-IP-Header-800x576.png
http://www.sans.org/security-resources/tcpip.pdf
http://www.wikihow.com/Convert-Hexadecimal-to-Binary-or-Decimal
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
http://www.investopedia.com/walkthrough/corporate-finance/2/depreciation/types-depreciation.aspx
http://accounting-simplified.com/financial/fixed-assets/depreciation-methods/types.html
http://www.investopedia.com/terms/s/sum-of-the-years-digits.asp
http://www.aef.com/industry/careers/memos/8022
http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://www.cnet.com/news/uh-oh-this-computer-virus-can-spread-via-wi-fi/
http://www.school-for-champions.com/character/trustworthy.htm#.VS-4sEqgh9Q
http://www.proprofs.com/mwiki/index.php/WAN_Technologies
http://www.aef.com/industry/careers/memos/8022
http://www.diycommitteeguide.org/article/vision-mission-and-values
http://www.peachpit.com/blogs/blog.aspx?uk=Handling-JSON-Data-Securely1
http://www.negotiations.com/articles/negotiation-types/
http://negotiatewithchad.blogspot.sg/2011/09/how-does-your-reservation-value-relate.html
http://www.negotiations.com/definition/reservation-price/
http://web.mit.edu/negotiation/www/NBterms.html
http://www.managerwise.com/article.phtml?id=655
http://www.shmula.com/capacity-analysis-cost-production-analysis/9547/
http://www.networkcomputing.com/how-to-speak-data-center-kwh-to-btus/a/d-id/1233953?
http://www.steadysales.com/the-7-steps-of-the-sales-process/
http://www.sans.org/reading-room/whitepapers/warfare/future-information-warfare-819
http://smallbusiness.chron.com/different-types-pricing-strategy-4688.html
http://searchcompliance.techtarget.com/definition/risk-map
http://www.sans.edu/research/security-laboratory/article/372
http://www.sans.edu/research/security-laboratory/article/311
http://en.wikipedia.org/wiki/Privately_held_company
http://en.wikipedia.org/wiki/Bluesnarfing
http://en.wikipedia.org/wiki/Type_of_service
http://www.giac.org/paper/gsec/3495/elements-security-policy-considerations-small-businesses/102691
https://www.ucisa.ac.uk/~/media/Files/members/activities/ITIL/servicetransition/chanage_management/ITIL_a%20guide%20to%20change%20management%20pdf.ashx
http://www.computerworld.com/article/2563263/it-management/unplanned-work-is-silently-killing-it-departments.html
http://www.product-lifecycle-management.info/what-is-plm/operational-benefits.html
http://www.hyperink.com/Lsquogood-To-Great-Summary-Chapter-7-Technology-Accelerators-b1253a29
http://en.wikipedia.org/wiki/Syslog
http://hrmars.com/hrmars_papers/Article_09_Assessing_the_Relationship_between_Budget.pdf
http://www.projectsmart.co.uk/project-management-methodology-explained.php
http://openmobilealliance.org/about-oma/
http://www.opsecprofessionals.org/process.html
http://www.negotiations.com/articles/zopa/
http://www.businessinsider.com/these-economies-will-dominate-the-world-in-2050-2012-1?IR=T&op=1
http://en.wikipedia.org/wiki/Zubulake_I
http://en.wikipedia.org/wiki/Zubulake_v._UBS_Warburg
http://www.belarc.com/
https://books.google.com.sg/books?id=oufJQ8Uo_pkC&pg=PA22&lpg=PA22&dq=Qualification,+Presentation,+Proposal,+Negotiation,+Close,+Delivery,+and+Evaluation&source=bl&ots=a3NJg9hjeQ&sig=ss0EYtBU-ZMkBkoDldSAniz4BKE&hl=en&sa=X&ei=28Y5Vf3YMcym8AWpmoGICw&ved=0CCIQ6AEwAQ#v=onepage&q=Qualification%2C%20Presentation%2C%20Proposal%2C%20Negotiation%2C%20Close%2C%20Delivery%2C%20and%20Evaluation&f=false
https://www.legalzoom.com/articles/know-your-rights-can-you-be-searched-without-a-warrant
http://en.wikipedia.org/wiki/Analytic_hierarchy_process
http://www.industryweek.com/lean-six-sigma/ten-pitfalls-avoid-process-improvement-initiatives?page=1
http://www.negotiations.com/articles/authority-limits/
http://en.wikipedia.org/wiki/Big_O_notation
http://riskwise.ca/Bonus/are-you-ready-to-confront-the-brutal-facts-of-reality.html
I was very skeptical on the materials I had, so I did a practice try out for 139 USD. I was disappointed on the coverage with GCIH books. I ended referring more from the CISSP study guides. My first try ended with a 70% score on just passed, with many questions topics ranges from the management, marketing and negotiation that pull down my score.I kept an extra window to google up everything single topics that I have never came across during the exam, that is really A LOT of things to cover. At times, I am really thinking I should just give up on this one, since the topic that says counter hack reloaded compliments the course really got me, as there seems there isn't really reference require from that book.So I went on to printed out more notes regarding those areas I never heard of to study.
After some considerations, I went on to buy the full challenge exams (that comes with 2 practices test). First time, got 85%, google up more topics. Second tries, got 92%, and google up even more topics.I end up having about 300+ pages of printed notes for the exam.
The day of the actual exam came, it wasn't smooth. The exam center I had booked is having latency issue, and I have to wait about 1-2 minutes between due to the network issue before I can proceed to the next question. This happens for about 20 of the questions. The clock continues to ticks while waiting, I ended losing about 20-30 minutes of the exam time due to this. This is definitely frustrating.Luckily, I managed to keep on track and finish the exam with a score of 80% with reference to only CISSP Study Guides and Printed Notes.
I am still slightly disappointed with the exam, it seems that this course definitely gear for managers that is new to cyber security especially if that manager have to due with products and vendors. Too many of the questions seems to high level, and I do wish that this has more coverage towards incident response, given that counter hack reloaded was highlighted that to compliment the course, but there isn't seems to have a requirement to use it.
I think GSLC is somewhat like GSEC, GSEC is CISSP except that software development and hardware architecture is replace by Linux and Windows Introduction. GSLC coveres some portion of software development and hardware architecture, and extends beyond marketing, negotiations, management, ethical, security awareness, packet analysis and several other similar concepts.
Overall, I think GSLC is easier than GSEC, to justify a difficulty, it should be slightly easier than CISSP, I would say to rank GSLC in this order among all certs I had
GCIH, GPEN, GSLC, CISSP, GISP, GSEC, GWAPT, GCIA
http://en.wikipedia.org/wiki/Modular_programming
http://www.washingtonpost.com/news/local/wp/2015/02/09/ceo-ryan-carson-works-a-four-
day-work-week-heres-how/
http://www.inc.com/encyclopedia/licensing-agreements.html
http://inventors.about.com/od/definations/g/Assignment.htm
http://en.wikipedia.org/wiki/Value-added_tax#Imports_and_exports
http://linux.die.net/man/3/gethostbyaddr
http://missouribusiness.net/article/reducing-employee-turnover/
http://en.wikipedia.org/wiki/EDGAR
http://en.wikipedia.org/wiki/U.S._Securities_and_Exchange_Commission
http://blog.transparentchoice.com/analytic-hierarchy-process/3-steps-to-reduce-the-number-of-comparisons-in-ahp
http://en.wikipedia.org/wiki/Marketing_mix
http://tentiltwo.com/running-your-business-blog/1099-vs-employee-you-need-to-know-the-difference/
http://www.businessballs.com/meetings.htm
http://www.brighthubpm.com/project-planning/65918-avoid-project-management-failures/
https://www.deming.org/theman/theories/fourteenpoints
http://www.valuadder.com/glossary/business-valuation-approaches.html
http://en.wikipedia.org/wiki/SMART_criteria
http://en.wikipedia.org/wiki/Poster_child
http://en.wikipedia.org/wiki/Zero-sum_game
http://en.wikipedia.org/wiki/PDCA
http://en.wikipedia.org/wiki/ISO/IEC_27000-series
http://en.wikipedia.org/wiki/ISO/IEC_27002
http://en.wikipedia.org/wiki/Whitelist
http://www.sans.edu/research/security-laboratory/article/sys-interrupts
http://www.sans.edu/research/security-laboratory/article/log-bmb-trp-door
https://www.truste.com/about-truste/
http://www.sans.edu/research/security-laboratory/article/367
http://www.sans.edu/research/security-laboratory/article/321
http://www.sans.edu/research/security-laboratory/article/threat-vector-did
http://www.sans.edu/research/security-laboratory/article/convergence-did
www.sans.edu/student-files/projects/200608_001.ppt
http://searchsecurity.techtarget.com/magazineContent/Tying-log-management-and-identity-management-shortens-incident-response
http://citadel-information.com/wp-content/uploads/2012/08/nist-sp800-50-building-information-security-awareness-program-2003.pdf
https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcTDsnr3aprCOU6G_Ll8JFiv8iAJTmmGE2hwuvdmE7-146FC5u5egj1Z3I4
http://nmap.org/book/images/hdr/MJB-IP-Header-800x576.png
http://www.sans.org/security-resources/tcpip.pdf
http://www.wikihow.com/Convert-Hexadecimal-to-Binary-or-Decimal
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
http://www.investopedia.com/walkthrough/corporate-finance/2/depreciation/types-depreciation.aspx
http://accounting-simplified.com/financial/fixed-assets/depreciation-methods/types.html
http://www.investopedia.com/terms/s/sum-of-the-years-digits.asp
http://www.aef.com/industry/careers/memos/8022
http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://www.cnet.com/news/uh-oh-this-computer-virus-can-spread-via-wi-fi/
http://www.school-for-champions.com/character/trustworthy.htm#.VS-4sEqgh9Q
http://www.proprofs.com/mwiki/index.php/WAN_Technologies
http://www.aef.com/industry/careers/memos/8022
http://www.diycommitteeguide.org/article/vision-mission-and-values
http://www.peachpit.com/blogs/blog.aspx?uk=Handling-JSON-Data-Securely1
http://www.negotiations.com/articles/negotiation-types/
http://negotiatewithchad.blogspot.sg/2011/09/how-does-your-reservation-value-relate.html
http://www.negotiations.com/definition/reservation-price/
http://web.mit.edu/negotiation/www/NBterms.html
http://www.managerwise.com/article.phtml?id=655
http://www.shmula.com/capacity-analysis-cost-production-analysis/9547/
http://www.networkcomputing.com/how-to-speak-data-center-kwh-to-btus/a/d-id/1233953?
http://www.steadysales.com/the-7-steps-of-the-sales-process/
http://www.sans.org/reading-room/whitepapers/warfare/future-information-warfare-819
http://smallbusiness.chron.com/different-types-pricing-strategy-4688.html
http://searchcompliance.techtarget.com/definition/risk-map
http://www.sans.edu/research/security-laboratory/article/372
http://www.sans.edu/research/security-laboratory/article/311
http://en.wikipedia.org/wiki/Privately_held_company
http://en.wikipedia.org/wiki/Bluesnarfing
http://en.wikipedia.org/wiki/Type_of_service
http://www.giac.org/paper/gsec/3495/elements-security-policy-considerations-small-businesses/102691
https://www.ucisa.ac.uk/~/media/Files/members/activities/ITIL/servicetransition/chanage_management/ITIL_a%20guide%20to%20change%20management%20pdf.ashx
http://www.computerworld.com/article/2563263/it-management/unplanned-work-is-silently-killing-it-departments.html
http://www.product-lifecycle-management.info/what-is-plm/operational-benefits.html
http://www.hyperink.com/Lsquogood-To-Great-Summary-Chapter-7-Technology-Accelerators-b1253a29
http://en.wikipedia.org/wiki/Syslog
http://hrmars.com/hrmars_papers/Article_09_Assessing_the_Relationship_between_Budget.pdf
http://www.projectsmart.co.uk/project-management-methodology-explained.php
http://openmobilealliance.org/about-oma/
http://www.opsecprofessionals.org/process.html
http://www.negotiations.com/articles/zopa/
http://www.businessinsider.com/these-economies-will-dominate-the-world-in-2050-2012-1?IR=T&op=1
http://en.wikipedia.org/wiki/Zubulake_I
http://en.wikipedia.org/wiki/Zubulake_v._UBS_Warburg
http://www.belarc.com/
https://books.google.com.sg/books?id=oufJQ8Uo_pkC&pg=PA22&lpg=PA22&dq=Qualification,+Presentation,+Proposal,+Negotiation,+Close,+Delivery,+and+Evaluation&source=bl&ots=a3NJg9hjeQ&sig=ss0EYtBU-ZMkBkoDldSAniz4BKE&hl=en&sa=X&ei=28Y5Vf3YMcym8AWpmoGICw&ved=0CCIQ6AEwAQ#v=onepage&q=Qualification%2C%20Presentation%2C%20Proposal%2C%20Negotiation%2C%20Close%2C%20Delivery%2C%20and%20Evaluation&f=false
https://www.legalzoom.com/articles/know-your-rights-can-you-be-searched-without-a-warrant
http://en.wikipedia.org/wiki/Analytic_hierarchy_process
http://www.industryweek.com/lean-six-sigma/ten-pitfalls-avoid-process-improvement-initiatives?page=1
http://www.negotiations.com/articles/authority-limits/
http://en.wikipedia.org/wiki/Big_O_notation
http://riskwise.ca/Bonus/are-you-ready-to-confront-the-brutal-facts-of-reality.html