GCIH Passed - This is my terrible (or maybe not so terrible?) approach
cynicbeard
Junior MemberMember Posts: 15 ■□□□□□□□□□
in GIAC
Passed the GCIH exam yesterday! Figured I would post to give a little insight and sound off my thoughts.
After souring web and reading a ton of post on TE, I felt that the GCIH would be the best starting point for me on my SANS cert path. I wanted to take an exam where I was knowledgeable in all domains based on my work experience, so the GCIH seemed to be a good fit.
I challenged the exam. SANS training looks awesome, but I am a consultant, which means the bill is on me. I decided that I would roll the dice and see how things went.
Originally, I scheduled the exam for the end of July after getting my attempt approved on Monday of this week. After taking the practice tests and scoring in the 80's without cracking a book, I decided to jump the gun and change the date (to yesterday). Not to mention my hectic schedule always changes, so scheduling it far out was a stretch for me anyway.
This is what I took away:
After souring web and reading a ton of post on TE, I felt that the GCIH would be the best starting point for me on my SANS cert path. I wanted to take an exam where I was knowledgeable in all domains based on my work experience, so the GCIH seemed to be a good fit.
I challenged the exam. SANS training looks awesome, but I am a consultant, which means the bill is on me. I decided that I would roll the dice and see how things went.
Originally, I scheduled the exam for the end of July after getting my attempt approved on Monday of this week. After taking the practice tests and scoring in the 80's without cracking a book, I decided to jump the gun and change the date (to yesterday). Not to mention my hectic schedule always changes, so scheduling it far out was a stretch for me anyway.
This is what I took away:
- The actual exam IS HARDER than the practice tests. Here is why... the exam questions are scenario driven and more experience based ("What are you looking at...", "How would your respond...", "What is the next step...") etc. I am not going to lie... it was tough.
- I was comfortable with the challenge based on my experience. I think many people invest time in the index, because the content is very fresh to them? I don't know, but I didnt have an index for the exam. I know my test taking habits, and I burn up time and second-guess everything if an exam is open book. However, I brought three things with me just in case:
- The Blue Team Handbook: IR Edition (IR Lifecycle)
- Red Team Field Manual (To supplement the SANS **** sheets)
- ALL Tool Related SANS **** sheets and the IR **** sheets from Lenny Zelster.
- The fact that the exam was facilitated in the way that it was... very impressive. The content was realistic and I felt that it was a true-test of one's understanding of IR and the accompanying technical skills. I truly see the value in SANS and why they are so respected after this experience.
Comments
Thank you!
$1,099
So ridiculous.
I completed SEC504 weeks ago so I hope to join you soon in the GCIH ranks.
Aaaaaaaaaaand THIS is why my sec analysts most likely get C|EH + E|CSA vs GPEN + GCIH + GCIA
Congrats on passing! If my company pays for it I'll give it a rip. But as I'm NOT a consultant and don't need the GIAC badge for marketing purposes, I'm not paying for it myself.
Good luck!
Yeah it's a bit obnoxious. However super addicting. I am now prepping for GPEN. Again... I challenged it. The training is just too steep for me and this exam I am pretty confident regarding the material. After this is done I am going to pay for Netwars Continuous and possibly 660.
when I read this my eyes got as big as that animal in UnixGuy's avatar
CWTS, then WireShark
Forgive my ignorance. What does this mean?
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework