Passed GSEC. Here is My Advice and Experience

thelumberjackthelumberjack Posts: 3Registered Users ■□□□□□□□□□
I took the SANS 401 class in June. My instructor was Dr. Eric Cole. Very good teacher and I did learn a lot from this class. I'm not an infosec rainman by any means, so here is my experience.

I haven't been an infosec professional for that long. Less than three years. knowing this going in, and knowing that I would be attempting a cert, i really made myself prepared to pay close attention throughout the entire class. Now, with any bootcamp style class, this wasn't always easy, but i found it easier than expected as the material and the manner in which it was taught was really engaging for me. The class by itself is worth the price of admission. I took notes where I could, but found myself doing this mostly in the books themselves, and highlighting items that i wanted to go over later.

Once back home, I knew that in order to pass this exam, i needed to work hard. So i studied pretty much every day. My regimen was to go through the books once, highlighting key material as i went. I dedicated myself to atleast 25 pages a day and 50 on the weekends. I gave myself one day off per week.

Once I was through the books once, I read through them again, mainly focusing on the highlighted items. My next task was to build my index.

I have read on here many stories of people using indexes. I haven't seen one person not use one. Where it differs from person to person is the length of the index. After reading through other people's experiences, I came to the conclusion that as long as your index is well organized, it can be as long as needed. With that said, my index ended up being 55 pages long. I then took it to kinkos to have it printed and bound, this was a great move. As my index was lengthy, it was organized and bound so I didn't have a bunch of papers to shuffle around.

Once this was done, i took my first practice test. I made an 85. I looked over the material that I was weak on, and then attempted another practice test. I made an 88 on the second one. Once this was done, I was about 1 week before i had to take the real test. I did not study anymore. At that point, I either knew it or I didn't.

I took the test, and was stoked that I crushed it and made a 93. The test is technical in many aspects. And I found that knowing the concepts was the key. having a good index was another key. this raised my score dramatically I'm sure. But you need to know the concepts. In a lot of cases, you can't just turn to page X and see the answer. The test is given in a way that you must be able to identify and understand the concept of the topic.

The bottom line is this. Do the work. Don't expect to bring a copy of your practice test in and nail it. I think there was maybe one question from the practice test on the real test. but they were very similar in style. Do the work. Study. and I really advise you to do an index. Don't be afraid to make it a big index. Just make it organized.

Hope this helps!

Comments

  • wolf9081wolf9081 Posts: 61Registered Members ■■■□□□□□□□
    First congrats on the pass.

    I agree the index is key. I just passed mine yesterday and I think I learned as much creating the index as I did setting through the class. I added a lot of information and description to my index and did not have to reference my books very often. My index ended up being about 130 pages. But that included the standard keywords with description of concepts etc. Screen shots of various tools TCPdump, breaking down ip headers etc. various **** sheets for HEX to Decimal and binary conversions. I created all the **** sheets myself which helped reinforce the concepts and memorize the content and common ports, protocols etc.
  • NetworkNewbNetworkNewb Posts: 3,115Registered Members ■■■■■■■■□□
    Gratz on the pass!! You say it was worth the price. Did you pay for it yourself??
  • thelumberjackthelumberjack Posts: 3Registered Users ■□□□□□□□□□
    No my employer paid for it. But it was definitely worth the cost IMO.
  • JoJoCal19JoJoCal19 California Kid Posts: 2,717Mod Mod
    Congrats on the pass!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • DAVIS NGUYENDAVIS NGUYEN Posts: 1,472Registered Members ■■■□□□□□□□
    Congrats!
  • fuz1onfuz1on Posts: 961Registered Members
    Congrats thelumberjack! Great score and continued success in the Info-Sec field!
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    After reading through other people's experiences, I came to the conclusion that as long as your index is well organized, it can be as long as needed. With that said, my index ended up being 55 pages long. I then took it to kinkos to have it printed and bound, this was a great move. As my index was lengthy, it was organized and bound so I didn't have a bunch of papers to shuffle around.

    My final index was only 40 pages long, I used numbered index tabs to mark the books instead of using page numbers in the index. I made first index while I read through the books again, ended up with 30 pages. I scored a 81 on my first practice test. I went through all the books again, added 6 pages to my index and took the second practice test and scored an 81 again. I added another 4 pages and added a separate program index that allowed me to look up programs and what they did faster than flipping through my main index. I didn't bother with getting my index bounded, I double stapled it at work with a printer stapler that did a nice job holding it together. I had some **** sheets stapled as well, Sub-netting, some Linux commands, Hex to decimal conversion, etc. I ended up with an 87 on the certification test.

    Not all the answers are in the books when you take the test. There was a question (that wasn't a concept question) and the books didn't provide the answer, unless you were familiar with the topic, pick your best guess. There were a few other questions that had the same problem.
    The bottom line is this. Do the work. Don't expect to bring a copy of your practice test in and nail it. I think there was maybe one question from the practice test on the real test. but they were very similar in style. Do the work. Study. and I really advise you to do an index. Don't be afraid to make it a big index. Just make it organized.

    I found the same, when you understand the concepts you can fly through some of the questions. I found the first part of the test hard, I had to look up more answers than I would have liked, I used up half the time and wasn't on question 90 yet, but after some concept type questions, I still finished the test with 30 minutes to spare. I spend a good 3 to 4 minutes staring at one question there wasn't a correct answer far as I could see, I wrote a comment about it at the end of the test.
    Still searching for the corner in a round room.
  • phobicphobic Posts: 4Registered Users ■□□□□□□□□□
    congrats on the pass.

    I'm preparing for mine in December, but I've never had to index anything before and honestly don't know where to start. Got any tips on making an index? I have about a month left before the exam, so I'm hoping that's enough time to make a decent index... any advice would be very much appreciated! Maybe I could snag at least a sample of yours for reference? - no worries if not, honestly.
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    phobic wrote: »
    I have about a month left before the exam, so I'm hoping that's enough time to make a decent index... any advice would be very much appreciated!

    Only a month before the exam? I took me 6 to 8 weeks to make my index and study, before I took my first practice test. I spend a good week on each book, and read/studied/polished my index over another 4 weeks before I took my second practice test and another 3 weeks before I took the final test. You should have your index completed, at least your first revision BEFORE you take your first practice test, then polish it more from there. Unless you can spend the entire month studying, it's not enough time in my opinion. If you can delay the test, do so to give yourself more time, unless you score at least an 80% on the practice test, your not ready. Just type in "Sans Index" in google and click images, there's plenty of examples how to build one, it's not rocket science. :) It's not a test to take lightly, it's a lot of material to cover/index/remember, a co-worker of mine recently took there first practice test and scored in the 60's. A real eye opener, she was pretty confident she was going to do well on the practice exam. It's $650 and a 30 day wait before you can retake the test and there are NO MORE Practice tests included. I've found that Security+ practice exams are useful, they cover a lot of the same material, just at a higher level.
    Still searching for the corner in a round room.
  • IaHawkIaHawk Posts: 188Registered Members ■■■□□□□□□□
    phobic wrote: »
    congrats on the pass.

    I'm preparing for mine in December, but I've never had to index anything before and honestly don't know where to start. Got any tips on making an index? I have about a month left before the exam, so I'm hoping that's enough time to make a decent index... any advice would be very much appreciated! Maybe I could snag at least a sample of yours for reference? - no worries if not, honestly.

    I made the bulk of my index in 2 days. Just go through each book and hit the key terms.

    I followed this format: Josh the InfoSec Guy: My Experience with the GIAC GSEC Exam
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    IaHawk wrote: »
    I made the bulk of my index in 2 days. Just go through each book and hit the key terms.

    No index is going to get you a passing grade if you don't know the material. There simply isn't enough time to look up all the answers even if they were all in the books. Which there not.
    Still searching for the corner in a round room.
  • JoJoCal19JoJoCal19 California Kid Posts: 2,717Mod Mod
    phobic wrote: »
    congrats on the pass.

    I'm preparing for mine in December, but I've never had to index anything before and honestly don't know where to start. Got any tips on making an index? I have about a month left before the exam, so I'm hoping that's enough time to make a decent index... any advice would be very much appreciated! Maybe I could snag at least a sample of yours for reference? - no worries if not, honestly.

    A month is more than enough time to do the index, however if you're just starting to study, you're going to have to consume the material at a very fast pace. How many pages of the courseware can you get through in an hour? I'm curious as I'm studying for my GCIA right now and I find that I'm getting through about 20-25 pages in an hour.

    TechGromit wrote: »
    Only a month before the exam? I took me 6 to 8 weeks to make my index and study, before I took my first practice test. I spend a good week on each book, and read/studied/polished my index over another 4 weeks before I took my second practice test and another 3 weeks before I took the final test.

    I think it took me about 6-8 weeks to fully prep for the GSEC as well. I also did about a book a week, then took about a whole week to do the index. I'm not sure if doing the index last was good or bad. I'm leaning towards good because it gave me another look through the material, but I think it took longer to do than if I had made the index after reading one book at a time. I'm going to use the latter approach with my GCIA that I'm studying for now.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • phobicphobic Posts: 4Registered Users ■□□□□□□□□□
    I've been studying for about 3 months, just haven't done the index yet cause I honestly didn't think to do it like a dummy! thanks for all the tips!!!

    So far I've found myself getting through about 30 pages and hour. If I really give it hell I can do about 40-60 pages a day without really driving myself mad. I honestly wish I had some more time and or taken the indexing a bit more seriously when I first started studying, but this will now be my third time through these books so it doesn't hurt for sure.

    I also found myself reviewing some Sec+ material too, just to be safe. I may have spent a bit too much time doing this only because I felt the SANS books didn't go into much detail.
  • hr1stovhr1stov Posts: 14Registered Members ■□□□□□□□□□
    phobic wrote: »
    but this will now be my third time through these books so it doesn't hurt for sure.

    You should have no problem with the exam if you have covered the material 3 times now, just make a decent index to go along with it.
    phobic wrote: »
    I also found myself reviewing some Sec+ material too, just to be safe. I may have spent a bit too much time doing this only because I felt the SANS books didn't go into much detail.

    The thing is, the GSEC exam is written from the SANS textbooks, so everything you need to know will be in those books. Covering extra material obviously doesn't hurt, but in my opinion is not necessary to pass this exam.
  • phobicphobic Posts: 4Registered Users ■□□□□□□□□□
    hr1stov wrote: »
    The thing is, the GSEC exam is written from the SANS textbooks, so everything you need to know will be in those books. Covering extra material obviously doesn't hurt, but in my opinion is not necessary to pass this exam.

    this is something I have to continue to remind myself. thanks!
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    hr1stov wrote: »
    Y
    The thing is, the GSEC exam is written from the SANS textbooks, so everything you need to know will be in those books. Covering extra material obviously doesn't hurt, but in my opinion is not necessary to pass this exam.

    LOL. Hardly. I can't get into any specifics on the types of Questions I've seen, but there were a number of questions that the answers definitely where not in the books. And these were fact questions, not conceptual understanding questions. Maybe the answers were in newer revisions of the books, but I took my training in August, and took the test in October, can't imagine there would be too many revisions in that time frame. Most of the material on the exams is in the Sans books, but not all.
    Still searching for the corner in a round room.
  • hr1stovhr1stov Posts: 14Registered Members ■□□□□□□□□□
    TechGromit wrote: »
    LOL. Hardly. I can't get into any specifics on the types of Questions I've seen, but there were a number of questions that the answers definitely where not in the books. And these were fact questions, not conceptual understanding questions.

    Since you have attended the course, you know that they preach the fact that the exam is written from the SANS books. They encourage you to leave a review in the end and mark any questions if you believe they cannot be answered from the books. More likely, you missed some material when you were creating your index.
  • alias454alias454 Posts: 648Registered Members
    Great job on the pass. I have been having trouble getting motivated to prepare my index. I've only went through one book so far (ugh). I took the first practice test and passed but only got a 77. Didn't use the books just wanted to see where I stood cold. When I take the second practice test I will use my index and take more time with it to see where I am at. Limiting yourself to 25-50 pages is a great idea and might make going through the books a little easier to manage.
    “I do not seek answers, but rather to understand the question.”
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    hr1stov wrote: »
    Since you have attended the course, you know that they preach the fact that the exam is written from the SANS books.

    I know what they preach, I know for a fact there were three questions on my exam that were not in the books. I remember them all, I wish I could tell you what they were so you can see they are in fact not in the books, but I can't. I believe I commented on one of the questions, but I was more concerned with completing and passing the exam then proof reading the exam for errors.
    Still searching for the corner in a round room.
  • bvictorbvictor Posts: 1Registered Users ■□□□□□□□□□
    I am sitting in 401 in Mesa AZ, i have all the books in front of me. However, I am seeing my index is awful, and I am terrified. Anyone hook a brother up with theirs so I dont have to spend another 50 hours going through everything again =(
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,818Registered Members ■■■■■■□□□□
    bvictor wrote: »
    However, I am seeing my index is awful, and I am terrified. Anyone hook a brother up with theirs so I dont have to spend another 50 hours going through everything again =(

    This was covered before, since the books are often revised, an index item from one book set version isn't going to the same as another book version. So something like an index item

    XSS - Cross Site Scripting Book 5, page 145

    is most likely not going to be the same page number from version to version. So you far better off doing the work to create you own. If you really want it, I'll be happy to send it, but using mine I guarantee you'll fail the exam using it. There no easy way to around it you have to build your own index.
    Still searching for the corner in a round room.
  • TechGuru80TechGuru80 Posts: 1,535Registered Members ■■■■■□□□□□
    Creating an index is part of the learning process. Why should somebody give you a **** sheet to the course/certification and degrade what they worked towards?
  • quogue66quogue66 Posts: 150Registered Members
    bvictor wrote: »
    I am sitting in 401 in Mesa AZ, i have all the books in front of me. However, I am seeing my index is awful, and I am terrified. Anyone hook a brother up with theirs so I dont have to spend another 50 hours going through everything again =(

    If you write a letter to SANS/GIAC and let them know that you don't want to be bothered putting in the time to study and create an index they may just grant you an honorary certification.
Sign In or Register to comment.