GSNA GIAC Systems and Network Auditor Materials & Exam thoughts

636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
Not a lot of posts about this here, so throwing in my two cents. Got the materials a few months ago, did ondemand, took the test. Don't have time to write a big thorough write-up, but I'll throw some info out there for people who may be interested in this in the future. I took the class because I'm a technical guy who wants to brush up on some auditing skills. And, yes, I passed. :)
  • Going into the class I expected something along the lines of here's an auditing standard (e.g., NIST SP800 series) and here's how you'd audit an org based on it step by step. I didn't really get that.
  • From what I can tell this may be one of SANS' older classes. Can't really say why, just got that feeling
  • Not sure who the target audience is. It's a bit too technical for auditors who want to get into technical stuff. It doesn't really have enough "how to audit" for technical people who want to brush up on auditing skills.
  • The auditing stuff is pretty 101 level. If you're an experienced auditor, don't expect this to help you brush up on your auditing skills.
  • The technical stuff is pretty 101/201 level. If you're experienced with VM administration, Cisco administration, webmastering, Windows administration, or Unix administration, you'll ace each of these individual parts.
  • The courseware tries to not get too in-depth with topics but at times gets very in-depth, esp. for people who aren't familiar with some concepts.
  • I feel like a lot of the material was trying to teach you basics. For example, a whole lot of the pages in Book 5 (Unix/Linux) are just teaching you the basic Linux commands. Good to know, I guess, but it doesn't really get to why people are taking this class. The counterargument is that people need to know Unix basics in order to do a technical audit of Unix, but at 500-level class I really am not sure we can't assume people coming in are familiar with, say, grep.
  • The practice tests were fairly straightforward and not too bad. The actual test was more complex and challenging with a lot of questions covering topics that were flat out NOT in the books (I have fairly comprehensive indexes). If I wasn't already familiar with a lot of the material from work I would have scored a lot closer to the pass/fail mark (70%). I assume the questions are perhaps holdovers from older book versions that had material removed from newer books.
  • Overall I enjoyed the class and did fill in some knowledge gaps. I'm curious as to where this class lies with the class SEC566: Implementing and Auditing the Critical Security Controls - In-Depth (GCCC certification). With the Top 20 becoming more and more adopted as a popular baseline, I'm wondering if that class will slowly phase out this one. If you're thinking about this class, I may recommend you at least consider that other class.
Feel free to post or PM with any questions, oh future readers.


  • Options
    wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    Thanks for the review.

    I was thinking about getting GSNA after "hopefully" getting an IT Audit job, but after reading this

    And considering the high cost, and the fact that there are "zero" hits for GSNA in my country "on linkedin", I think I will skip it for now.
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Yep. GSNA really doesn't do much for the resume. I was looking into it to gain knowledge and more insight into the auditing process. I got a little of both, but not really as much as I was looking for. For people considering CISSP or GSNA I'd steer you towards CISSP every time.
  • Options
    chanakyajupudichanakyajupudi Member Posts: 712
    I have done the GSNA and the GCCC. Did the GSNA in person (work study). Did the cert. I think it is a basic level course. The GCCC also is a basic level course. I think it replaces the ISO 27001 course that SANS had a few years ago. I did a Self Study for that one. I am not sure I would recommend them unless this is just another cert you want to get.
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]

  • Options
    krucial85krucial85 Member Posts: 84 ■■■□□□□□□□
    I attended the GSNA course a couple of weeks ago because I wanted to gain experience with the technical tools used for IT auditing. This course touches on the surface of IT auditing but it really made me aware of the tools that will be helpful in my pursuit of an auditing career. A week after the class I took one of the practice exams and did not do well. icon_cry.gif I've been listening to the videos that came with the class and going back over the workbook with the hopes that I will fair better when I take the second practice test. I will also use the books to answer some of the questions this time because I took the first practice exam without books or notes. I would only recommend this course for those wanting lower level exposure to the technical tools that can be used in IT auditing but not to improve your resume.
    "The way to succeed is never quit. That's it. But be really humble about it."
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Truly concur with the views. I did the GSNA at the start of the year in London with David Hoelzer - who was an excellent teacher in my opinion. However the course was not a typical audit course and more in line with perhaps a system admin who needs to co-operate with auditors.

    I work as a VP - Cyber Auditor in an investment bank and the audit process has changed quite a bit over the years. Nowadays its more to do with risk identification, material weaknesses to controls, residual risk and checking adherence to best practices (e.g. ISO/PCI/SOC2/3 etc). Gone are the days where you could use John the Ripper to perform password cracking or use netcat to do the same.

    Sad but its just the way the work has evolved over time.... better off doing CISSP/CISA/CISM if you want to do audit but have a good appreciation of security within the audit process.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    I have forgotten the gentleman's name who started the GSNA course many years ago but his background is really forensics and technical audit. That should tell you a great deal right there. I considered GSNA to be a 'tour of tools, lite' version of the C|EH in many aspects with some audit techniques thrown in on the side like green beans on a plate. Nothing fancy but some color to the meal and your mother would approve of the balanced plate or somesuch.

    Later after I had significant experience actually auditing and GRC work under my belt I prepared over a couple of years and took the CISA and things really made sense and felt much more applicable to my audit work. So that exam became much more relevant at the time. Add to that, I like ISACA as an organization but think their marketing is sub-par compared to ISC(2). More likely ISACA is local to me so the organization is very visible in the area: Meet ups, meetings, annual cruise and other educational opportunities are highly visible here in Chicago.

    Ironically, SANS sent one of those helpful reminders to cough up another $399.00 renewals. I have renewed twice. Third time... maybe not.

    - b/eads
Sign In or Register to comment.