Passed GCIH

thunderbull · September 2016

Hi guys, long time lurker here, figured I would give back to the community by writing down my experience with passing the exam. Company paid for a Simulcast of the SANSFIRE 2016 session in June - I thought it was interesting but to be honest, did not pay very close attention to the material. Been in InfoSec for a couple of years now and consider myself mid to senior level analyst. It took me a awhile before I finished my index, I created the document in Excel in June but it took me until mid August (laziness, work, etc.) before I indexed all 5 books. My index was broken up into 5 sections: Linux Commands, Windows Commands, Tools, Attacks, and Misc, and totaled 338 entries. I took my first practice exam with my index as it stood and got a 75%. After getting a feel of what gaps I had, I went back and added more to my index and took the second practice exam and got a 79%. After the second exam I saw where I had the most gaps and reread sections of the book for those gaps. For both exams I finished in 2 hours. I took into the exam all six books (which were sticky noted for sections that showed up a lot in the practice exam and I also wrote the table of contents on the front of the book to more quickly find things) the SANS **** sheets, and the Red Team Field Manual (which surprisingly helped). I finished the exam in 2 and a half hours and got a 90%. I think I looked up about 3/4 of the questions and was somewhat stuck on maybe 5 or so question. I noticed there were clusters of questions around the same subjects - so if you don't get it right the first time you see it, you will miss a handful of them. I didn't use my index as much as I thought I would, but it was quite helpful so I suggest not skimping on making yours if you are challenging the exam. Hope this helps someone!