Hi All,
Haven’t posted for a while so thought to give some feedback on my GIAC exam attempts.
GCIH: I used the Sans study guides, Audio recordings and tools on the USB drive. I went through the materials once where found some overlaps from my CISSP and CISA certifications. Completed all the labs and one practise exam where I had a score over 80% so knew was ready for the exam. The exam I didn’t find it to be very difficult and was done with an hour to spare. I did enjoy it but as I am doing the course privately, it’s too expensive paying the full price after exchange rate conversions. In total I took about 2 months to complete the exam, there would be periods where I couldn’t study for a few days due to travelling for work which was delaying the exam.
GCIA: Now this course was on a whole different level, I went through the material once and I knew this will need a lot of extra work. As I was going through the material a second time, I was told by my employers to complete another certification so had to drop the GCIA materials for a few weeks while I finished another course. Unfortunately when I got back to it I had even more gaps in knowledge so started with the materials again. I have an hour commute to work on most days so I would either read the course material or listen to the audio. I went over the materials 3 times and was still having real problems reading HEX ****. I booked the exam giving myself two weeks, too see how much more work was needed so decided to take a practise where I got a rude shock with score off 52%. It also showed me my knowledge really lacked with reading packet HEX ****. I spent the next week concentrating just on reading packets. Used various sites I found through google search on how to read the packets correctly. By the end of the week after a lot of work on reading packets, it was like something on the matrix where everything started appearing in plain text. A few days before the exam I took the 2
nd practise exam and cleared so knew I was ready for the exam. It’s a hard course but with lots of research and putting in extra effort it pays off. I would switch between audio and study guides when travelling to understand the content better. I would also recommend going over SNORT and BRO materials to fully understand it plus completing the labs to understand how it all works. The exam was very interesting and yes it was difficult. I spent way too long on the first 30 questions, unsure about content and reviewing index for verification. Towards the end of the exam I started running out of time very fast due to me taking too long verifying each answer. The last 20 questions I just flew through it without using the index and completed with 5 mins to spare. Time management didn’t go to plan on this one but I managed to pass it which was an excellent result.
I would highly recommend Sans 503 and 504, it backs up all the theory with excellent practical labs. I was able to get the study materials off ebay which helped me save a lot of money. I could not justify paying about $7500 in local currency for each course. The exams are still expensive but it was better than paying full price. Due to the course being so expensive I ended up putting the materials back on ebay so someone else could benefit from it.
Next for me is taking a break from GIAC and completing CCSP, I already have the materials for GWAPT which would be my next GIAC certification so have a fairly full plate at the moment.
Couple of links I used for learning to reading HEX packets
https://www.pacificsimplicity.ca/blog/reading-packet-hex-****-manually-no-wiresharkhttps://xerocrypt.wordpress.com/2014/07/22/how-to-read-almost-raw-tcpip-packet-headers-without-the-tools/http://www.certconf.org/presentations/2006/files/TB4.pdf
