GCIA and GCIH completed

naxdeenaxdee Posts: 12Member ■□□□□□□□□□
Hi All,

Haven’t posted for a while so thought to give some feedback on my GIAC exam attempts.

GCIH: I used the Sans study guides, Audio recordings and tools on the USB drive. I went through the materials once where found some overlaps from my CISSP and CISA certifications. Completed all the labs and one practise exam where I had a score over 80% so knew was ready for the exam. The exam I didn’t find it to be very difficult and was done with an hour to spare. I did enjoy it but as I am doing the course privately, it’s too expensive paying the full price after exchange rate conversions. In total I took about 2 months to complete the exam, there would be periods where I couldn’t study for a few days due to travelling for work which was delaying the exam.

GCIA: Now this course was on a whole different level, I went through the material once and I knew this will need a lot of extra work. As I was going through the material a second time, I was told by my employers to complete another certification so had to drop the GCIA materials for a few weeks while I finished another course. Unfortunately when I got back to it I had even more gaps in knowledge so started with the materials again. I have an hour commute to work on most days so I would either read the course material or listen to the audio. I went over the materials 3 times and was still having real problems reading HEX ****. I booked the exam giving myself two weeks, too see how much more work was needed so decided to take a practise where I got a rude shock with score off 52%. It also showed me my knowledge really lacked with reading packet HEX ****. I spent the next week concentrating just on reading packets. Used various sites I found through google search on how to read the packets correctly. By the end of the week after a lot of work on reading packets, it was like something on the matrix where everything started appearing in plain text. A few days before the exam I took the 2nd practise exam and cleared so knew I was ready for the exam. It’s a hard course but with lots of research and putting in extra effort it pays off. I would switch between audio and study guides when travelling to understand the content better. I would also recommend going over SNORT and BRO materials to fully understand it plus completing the labs to understand how it all works. The exam was very interesting and yes it was difficult. I spent way too long on the first 30 questions, unsure about content and reviewing index for verification. Towards the end of the exam I started running out of time very fast due to me taking too long verifying each answer. The last 20 questions I just flew through it without using the index and completed with 5 mins to spare. Time management didn’t go to plan on this one but I managed to pass it which was an excellent result. icon_cheers.gificon_cheers.gif

I would highly recommend Sans 503 and 504, it backs up all the theory with excellent practical labs. I was able to get the study materials off ebay which helped me save a lot of money. I could not justify paying about $7500 in local currency for each course. The exams are still expensive but it was better than paying full price. Due to the course being so expensive I ended up putting the materials back on ebay so someone else could benefit from it.

Next for me is taking a break from GIAC and completing CCSP, I already have the materials for GWAPT which would be my next GIAC certification so have a fairly full plate at the moment.

Couple of links I used for learning to reading HEX packets

https://www.pacificsimplicity.ca/blog/reading-packet-hex-****-manually-no-wireshark
https://xerocrypt.wordpress.com/2014/07/22/how-to-read-almost-raw-tcpip-packet-headers-without-the-tools/
http://www.certconf.org/presentations/2006/files/TB4.pdf

Comments

  • E Double UE Double U Posts: 1,538Member ■■■■■■■■□□
    Congratulations! I'm looking forward to tackling GCIA as soon as my employer pays for the SEC503. Which websites did you find the most useful for learning to read the packets?
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • naxdeenaxdee Posts: 12Member ■□□□□□□□□□
    Hi E Double U, I have attached some of the links I used
  • E Double UE Double U Posts: 1,538Member ■■■■■■■■□□
    I need sleep - how did I miss that icon_lol.gif

    Thank you!
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • the_Grinchthe_Grinch Posts: 4,142Member ■■■■■■■■■■
    Congrats and well done! These are two I would love to take if I can get work to cover them.
    WIP:
    Assembly
    Data Structures
    Javascript
    Work stuff
  • IaHawkIaHawk Posts: 188Member ■■■□□□□□□□
    Congrats! I'm hoping to take the GCIH course at SANS Security East 2017 in New Orleans....still waiting for approval on the live training.
  • E Double UE Double U Posts: 1,538Member ■■■■■■■■□□
    @ IaHawk & the_Grinch - SEC504 was the most fun training I've ever taken. I hope you guys enjoy the GCIH pursuit as much as I did.
    Alphabet soup: CISSP, CCSP, CISM, CISA, GPEN, GCIA, GCIH, GCCC, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • wiseguywiseguy CISSP, GSEC, CompTIA Secure Infrastructure Specialist, CompTIA IT Operations Specialist, MCSE Securi Posts: 61Member ■■■□□□□□□□
    Naxdee,

    Congratulations on passing both exams! I wanted to get your opinion (or anyone else reading this thread for that matter) in what order would you recommend taking the 503 and 504 classes? Judging by your post and what I've gathered in random posts it would appear the GCIH 504 course might be a better starting point then take the 503 course.
  • TacoRocketTacoRocket Posts: 497Member ■■■■□□□□□□
    These courses are completely different. One if Incident Handling the other Incident Analysis. Which would you prefer to do?
    wiseguy wrote: »
    Naxdee,

    Congratulations on passing both exams! I wanted to get your opinion (or anyone else reading this thread for that matter) in what order would you recommend taking the 503 and 504 classes? Judging by your post and what I've gathered in random posts it would appear the GCIH 504 course might be a better starting point then take the 503 course.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • wiseguywiseguy CISSP, GSEC, CompTIA Secure Infrastructure Specialist, CompTIA IT Operations Specialist, MCSE Securi Posts: 61Member ■■■□□□□□□□
    I'm leaning more towards Incident Handling. The courses seem to complement one another so nicely that I wasn't sure if one naturally lead into the other.
  • TacoRocketTacoRocket Posts: 497Member ■■■■□□□□□□
    They would be really different. GCIA is more packet analysis. GCIH covers more of the tools you might see in an incident kind purple team like material.
    wiseguy wrote: »
    I'm leaning more towards Incident Handling. The courses seem to complement one another so nicely that I wasn't sure if one naturally lead into the other.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • wiseguywiseguy CISSP, GSEC, CompTIA Secure Infrastructure Specialist, CompTIA IT Operations Specialist, MCSE Securi Posts: 61Member ■■■□□□□□□□
    TacoRocket wrote: »
    They would be really different. GCIA is more packet analysis. GCIH covers more of the tools you might see in an incident kind purple team like material.

    Thanks for the feedback!
  • Erik1Erik1 Posts: 3Registered Users ■□□□□□□□□□
    Will you sell your gcih books? Thanks
  • lostsollostsol Posts: 18Member ■□□□□□□□□□
    With the advent of more and more traffic being encrypted, did you still find the SEC503 material to be relevant or updated? It seems like a great fundamentals course, which is always important, but I am debating on whether I should take this course or another for network security monitoring, such as the new SEC555 SIEM course.
Sign In or Register to comment.