Passed GCIH 93%

RIP_LeroiRIP_Leroi Member Posts: 16 ■□□□□□□□□□
This was my first SANS training/exam, so I wanted to provide some feedback based on my experience and preparation.

I've been in security for ~8 years and I've for the past year I've been a senior security analyst for an Incident Response team. I think having real world experience was a huge reason for my success. I had a lot of practical troubleshooting experience, so I was able to narrow down most questions simply by process of elimination based on prior knowledge.

Study Experience/Index:
I am a notorious procrastinator, so I wasted the first 3 months not doing much. I ended up paying $349 to extend my exam and on-demand access because I underestimated the amount of time required for studying and creating the index. I watched the on-demand videos and read through the book twice.

I scored 79% and 83% on my 2 practice exams. I ended up recreating my index after taking my 2nd practice exam. I made it WAY too detailed and I was unable to find anything when I was testing, so I ended up guessing on a lot of the questions on I was unsure of. My 2nd iteration of the index was much simpler the the 1st. I went through each book and notated any keywords, tools, directories, etc that I thought were important. I marked which book and page it was on and then I sorted by the keyword column. There were multiple duplicate keywords (nmap, netcat, etc) that referenced different books/pages, but I never felt overwhelmed with sorting through the books to find what I was looking for. I also tabbed each book to make the main sections easier to thumb to.

I was able to locate 99% of the information I was unsure in the exam from my newly created index. I took well over 3 hours to complete my exam and that included a small break 2/3 of the way through. I made sure to validate every answer I wasn't 100% certain on and I think that made a big difference on my final grade compared to the practice exams.

I'm glad to be done. :D


Sign In or Register to comment.