Passed GCIH 93%

RIP_LeroiRIP_Leroi Junior MemberMember Posts: 16 ■□□□□□□□□□
This was my first SANS training/exam, so I wanted to provide some feedback based on my experience and preparation.

I've been in security for ~8 years and I've for the past year I've been a senior security analyst for an Incident Response team. I think having real world experience was a huge reason for my success. I had a lot of practical troubleshooting experience, so I was able to narrow down most questions simply by process of elimination based on prior knowledge.

Study Experience/Index:
I am a notorious procrastinator, so I wasted the first 3 months not doing much. I ended up paying $349 to extend my exam and on-demand access because I underestimated the amount of time required for studying and creating the index. I watched the on-demand videos and read through the book twice.

I scored 79% and 83% on my 2 practice exams. I ended up recreating my index after taking my 2nd practice exam. I made it WAY too detailed and I was unable to find anything when I was testing, so I ended up guessing on a lot of the questions on I was unsure of. My 2nd iteration of the index was much simpler the the 1st. I went through each book and notated any keywords, tools, directories, etc that I thought were important. I marked which book and page it was on and then I sorted by the keyword column. There were multiple duplicate keywords (nmap, netcat, etc) that referenced different books/pages, but I never felt overwhelmed with sorting through the books to find what I was looking for. I also tabbed each book to make the main sections easier to thumb to.

I was able to locate 99% of the information I was unsure in the exam from my newly created index. I took well over 3 hours to complete my exam and that included a small break 2/3 of the way through. I made sure to validate every answer I wasn't 100% certain on and I think that made a big difference on my final grade compared to the practice exams.

I'm glad to be done. :D


  • gespensterngespenstern Senior Member Member Posts: 1,243 ■■■■■■■■□□

    Also, from what I know, >90% initiates a SANS/GIAC advisory board invitation protocol.
  • TechGromitTechGromit Ontario, NY Member Posts: 2,151 ■■■■■■■■■□
    Congratulations, and nice score too. I only got a 78%, I found the material and Exam a harder than the SCAN 401 course I took.
    Still searching for the corner in a round room.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,834 Mod
    Congrats on the pass!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • methylmethyl Junior Member Registered Users Posts: 3 ■□□□□□□□□□
    Congrats! I failed twice on my GCIH and currently studying so that I can take the third one. Any tips or advise is appreciated.
  • KasorKasor Senior Member Member Posts: 929 ■■■■□□□□□□
    Congrats. Thanks for the updated information.
    Kill All Suffer T "o" ReBorn
Sign In or Register to comment.