Review: Sans sec401 (gsec)

MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
The first course for the SANS Master of Science in Information Security Engineering program is SEC401 Security Essentials. I have read so many great things about SANS material and how their certification exams are open book, so I was very excited to get started and see what all the fuss was a about.
[h=2]Material[/h]I opted to go with the OnDemand option, which came with the following: official courseware books (sent via USPS), 25+ hours of video training, and two practice exams. There are six books, one book for each day of their in-person training.
Section 1: Network Security Essentials
Section 2: Defense-In-Depth and Attacks
Section 3: Threat Management
Section 4: Crypto, Risk Management and Response
Section 5: Windows Security
Section 6: Linux Security
[h=2]Studying Strategy[/h]From my experience, I pick up material faster by reviewing new topics via video and then once I comprehend the basics, I can pick up material faster through books. With that being said, I knocked out the 25+ hours of video within the first week (tip: play the video at x1.25 or x1.50 to save you some time). I made it a goal of mine to study at least 3 hours a day.
Once the videos were done, I moved onto the courseware books. I decided to go with a new approach which included going through the material three times. My first run through of the books was solely reading with no note taking. From my past experiences, when I would take notes right away, I found myself taking forever to get through the material because I wanted to write down everything. During my second run through, I only highlighted information I found hard to grasp or topics I thought would for sure be on the test. Finally, with the third run through, I didn’t necessarily read every word, but I reviewed what I highlighted and decided if it was worth writing down.
[h=2]Index[/h]The famous SANS index! This idea of an open book certification test is brand new to me but also super intriguing. It’s especially intriguing because with the exams being open book, they are still highly regarded in the information security arena.
What I liked was that SANS provides an index in the back of book 6 so you don’t need to start from scratch. What I decided to do was take the first practice exam with the index SANS provided and tune-it, depending on how I did. I received an 87% on my practice exam, which was good but I was spending too much time looking up topics, so I decided to add to the index.
[h=2]Practice Exams[/h]The practice exams are of high quality and are similar to the real test, but you won’t see any duplicate questions. If you are scoring in the 80’s on your practice exams, I believe you are definitely ready to take the real thing. One thing I did not like about the practice exams, is that once it was over, you are not able to review the test…you will need to write down what you got wrong while taking the test. It would be more useful if the students could review the questions after the practice exam was over, so we don’t feel rushed trying to write down why we got the questions wrong but still trying to take the test.
[h=2]Exam[/h]Like I mentioned in the last section, the practice exams are very similar to the real test, so you should not be caught off guard in any way. I passed the exam with an 87%.
[h=2]Thoughts[/h]If you are new to security, then I would definitely recommend this course if your company is going to foot the bill. If you are paying out of pocket, I would suggest self-studying for CompTIA’s Security+.
Besides the amount of the information in the courseware, I found the real-life experiences and stories from the instructor to be super valuable and interesting. It’s one thing to read the material and understand the topics, but it’s another to have an information security expert tell you stories that involve what you’re learning…it really drives home the point.
Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com

Comments

  • LordQarlynLordQarlyn Member Posts: 693 ■■■■■■□□□□
    Congrats on the exam and I would love to get my company to pay for SANS training or even work study. Thanks for the pointers and the tip regarding CompTIA Security+ as it relates to GSEC.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Congratulations on your pass.

    What I liked was that SANS provides an index in the back of book 6 so you don’t need to start from scratch.

    I don't like it, the index in my GREM books was outdated and often just plain wrong, pointing to topics that no longer existed or incorrect locations, not to mention incomplete. While SANS doesn't post pass / fail rates, I was wager that the fail rate got a nice little spike when they started including their crappy indexes again. There will always be lazy people, looking for the easy way out, I don't have to make my own index, SANS provided one for me already. Yea, good luck with that.
    The practice exams are of high quality and are similar to the real test, but you won’t see any duplicate questions.

    While it's true you will not see the exact same questions on the practice tests and exam, I do recall seeing similar questions testing conceptional knowledge, this is why its useful to understand what you go wrong on the practice exams and why.
    One thing I did not like about the practice exams, is that once it was over, you are not able to review the test…you will need to write down what you got wrong while taking the test. It would be more useful if the students could review the questions after the practice exam was over, so we don’t feel rushed trying to write down why we got the questions wrong but still trying to take the test.

    The nice thing about the practice tests gives you very detailed answers to questions you got wrong, explaining why, but it doesn’t stop the clock, when you pressured on time, you don’t have the luxury to read the in-depth answer. I too quickly scribbled down notes, during practice exams, but I do wish there was a way to over the wrong answers in more detail. I’ve read some people record the practice tests, but this is a serious violation I don’t recommend you do this.

    Like I mentioned in the last section, the practice exams are very similar to the real test, so you should not be caught off guard in any way.

    The only thing I would add is on my GIAC automotive exam, on the 1st practice exam, questions seems to be geared more towards car questions, my 2nd practice exams the focus was more on trucks and on the actual exam, buses were the topic of the day. While they are all automotive questions, each exam seemed to focus more on one area than another. So don’t use the practice exams as gospel, that only Cars and Trucks will be asking on the real exam, it’s important to know all your automotive topics.

    Still searching for the corner in a round room.
  • sb97sb97 Member Posts: 109
    TechGromit wrote: »

    I don't like it, the index in my GREM books was outdated and often just plain wrong, pointing to topics that no longer existed or incorrect locations, not to mention incomplete. While SANS doesn't post pass / fail rates, I was wager that the fail rate got a nice little spike when they started including their crappy indexes again. There will always be lazy people, looking for the easy way out, I don't have to make my own index, SANS provided one for me already. Yea, good luck with that.
    I typically include both my index and whatever SANS provides in my test notebook. I fully agree creating your own index is an important part of studying. Especially for me because I use a different format than the ones provided by SANS. Still it doesn't hurt to take the extra set of notes.
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    You both have interesting points. I found their index to be a good start, it just needed a little Malware Mike flavor to it. I do think the indexes for the GSEC and GCIH covered 80-90% of what was needed but it was bloated with too many page numbers. This is when I started to highlight the important pages that they already listed. Or if they missed a term, I would just go to that section in the index and write down the term then the page number.

    I personally believe if someone read half the material but had a great index, they could probably pass...that's why I kind of hope/want SANS to tweak their exams. I do not have a solution of what they should do but I don't think an index should influence your grade as much as it probably does.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    I do think the indexes for the GSEC and GCIH covered 80-90% of what was needed but it was bloated with too many page numbers.

    That wasn't my experience with the GREM, a Monkey on a type writer could have created a better index. It was useless to me and didn't use it.
    Still searching for the corner in a round room.
  • MiniBellaMiniBella Registered Users Posts: 3 ■□□□□□□□□□
    You both have interesting points. I found their index to be a good start, it just needed a little Malware Mike flavor to it. I do think the indexes for the GSEC and GCIH covered 80-90% of what was needed but it was bloated with too many page numbers. This is when I started to highlight the important pages that they already listed. Or if they missed a term, I would just go to that section in the index and write down the term then the page number.

    I personally believe if someone read half the material but had a great index, they could probably pass...that's why I kind of hope/want SANS to tweak their exams. I do not have a solution of what they should do but I don't think an index should influence your grade as much as it probably does.

    According to my SANS program 'mentor' (who is also a SANS instructor) the logic behind their exams being set-up so that most people need an index to pass is because
    -creating the index for most people forces them to read/reinforce ALL of the material
    -exams cover a lot of material (esp GSEC) and they don't expect the average person to memorize it all
    -in 'real life' infosec professionals google/look stuff up all the time, and they don't see why their test should be any different
    -while most people need an index there is NO WAY you have enough time to look up most the questions without running out of time, so it's not like you don't still need to know the material

    Side note, I'm (an infosec noob) currently studying for my GCIH. I'm on a very short timeline so I took my first practice test after thoroughly reading/indexing books 1-4 and skimming through book 5. The topics in book 5 were (obviously) my weakest areas. I did not pass my practice exam.
Sign In or Register to comment.