Passed GPEN today

E Double U

Accomplished my goal of knocking out this certification a week before my Cali vacation. Here is how I did it:

- Took SEC560 May 28 - Jun 1.
- Started on my index immediately with my goal being to complete one book per week (took a break for a few days the week following the SANS course because I had Scrum Master training and passed that exam too). My index was completed last weekend.
- 1st practice exam on 9-July and got 58%. 2nd practice on 12-July and got 70%
- Spent the last two nights (and this morning) adding a few things to my index and read through the lab workbook again.

I basically worked on this every night for the past few weeks so no hanging out with the Mrs at night or watching World Cup (I caught only two games). I had a brief setback when I had an extreme toothachewhich was too distracting for me to concentrate on studying, but a root canal cleared that up then it was back to business.

I must say I think I need a long break from certs. This is my 3rd this year and it is time to focus on other things besides sitting in front of books and a laptop every night. Plus I feel too much anxiety when taking GIAC exams. Time is not on my side when taking open book exams because I try to look up every answer to be sure and then end up answering questions really quickly the end before time expires.

Now it is time to enjoy a bbq, watch World Cup, hangout with the Mrs, and go back home to LA for a few weeks. When I return I will work harder on Dutch, begin a free Python course, and possibly a free machine learning course.

Oh and almost forgot - it was easy to build my index for this because I was able to copy/paste a lot of items from my GCIH and GCIA indexes. That was really a time saver.

LordQarlyn

A big congrats dude! Haha yes I agree, it is time for you to enjoy life and celebrate your well-earned victory! Again congrats!

gespenstern

Congrats!

sb97

Nice to hear about the index overlap between courses. Grats on the pass.

E Double U

Thanks guys!

@sb97 - that index overlap saved me so much time plus a lot of the topics/tools were not new to me

UnixGuy

Congrats! What's next for you?

cshkuru

That index overlap is something I have noticed in other classes. I have thought for awhile that someone with some connections (maening someone who knows more people who have taken sans classes than i do) should put together a google spreadsheet that lists tools and labs, as in install bro / snort not details of the sans labs, after a while people will be able to start building a road map of skills, tools, and labs to master and be better preapred for the sans firehose.

Info_Sec_Wannabe

Congrats man!

This is your 3rd cert for the year? I really admire folks who can continually study after a cert or two. In my case, I need a break or otherwise I'll get burned out.

E Double U

@ UnixGuy - no plans on starting another cert this year. I just started reading Think & Grow Rich yesterday and I'm just counting down the days to my vacation which begins on Friday.

@ cshkuru - that might be a good idea for others, but I actually like creating my own indexes.

@ Info_Sec_Wannabe - Yep CISA, PSM I, and GPEN. GPEN was the toughest of the 3 and I actually tried to cancel the SANS training request, but it was paid for in the 11th hour so I went through with it. I've been doing certs nonstop since 2013 and I think I will burnout soon, but I can't help taking advantage of fully financed opportunities. At least there is no more money left in my budget for this year lol.

cshkuru

I am not talking about an index of the classes, but a reference sheet of the tools that are mentioned in the classes, so that if sya Jimmy wants to know what classes have labs dealing with OSSIM, there is an easy place to go. Additionally maybe there are links to some reference labs so they can gain a little exposure to the tool before being exposed to it in class. But, maybe it's just me so I'll let it lie.

JamesBarker

Congrats dude one day I hope to earn the same certification.

LordQarlyn

Yeah last year I got three new certs myself and needed a break though this year I did renew my Sec+ for DoD requirements (CompTIA had this scheme that for a fee you could take this joke of an exam to simply renew it for another 3 years so I don't count that lol). Now it's time for me to start getting certs again.

E Double U

@ cshkuru - Since there is a syllabus under each course which mentions the exercises and tools used then may I suggest you start going through those then start on that reference sheet. Then share it with TE and people can add to that. Seems like a good idea.

@ JamesBarker - Do you have plans on taking the course soon? Have you any experience w/ SANS?

@ LordQarlyn - Which cert will you begin working on 1st?

LordQarlyn

E Double U wrote: »

@ cshkuru - Since there is a syllabus under each course which mentions the exercises and tools used then may I suggest you start going through those then start on that reference sheet. Then share it with TE and people can add to that. Seems like a good idea.

@ JamesBarker - Do you have plans on taking the course soon? Have you any experience w/ SANS?

@ LordQarlyn - Which cert will you begin working on 1st?

I've started studying for the GCIH.

E Double U

LordQarlyn wrote: »

I've started studying for the GCIH.

Still one of my favorite courses. Good luck!

JamesBarker

Hey E Double U, I plan to in the future, I've got a few Microsoft & Cisco exams to get under my belt first.

With comparison from the CEH cert and SANS GIAC GPEN cert which certification is more recognized by employers?

I would like to gain my CEH but don't think I could match up to their pre-req requirements to take the CEH certification i.e employer referenced two years of work experience in the Information Security domain - I only really have a scattered track of 1st and 2nd Line Helpdesk and Desktop support for different businesses.

From reading up about the GIAC GPEN it has no pre-requisites which is perfect for me, for building myself in to my first IT security job, ideally in Penetration testing and auditing, would it be a better path to get this Penetration focused certification or a CEH which I guess is more all round.

Thanks,

James

cshkuru

Yeah I had started yesterday. Actually makes for a nice break from indexing GCIP stuff.

Info_Sec_Wannabe

E Double U wrote: »

@ Info_Sec_Wannabe - Yep CISA, PSM I, and GPEN. GPEN was the toughest of the 3 and I actually tried to cancel the SANS training request, but it was paid for in the 11th hour so I went through with it. I've been doing certs nonstop since 2013 and I think I will burnout soon, but I can't help taking advantage of fully financed opportunities. At least there is no more money left in my budget for this year lol.

If my employer comes to me and tells me that they enrolled me in a SANS course then who am I to decline? Will definitely accept it with arms wide open.

LordQarlyn

E Double U wrote: »

Still one of my favorite courses. Good luck!

Hey thanks, and yeah it's pretty interesting stuff!

E Double U

@ cshkuru - I'm interested in seeing the end result.

@ JamesBarker - A quick job search using CEH and GCIH as keywords will answer that question for you. I think GCIH is more respected among techs, but CEH is more recognizable by HR filters. I think if someone achieve's one then it will be minimal effort to obtain the other because the content is similar. And doing both before GPEN is very helpful.

@ LordQarlyn - It certainly is! That was my first vendor agnostic technical course after years of Cisco, Check Point, Microsoft, etc. I loved it.

@ Info_Sec_Wannabe - Exactly! It was a course I was really interested in, but was starting to feel burnout from the back to back cert preparation. I'm glad I pushed through.

futurehendrix

Congrats!

Had similar experience with the GCIA as far as flunking the first test and then narrowly passing the second and also using every single minute because having the book there is a huge temptation to look for every answer.

Quick question since I saw you had both the GCIA and the CISSP among other certs that I'm interested in....what would you say is a good cert to go after following the GCIA and how long to wait for the CISSP?

E Double U

The best cert to follow-up any cert is either one that is relevant to what you are currently doing or want to do in the future. After completing GCIA I went into CISM and CISA because I was ready for some non-technical security that is also relevant to my team's activities and possible future opportunities. I did PSM I for the same reason.

I can't think of any specific cert that is a good follow-up to GCIA in the way that GPEN is a good follow-up to GCIH.

(ISC)2 has already set a waiting period for you:
- At least five years of cumulative, paid work experience
- In two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK)

How much longer you wait after meeting that criteria is entirely up to you. Just depends on your goals. I went into CISSP after completing CCNP Security because I wanted to switch to something non-technical just like I did when I pursued ISACA offerings.