Passed GPYC - Any questions?
I haven't seen many reviews or posts on this, so I thought I would contribute something. On-demand is my training mode of choice, so I was not in a live classroom.
SEC573: Automating Information Security with Python was solid. Days 1 and 2 were a Python primer, Days 3 - 5 were dedicated to Defensive, Forensics and Offensive Python respectively. As usual, the training incorporated a nice balance of conceptual and pragmatic learning. I found it very useful and was pleasantly surprised by the concise section on Regex.
The exam wasn't very challenging, but I came in with some familiarity with scripting. Additionally, my last GIAC exam was GXPN which was pretty difficult. That may have skewed my impression. Either way, I spent less time studying for this as I did other GIAC exams. No code writing, just standard multiple choice.
I should point out that my purpose was almost entirely to strengthen my scripting skills, and I found the training very valuable in that regard. Taking the exam was more about showing immediate value to my employer.
SEC573: Automating Information Security with Python was solid. Days 1 and 2 were a Python primer, Days 3 - 5 were dedicated to Defensive, Forensics and Offensive Python respectively. As usual, the training incorporated a nice balance of conceptual and pragmatic learning. I found it very useful and was pleasantly surprised by the concise section on Regex.
The exam wasn't very challenging, but I came in with some familiarity with scripting. Additionally, my last GIAC exam was GXPN which was pretty difficult. That may have skewed my impression. Either way, I spent less time studying for this as I did other GIAC exams. No code writing, just standard multiple choice.
I should point out that my purpose was almost entirely to strengthen my scripting skills, and I found the training very valuable in that regard. Taking the exam was more about showing immediate value to my employer.
Comments
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
For example, Violent Python covers both lists and dictionaries in a single page. That leaves a lot of blanks to fill for those inexperienced in coding. Of course there are other avenues for filling in those blanks that are far less expensive. I guess I would say that if someone is experienced with Python or other scripting languages, I agree that the SEC573 is unnecessary. Those lacking in experience would find it valuable but not necessarily worth cost if they're paying out of pocket.
But for those lacking in experience (and who have funding from their employer), the PyWars labs alone are extremely helpful. The training can really help you get up to speed if you want to get your parsing, analyzing, automation and tool development skills off the ground quickly.
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Because the data is dynamic, you are encouraged to use functions and variables in your solution as opposed to static numbers and strings. I think there is also a short time limit before any .data() becomes stale, which also pushes you toward using functions.
I'm sure I can get into specifics, but the exercises range from returning a sorted list of elements to more complex scenarios where you have to loop through a file, parsing out data patterns (like SSNs) using regex.
There is a also a local instance of the pyWars server provided when you purchase On-Demand, so pyWars is available even after the access to the online lab expires. Documentation shows it has the the first 53 questions, but not the bonus ones.
Oh and, congratulations!
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com