SANS SEC566/GCCC

E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
Are there labs in this course? Curious if you are just discussing the controls or actually testing them. 
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
Tagged:
«1

Comments

  • markmorowmarkmorow Member Posts: 44 ■■■□□□□□□□
    I'm currently doing this class now and yes there are some labs. They are built around different tools and such that you can use to satisfy the control. For example Control 2 is Software Inventory. You run some PowerShell commands to **** out what's installed on the lab machine. They aren't all that easy but they aren't really complicated either. 
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    Thanks for response! My first day of SEC566 begins tomorrow. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    edited January 2019
    Thanks for response! My first day of SEC566 begins tomorrow. 
    Hang on... Are you in my group? :smiley:


    E Double U said:
    Are there labs in this course? Curious if you are just discussing the controls or actually testing them. 
    To further answer the question: @markmorow has it right: there are some labs, but they are not very heavy lifting. 

    To summarize:
    • At the time of writing you will be provided with one Windows 10 Pro VM.
    • Yes, they do expect you to have setup VMWare on your system beforehand. Can be Player (free), Workstation/Fusion (cheapish). You could also use Parallels or VirtualBox, but in that case they tell you you're on your own; no guarantees about helping you in class. 
    • There are roughly 15 labs, for 20 controls. As Mark pointed out, basic introductions to one or two tools for each subject. You can compare it to labs in a C|EH class: drive-by safari showing you various red/blue team tools. 


  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    Passed GCCC today with 79% - just three weeks after completing the course. I wanted to attempt it sooner, but I had two work trips back-to-back that delayed the completion of my index. Took both practice exams the same day and got 59% on the 1st attempt (without the index) and 80% on the 2nd try (with the index). 


    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Passed GCCC today with 79% 
    Congratulations! That's great work! I'm still working on my indices, but I keep getting distracted by my homelab :smiley:
  • SecurityNoob45SecurityNoob45 Member Posts: 9 ■■□□□□□□□□
    Passed GCCC today with 79% - just three weeks after completing the course. I wanted to attempt it sooner, but I had two work trips back-to-back that delayed the completion of my index. Took both practice exams the same day and got 59% on the 1st attempt (without the index) and 80% on the 2nd try (with the index). 


    How was the difficulty of the questions? where they straightforward? overall what did you think of it?
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    @ Bunny - How far are you into the material? 

    @ Noob - The questions were very straightforward. This is my 4th GIAC exam and it was the easiest. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    @ Bunny - How far are you into the material? 
    I'm almost through the second book. The easy part is that all five books and just about all the chapters have the same build-up, so there's a lot of recurring index words. I'm putting off going through The Big Fat Book(tm) unless I really, really have to. 

    As I said, my homelab has been waaaayyy too enticing, luring me away from the drudgery that is indexing. But now I'm putting my foot down! I'm scheduling my exam attempt in three weeks time (that's the one-week lull between two assignments), so now I absolutely have to finish my work :)
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    edited February 2019
    Yes this has been the easiest index I have made because of the same structure with each control (measures, ERD, defenses, etc). I created a separate tab for each control and just copied the same format to each tab then modified it as needed. The fat NIST books are not needed for the exam.  B) 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    I'm also adding a lot of key software names and concepts to the index. We'll see how things go!
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Hey @E double U, I seem to have found a bug. :) 

    In book 3, pages 21 through 24 (root cause analysis for control 7) appear to be an exact copy/paste of pages 74 through 77 from book 2 (root cause analysis for control 5). Now I’ve seen other copy/paste moments, but in this particular case I feel that there’s been an error in making the syllabus: the repeated text does not appear to be relevant to the subject matter.

    I've sent an email to James, Kelli and Russell about it. I'm curious whether you've noticed the same issue.
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    My index is similar. For every index my tabs are topics, tools, and commands. The commands tab was not necessary for this GIAC attempt, but I kept the topics and tools plus the separate tab for each control. It made it easier for me to find what I was looking for during the exam. I rarely had to use the books. 

    I do not recall seeing that repeated text, but I will take a look. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • SecurityNoob45SecurityNoob45 Member Posts: 9 ■■□□□□□□□□
    My index is similar. For every index my tabs are topics, tools, and commands. The commands tab was not necessary for this GIAC attempt, but I kept the topics and tools plus the separate tab for each control. It made it easier for me to find what I was looking for during the exam. I rarely had to use the books. 

    I do not recall seeing that repeated text, but I will take a look. 
    My index is similar. For every index my tabs are topics, tools, and commands. The commands tab was not necessary for this GIAC attempt, but I kept the topics and tools plus the separate tab for each control. It made it easier for me to find what I was looking for during the exam. I rarely had to use the books. 

    I do not recall seeing that repeated text, but I will take a look. 
    This is my first SANS attempt! would you be able to show maybe a sample or even just a picture of how your index looks? Thanks!
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Others may have them different, but what I use is just a spreadsheet with three columns: term/topic/phrase/keyword - brief description or important points - page number found.

    If a term appears on multiple pages in different places, I'll just have multiple entries for that term. And each definition will be tailored to the content from that specific page.

    I've also found it helped me to print it landscape and have it ringbound at the top at Fedex/Kinkos. I then add sticky tabs on the bottom or side to let me flip to various alphaletters quickly.

    And just to round out the subject, I'll add sticky tabs to the tops of the book pages for every major section shift, topic, examples, key charts and lists, and so on.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Yeah, that's a good tutorial. Similar to "Better GIAC testing with Hacks4Pancakes".

    Gosh, creating that index is a task of drudgery. :| I'm on the last book and I'm so done with this... Once the index is done I'll tackle the practice exam(s) to see how I'll fare, then my exam is due in 1.5 weeks. 
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    edited February 2019
    Whew! I finished my index today! I don't have a color printer at home, so all those cute colored labels aren't going to much use. But the index worked just fine anyway. 

    I immediately took my first practice test and scored a 90% in roughly 55 minutes. Two mistakes were down to sloppiness, the rest were honest fails on my part. 

    And since @SecurityNoob45 asked, here's a photo of my books and index. I used Apple's Numbers as spreadsheet to take indexing notes and then made the actual document in Pages. That took a little effort, because you can't simply paste Numbers data into the DTP tool that is Pages. You first have to make a table to post the data into, and funnily enough Pages limits its tables to 999 rows. So I've had to make three very long tables :)


  • SecurityNoob45SecurityNoob45 Member Posts: 9 ■■□□□□□□□□
    Whew! I finished my index today! I don't have a color printer at home, so all those cute colored labels aren't going to much use. But the index worked just fine anyway. 

    I immediately took my first practice test and scored a 90% in roughly 55 minutes. Two mistakes were down to sloppiness, the rest were honest fails on my part. 

    And since @SecurityNoob45 asked, here's a photo of my books and index. I used Apple's Numbers as spreadsheet to take indexing notes and then made the actual document in Pages. That took a little effort, because you can't simply paste Numbers data into the DTP tool that is Pages. You first have to make a table to post the data into, and funnily enough Pages limits its tables to 999 rows. So I've had to make three very long tables :)


    SO ARE YOU SUPERMAN OR BATMAN? CAUSE YOU SAVED ME! THANK YOU!!!
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    SecurityNoob45 said:
    SO ARE YOU SUPERMAN OR BATMAN? CAUSE YOU SAVED ME! THANK YOU!!!
    Well to be fair, EdoubleU did already link you to a site that provides detailed instructions on how to make these... :smile:

  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    Today was the day :) I passed my GCCC certification exam with a 93% score (my trials rang in at 91% and 89%)

    I found the actual exam to be a bit more difficult than the two trials. I also grabbed for my indices and reference tables a few more times than during the practice rounds. Overall it's a very doable exam though; mostly common sense thinking. 
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Nice job, congrats!

    What's next? :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    LonerVamp said:
    Nice job, congrats!

    What's next? :)
    I'm setting up my homelab, trying to finish up the basic infrastructure, so I can start work on RedHat's EX407 (Ansible). I want to renew my RedHat certs this year. 

    I'm also applying for a SANS Mentor position (for the Netherlands) and have just signed up with the GIAC Advisory Board :)
  • dimkat2903dimkat2903 Member Posts: 2 ■■□□□□□□□□
    Passed GCCC today with 79% - just three weeks after completing the course. I wanted to attempt it sooner, but I had two work trips back-to-back that delayed the completion of my index. Took both practice exams the same day and got 59% on the 1st attempt (without the index) and 80% on the 2nd try (with the index). 


    Greetings my friend and congrats for passing your exam. As i am also preparing for the exam, may i ask if you could provide me with your SEC566 index please? That would be a great help for me, please.
  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    My index is over a year old so I am not sure how good it will do you since the material is updated. I have no problem with sharing it, but I would strongly advise you to prepare your own. Index building has been a part of studying process for me since I read all of the books and do the labs as I create it. If you are just looking for a quicker way to pass the exam you are cheating yourself. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I was thinking about doing the SEC566 SANS class, Is it good ?  Did it really bring something more than reading the control (most are rather straight forward). 
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    I was thinking about doing the SEC566 SANS class, Is it good ?  Did it really bring something more than reading the control (most are rather straight forward). 
    Based on my experiences as Facilitator in this class (in which I met E double U as student) I would say: it depends. 

    It depends on the trainer and more importantly it depends on the students. Unlike most technical SANS classes, SEC566 is squarely targeted at defining and enforcing policies and procedures and at testing their outcome. It's not hacking, it's not code, it's about helping an organization reach security maturity targets. 

    The quality of this class stands and falls with interaction between those people in the room. If it's nothing but one-way traffic and students are only there to drink from the firehost, it's gonna suck for you. Yes you'll learn stuff, but you could be getting so much more from it. I found the talks and discussions we had during each chapter the most valuable parts of my week with SANS. As you point out: you can just read best practices and the CSC. But it's discussing HOW to tackle all this with others that will help you actually get somewhere with'm.
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    dimkat2903 said:
    Greetings my friend and congrats for passing your exam. As i am also preparing for the exam, may i ask if you could provide me with your SEC566 index please? That would be a great help for me, please.

    I'm with E double U here: the point of making your index is part of the learning experience and helps you familiarize yourself with all the materials. Sure you can ask for other people's index, but you're robbing yourself of an experience. 

    Yeah, I've shared my index with one of my classmates at the time. And yeah, I'm pretty sure they passed. But yeah, I felt a bit "meh" about it. But asking us for our index now, over a year after the class, won't help you much. The books have probably changed quite a bit since then. 
  • KickstoneKickstone Member Posts: 6 ■■■□□□□□□□

    E Double U said:

    My index is over a year old so I am not sure how good it will do you since the material is updated. I have no problem with sharing it, but I would strongly advise you to prepare your own. Index building has been a part of studying process for me since I read all of the books and do the labs as I create it. If you are just looking for a quicker way to pass the exam you are cheating yourself.
     

    I'm with E double U here: the point of making your index is part of the learning experience and helps you familiarize yourself with all the materials. Sure you can ask for other people's index, but you're robbing yourself of an experience. 


    You guys are right. But, on the other hand, there are more kinds of approach. One of them is making your own index and then compare with others and refine your work. That's the way I always passed those exams quite successful.

    Also, with this kind of preparing, the "age" of an index doesn't matter at all. It's just for optimizing.

    Due to the current global situation I am taking the Online Training now, and as there is not much orientation to what's important and what's not, which does not make it easier.

    If somebody is willing to share his index with me, I would appreciate it very much. Thanks in advance.





  • E Double UE Double U Member Posts: 2,237 ■■■■■■■■■■
    I found my index. What is your email? 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • FluffyBunnyFluffyBunny Member Posts: 245 ■■■■■■□□□□
    edited March 2020
    Also, with this kind of preparing, the "age" of an index doesn't matter at all. It's just for optimizing.
    Weeellll, chapter layout and page count of the source books may vary wildly. 

    But sure. Knock yourself out -> https://www.kilala.nl/Images/SEC566-index.pdf
Sign In or Register to comment.