Passed the GSEC today
This is one of the more important exams in my certification plans this year. I spent the past month working on this, first with the OnDemand course (I took a week off from work just to go through it) and then the next few weeks parsing the books, taking notes, and reviewing the areas I was weak in.
No doubt this is a solid course. I will say however that from a practical perspective I think my money would have been better spent on something more focused like the GCIA, but cementing foundations is a necessity. Otherwise, the bulk of this course was review for me since I have experience with most of the concepts and almost all the tools reviewed. For those who haven't had at least a few years of experience with both Windows AD networking and Unix, the sheer breadth of material can be overwhelming. When people talk about the number of pages in the bound course material (in my case, six books at roughly 250 - 300 pages each, plus lab work), they're not kidding. No wonder why they give you four months to complete your certification attempt. And this is coverage that I feel is still relatively high level.
The test that I took today was pretty close to the practice exam I tried last week. I hate exams though - I'm not a morning person, always have that "exam-twitch" and nervous feeling in my stomach, and this causes me to become trigger happy. There's an on-screen timer staring at you and I need to get a handle on the psychological factor. Of all the questions I missed, the vast majority were during the first few dozen when I was warming up into the test session (and a few were the kind I shouldn't have missed but did because I should read the questions more carefully).
Overall, I finished in just under a couple of hours at 93.33% and I only skipped a couple of questions for later review. Not quite as high of a score as I wanted (I mean, it's open book / open notes after all), but a pass is a pass. I will say that if I did not have access to the course materials, my score would have fared far worse. CompTIA's Security+ is a good introduction to GSEC, but it comes nowhere near close to the level of depth and technical coverage. I actually learned some new things (like reading hex in a trace and pinpointing the specific values in field headers, for example), some of which I should have learned a long time ago. This in itself made the course worth it for me.
I think I'll go for the practical later on this year, after my CISSP attempt. For now, I need a couple of weeks off from studying and give myself a chance to deflate.
No doubt this is a solid course. I will say however that from a practical perspective I think my money would have been better spent on something more focused like the GCIA, but cementing foundations is a necessity. Otherwise, the bulk of this course was review for me since I have experience with most of the concepts and almost all the tools reviewed. For those who haven't had at least a few years of experience with both Windows AD networking and Unix, the sheer breadth of material can be overwhelming. When people talk about the number of pages in the bound course material (in my case, six books at roughly 250 - 300 pages each, plus lab work), they're not kidding. No wonder why they give you four months to complete your certification attempt. And this is coverage that I feel is still relatively high level.
The test that I took today was pretty close to the practice exam I tried last week. I hate exams though - I'm not a morning person, always have that "exam-twitch" and nervous feeling in my stomach, and this causes me to become trigger happy. There's an on-screen timer staring at you and I need to get a handle on the psychological factor. Of all the questions I missed, the vast majority were during the first few dozen when I was warming up into the test session (and a few were the kind I shouldn't have missed but did because I should read the questions more carefully).
Overall, I finished in just under a couple of hours at 93.33% and I only skipped a couple of questions for later review. Not quite as high of a score as I wanted (I mean, it's open book / open notes after all), but a pass is a pass. I will say that if I did not have access to the course materials, my score would have fared far worse. CompTIA's Security+ is a good introduction to GSEC, but it comes nowhere near close to the level of depth and technical coverage. I actually learned some new things (like reading hex in a trace and pinpointing the specific values in field headers, for example), some of which I should have learned a long time ago. This in itself made the course worth it for me.
I think I'll go for the practical later on this year, after my CISSP attempt. For now, I need a couple of weeks off from studying and give myself a chance to deflate.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
Good luck on the CISSP; it's 1000 times worse
You thinking about any more SANS certs in the future?
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
Oh, great. Juuuuust great... I'm really not looking forward to this one. I have three slightly-older references to read through: my Global Knowledge CISSP Prep Course material from a few years back, the official CBK from a few years ago, and Shon Harris' fourth edition. I also picked up an Exam Cram for practice questions.
I'm definitely thinking about the GCIA and maybe the GCFW, GPEN, and GCIH. I really want to do the GCIA though. Maybe Q1 next year when the funds permit. The 558 course (Network Forensics) sounds really cool, but they don't offer a self-study version since I think it's new and I really don't want to incur travel costs. GAWN 617 (Wireless Ethical Hacking, Penetration Testing, and Defenses) sounds awesome as well, but then I start thinking about how much all the re-certifications are going to cost, even if they're discounted. I might just do the OSWP for now...
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
So in your opinion, for someone about to take Sec+, and no previous experience outside of user level security support, the GSEC is more valuable? Or a specialty, such as GCIA, GCIH, etc?
I've done some firewall work and VPNs already which makes the GCFW a natural choice, but for once I need a course that goes into new territory for me. Based on what I'm reading on your other thread, it looks like going for both FW and IA would be a nice combo since there's apparently some overlap. Ultimately, it comes down to cost. I'm not brave enough to challenge the exams because even if I manage to pass, I certainly won't score high (and since the score's public, I don't want to have a low one for the sake of professional dignity). IA first, then maybe FW afterward. I'll have to convince the company to reimburse me if I can. Otherwise, it's back to ramen noodles for dinner.
If you're relatively new to the security world, I think after the Sec+ the GSEC would be fantastic. In my case, I've been doing Active Directory, Cisco networking, firewalls, VPNs, authentication systems, PKI, etc. in varying capacities for the last decade so it wasn't as huge of a value to me education-wise. Folks who haven't been exposed to that kind of stuff as much would benefit greatly and I would recommend as a solid prerequisite before doing the GCIA, etc.. I think I saw a YouTube video that mentioned that the first four days of the GSEC pretty much covers Security+ and then some. Keep in mind though that I never took a Sec+ course - I just studied the Mike Meyers book for a week and got an 880 (out of 900) on the test. I found the GSEC considerably harder in some ways.
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
Then you have protocol implementations such as SMB which was upgraded in Vista / 7 and default inclusion of dual-stack support. While the basic NT domain model and the underlying protocols such as heavy RPC dependency, etc. hasn't changed since the 4.0 days, there are more choices riding over it (Kerberos, NTLM, etc. for the security services support providers) as well as all the other required stuff for AD like LDAP on both TCP and UDP, Global Catalog replication, DNS SRV records, etc. and the trusts and tools that go with it. Then you look at how granular NTFS permissions can get vs. what you get on Unix. Also, "permissions" in the Windows world is a specific thing (actions you can take on "securable objects") vs. privileges vs. logon rights. "Permissions" as a term in the *nix world is applied much more broadly.
Networking and Unix seems to be more straightforward and consistent. While some firewalls do first-match (PIX, IOS ACLs) and others do best match (pf, Windows Firewall with Advanced Security), in the end an IP header is an IP header, IPsec is IPsec.
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
Shon Harris 4E was my primary resource. I used a few others, but none of them really seemed to matter much. It really comes down to experience and your ability to interpret what they're asking.
A GSE written (essentially GSEC, GCIA, and GCIH) will renew everything, and that's only $400.
The OWSP is almost exclusively WEP, and IMHO, it's not really worth it. It definitely needs an update. Now's a great time to do the PWB course; they just updated that for BT4.
I called Paul as soon as I finished mine, and I told him he'd need to brush up on Windows, but he'd kill the rest of it. I got an earful
Multiple times per week, I hear something to the affect of, "Linux is free because it sucks. No one would pay for it." He lives in a sad and lonely world...
Honestly since Cliff left I haven't gone there much.
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
http://www.sans.org/security-training/security-essentials-bootcamp-style-61-mid
"SPECIAL NOTE: This course is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC)."
Is listing this on a resume just filler if I'm not applying for DoD-ish positions?
I don't list the NSTISSI 4011 on mine because non-DoD contractors don't know what it is.
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
GCIA, GCIH, GCFW, GPEN? Any help will be greatly appreciated since I got management to pay for the SANS OnDemand Option 2 (4 long courses).
Thanks
It really comes down to what you want to do. GIAC provides fairly detailed course descriptions and day-by-day breakdown of what the course covers. Assuming you know what you want to do (which may be your hold-up
After GCIA, then GCIH, GCFW or GCED (anyone done this yet?). I am going to keep taking as many as long as Uncle SAM will keep paying!
Thanks
Not4TJM
Niiiiiiiiiiiiiiiiiiiiiiiice. GI bill?
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
Where are you supposed to take it at?
the official course material is 6 books. Make good notes and indexes.
you can take additional books also, but have to fit in backpack and you have to be able to carry bundle of books in one trip. You have to have good desk at testing center where you can spread books out.
the test seems like an endurance test to me. 160 questions and 5 hour time limit.
Good luck on the CISSP. I was always wondering about this exam. Something I may have to look into down the road. Taking the CISSP before it changes on the 15th of April?