GPEN passed...

I took SANS 560 back in March at the Orlando conference which I wrote about here:

http://www.techexams.net/forums/sans-institute-giac-certifications/87391-sec-560-sans-2013-orlando.html

After pushing back my exam date several times, I finally willed myself into sitting the exam before the four-month clock ran out. By this point I pretty much didn't care whether I passed or failed. I just wanted to get back to work and get stuff done.

I managed to complete my thirteen-page index in the last week and sat for my three-hour exam today. It took me a little over two hours, but I survived with a score of 93%, which was better than the 87% on my practice exam that I sort of rushed through a few days earlier. Not a score with a lot of bragging rights, but it's above that psychological barrier of 90% which I missed with my GAWN exam earlier in the year. A hundred and fifteen questions seem to stretch out after a while, and I skipped four questions since they required more mental effort. At the end of the exam, I finally had to answer those and they turned out to be a bit easier than I thought.

The test questions were decent, although I had a couple of near-repeats. There were a also couple of questions which I felt were subject to different interpretations and thus answers.

This felt like a typical GIAC open-book exam experience. It was a bit harder than some of the other GIAC exams I've taken. I wouldn't say that SANS 560 is the pinnacle of pentesting courses, although I found it well-structured and a joy with Ed Skoudis teaching. If you've worked with Windows, Linux, and networking, you'll have a good base to go through the course and exam. If you're missing one of these areas, life will be much harder. You definitely need basic Linux skills, and I saw at least one Windows/Cisco guy struggle a bit during the CTF in Orlando. Luckily my career background as a generalist has covered a lot of these areas which 560 dives into. GPEN is mostly about network and host pentesting, although there's some web application and wireless topics thrown in to round it out.

SANS-wise, the next step would be 660 - Advanced Penetration Testing, Exploits, and Ethical Hacking. My co-worker just signed up for it so it'll be interesting to hear his experience. I'd prefer to do OSCP before I attempt 660, but OSCP requires an enormous months-long commitment, something that I simply am not able afford at the moment. I love the Offensive Security approach to training though.

So there it is - another somewhat meaningless four-letter label next to my name with another plaque to throw into the file cabinet. Not to put down the GIAC program or certifications in general, but it's not like I'm ready to do some serious real-world pentests now on my own just because "I'm GPEN-certified." SANS 560 and the GPEN exam was a good packaged experience in getting my feet wet and hopefully better informed as a enterprise defender. I'll no doubt sign up for more SANS training in the future, although I'm starting to question whether I'll pursue the associated GIAC certification or instead use the funds to buy equipment for more hands-on practice opportunities. Training is fun, but infosec professionals tend to not give a damn about the alphabet soup itself.

On a side note, I decided to check the giac.org website five or ten minutes after finishing my exam. My name and GPEN achievement was already listed. It almost feels like the process is all automated now.

Find more posts tagged with

Comments

chanakyajupudi

Congratulations on the pass !

Master Of Puppets

Congrats! Thanks for the great review.

cyberguypr

Congrats!

azmatt

Congrats and as always, thanks a ton for your thoughtful write ups. I'm taking my GWAPT exam next week and your insights helped me out quite a bit.

YFZblu

Congrats - Nice work

billyc123

Ccongraduation to Docrice !
Would you mind share your thirteen-page index and your notes to us ?
Write some tips that how you prepare for the test, what type of material
other than the standard SANS courseware book you use?

This will help others pass the tests !

Many thanks

CoolAsAFan

Congratulations sir! A few questions if ya don't mind?

docrice wrote: »

Not to put down the GIAC program or certifications in general, but it's not like I'm ready to do some serious real-world pentests now on my own just because "I'm GPEN-certified."

Hey docrice, I was curious as if the above statement only applies to GPEN or is it valid as well with the plethora of other GIAC certs that you possess?

And a follow-up if you don't mind...Given your experience with these certs and your knowledge, if you could pick a top 3 list of intermediate or advanced certs that would prepare you "to do some serious real-world pentests", what would they be? Or is experience a major factor here?

I am just curious because I was planning a similar cert path after I finish my degrees and those bad boys are expensive so I want to make sure that its the right path for me. I'm also wondering if an OffSec path would be more beneficial? Thanks for any input!

docrice

billyc123 wrote: »

Would you mind share your thirteen-page index and your notes to us ?
Write some tips that how you prepare for the test, what type of material other than the standard SANS courseware book you use?

As a personal rule, I don't share my index. The reason being is that my index is very tailored to me; specifically, it only has basic book section references and some bullet points to quickly summarize areas I'm weak in. Otherwise I just list the book reference locations. This keeps my index as short as possible while allowing me a quick lookup mapping to the appropriate book/page, and that's about it. This format will probably not work for many people.

My prep was pretty standard - take the course, do the CTF, listen to the MP3s, read the books, take notes on my weak areas, review my index, then take a practice exam. I've never taken the second one. This process works for me, but everyone's learning method can be a bit different. The course material (and work experience) is the only thing I used. Keep in mind that much of the material was not new to me.

GIAC tests are pretty much structured from the SANS course, so if you take the course and have a decent grasp of the material, there's really no excuse to fail.

CoolAsAFan wrote: »

I was curious as if the above statement only applies to GPEN or is it valid as well with the plethora of other GIAC certs that you possess?

And a follow-up if you don't mind...Given your experience with these certs and your knowledge, if you could pick a top 3 list of intermediate or advanced certs that would prepare you "to do some serious real-world pentests", what would they be? Or is experience a major factor here?

I am just curious because I was planning a similar cert path after I finish my degrees and those bad boys are expensive so I want to make sure that its the right path for me. I'm also wondering if an OffSec path would be more beneficial? Thanks for any input!

The more certifications and experience I get in the field, the more I realize (and validate) how the attained certifications mean little with respect to practical representative abilities of candidates. I sense that the certs inflate the expectations of others as a measurement of competency in a given subject area, especially to those who are relatively new to the field. This includes the GIAC certs that I've achieved. I don't want to sound like I'm overly-criticizing GIAC, but I just want to emphasize that seeing these on a resume are only indicators of interest, harsh as that may sound. I still think the SANS/GIAC combo is a solid package in the introduction/continuing education of an infosec career. There's a reason why they have a loyal following and I keep taking their classes (even though I keep saying I'm burned out).

I think the training is definitely good, establishes good mindset, and starts you off in the right direction, but infosec is not a point-and-click experience. The field requires being able to funnel a lot of background knowledge and balance risk/rewards in dynamically-changing situations. That's one of the real challenges, in my opinion, and not something that can be effectively taught in a single course. This is especially true for pentesting. Network pentests requires a solid understanding of skills attained in non-security courses and gained through equivalent work experience.

I have not taken the OSCP, but from my impression that course will probably give you a better taste of what real-world pentesting is like. It's about having the background knowledge, a creative insight, a lot of customization (scripting, etc.) for different engagements, and lots of experimenting combined with banging your head against the wall until you improvise a clever solution. The "ah-ha!" moment of clarify often takes a while to come around, if it ever does. While SEC-560's CTF has some of that, it's still relatively basic. It's not super-grueling like it can be in real life.

Aside from the OSCP, if you want a near-equivalent of SEC-617/GAWN, I'd read Hacking Exposed: Wireless. For SEC-542/GWAPT equivalent, there are plenty of books on web app hacking and there's the OWASP Broken Web Applications Project that you can play against. Learning these things doesn't require taking security classes. Much of it can be achieved on your own with little investment.

For really busy career professionals like myself where time is an extreme premium, the SANS training becomes a nice convenience and they package it up well enough that it brings us up to speed on the basics relatively quickly without having the overhead of "trying harder." That's the real value from SANS, in my opinion.

But that's also the differentiation - those that try harder and put in that extra mile gain an additional edge that doesn't come from courses which hand-hold you through the process ... and makes for a more effective security professional as a result. In theory, anyway.

jplee3

Great job and congrats!
I think the GXPN as the next step makes sense. I also hear that OCSP is more hands-on/real-world and GXPN is really great for theory/concepts and overall understanding of what's going on and why. Sitting for the GXPN and failing was certainly a humbling experience that has made me re-think why I'm really interested in this field... in many ways, it's scared me off already.

ChooseLife

docrice wrote: »

The more certifications and experience I get in the field...

Good write-up, thanks for sharing your thoughts on this!

and congrats on the pass!

ccnpninja

Congrats!

cyberguypr

I love how you start the post by saying to find a 2011 SANS book online and print it. That is immediately followed by "Exam Dupms" (sic). Golden!

I hope someone like you never comes across my desk for an interview. Well, on second thought, I hope it does happen. It should be fun.

impelse

I already put it in the black list, and he expect to be hire in security cheating on the exams, his ethic is low

EngRob

Who in their right mind would post on a certifications forum about using **** and pirated materials to pass a SANS course, which completely violates the SANS terms (and ethics), and then identifies themselves by linking their Linkedin account?

I find it hard to believe this is really posted by this person. The blog only has this this post as its sole article, and the tech exams account was created on the same day. Seems like a smear campaign or something.

If it is true, shame on them. Unless they're following GhostShell's footsteps or something and just want to come clean.

cyberguypr

I am here cracking up with something I missed from his LinkedIn profile:

"Certified Ec-Council Instructor ( CEI )"

impelse

LOL, this is the kind of instructor who gives the **** exams to the students, Pass Guarantee %100 ,LOL

DAVIS NGUYEN

Congrats!