GSEC - Attempt without SANS training?

Hi all,

I was looking to find out your opinion on attempting the GSEC without taking the related SANS training? Reason, it's a lot of $ to get that training and my employer wants at least 3 of my kidneys to send me as it's not a requirement for my job. I passed the CISSP earlier this year via self study and previous work experience, was wondering if I could do the same for GSEC.

If so, what books/websites?
If not, anyone got any extra kidneys I can borrow?

Thanks,

Find more posts tagged with

Comments

chanakyajupudi

Hi

You could attempt the GSEC by studying up for the Blueprint for the exam. If you have the experience to back it up it should not be a problem.

There are some resources mentioned on the forum for the exam specifically too.

Let me know if you need anything else !

Cheers

I am attempting the exam in about a month or so but I have attended the training.

BGraves

Hi, thanks for your reply and suggestion!
I would be anxious to hear how you do on the exam, best of luck!
I will check the forum for the resources you mention!

beads

There are no after market books for any of the SANS courses. Though I would certainly be sure to look for any SANS "**** Sheets" off the SANS websites (SANS, GIAC) as well. Know your directory structures for Windows and Linux and a complete command line **** sheet(s) for both as well. The rest? Well, Its been years since I took that exam so start with the blueprint of the exam and build a small arsenal of reference material and boil it down to both the material and an Excel spreadsheet to tell you where the information is or isn't.

- B Eads

BGraves

Ahh, thanks for that input beads, much appreciated! I had hoped to get in a real SANS course but my bank account is being drained by other certs at the moment. Maybe I'll tell my wife I'm saving up for a vacation for us....and then....nevermind...she'd kill me!

LionelTeo

Yes you can,

GSEC is CISSP with the software development and harware architecture domain replace by Windows and Linux Hardening. An a small portion introduce to GCIA.

The books I recommend is

CISSP Study Guide (2nd Edition) (Eric Conrad)
- Minus Hardware Architecture
- Minus Software Development
Microsoft® Windows® Security Resource Kit
Linux Administration: A Beginner's Guide, Fifth Edition
Internet Core Protocols

Additional Time
Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course

It may seems like you have to read a lot, but yes, since you are not going for the actual course so you have to read more to covered on the broader scope to pass the exam. Otherwise, you would have to ask for kidney to donate.

Good luck

BGraves

^Lionel,
Thanks for the tips! I already own the Eric Conrad Cissp study guide from taking my CISSP, so that's a bonus! Looks like I can pick up the Microsoft and Linux books on the cheap on Amazon so I'll start there!
Thanks!

JDMurray

You might also look at the Network Security Bible by Eric Cole. Dr. Cole is the author of the GSEC course and has taught it for the past 15 years.

tprice5

What specific stipulations is your employer trying to impose in the event they send you to training? Just curious.

BGraves

@JDMurray, Ahh that is excellent information to know! Thank you! I will have to look this fellow up...

@tprice5, My employer would provide a certain amount towards the training in exchange for "a year or two of my life" or I pay back the full amount. Evidently they've been burned in the past by employees getting certs and training and then leaving to get paid better elsewhere, so this policy is somewhat understandable. However, the amount they were discussing wouldn't even cover the cost of a SANS 5 day event, let alone the hotel/cert cost. I have considered work study opportunities but for now I think it might be best to try to pursue it on my own, as I was able to do so with the CISSP and all other certs I have taken. If SANS STI masters becomes accredited, that might provide me with another route as I could potentially use leftover GI Bill money to cover some of the cost as well. ^^On a side note, I didn't realize a Secret Security clearance counted as a certification!

I should put mine on there!

tprice5

BGraves wrote: »

^^On a side note, I didn't realize a Secret Security clearance counted as a certification! I should put mine on there!

Haha, You joke but I consider it much more valuable than a number of the certs I hold. It has made me eligible for jobs I wouldn't have been otherwise. Enlisted guys take their TS for granted. It's not something you can study for, or even pay for, to receive. Anything to separate me from the pack. Although if you have one, you know how valuable it is ... right?

Edit: Fixed quote

BGraves

Haha just poking fun

I like having mine I guess but I'll probably end up letting it expire. It did come in handy when I applied/worked a job as a contractor on a Navy base in the Bahamas though...so that was a plus.

tprice5

BGraves wrote: »

It did come in handy when I applied/worked a job as a contractor on a Navy base in the Bahamas though...so that was a plus.

Yeah, that's what I'm currently doing but I'm out in the middle east. Would like to get out of the contract game at some point but it really is the best way to get exposure to an enterprise environment at my age. The clearance kind of weeds out some of the competition, as does the certifications per 8570. The pay isn't terrible either.
How did Bahamas pay? I might try Hawaii after a few more years here. I just like the option of being able to see parts of the world I wouldn't otherwise deem feasible due to high airfair costs.

This is only vaguely related to the context of our conversation but I like to tell people this every chance I get. SAIC offered me $45,000.00 for a sys admin position in GITMO. Let that sink in..

BGraves

Haha, I interviewed with SAIC and another IT contractor company (i forget their name) and they both offered way under what I was looking for! I took the bahamas job more for the location and less for the $ myself. It's a better place for someone winding down their career and looking to retire than it is for someone looking to grow, so I moved on after a year and went to the private sector. I do miss the climate/weather though but island life is hard!

theroamingjoe

BGraves wrote: »

Ahh, thanks for that input beads, much appreciated! I had hoped to get in a real SANS course but my bank account is being drained by other certs at the moment. Maybe I'll tell my wife I'm saving up for a vacation for us....and then....nevermind...she'd kill me!

You might try applying for the work study option SANS has. I did this and I'm now registered to help facilitate the class here in Columbus in December. It brings the cost down to around $900 and this includes course materials. If you live close to the event (which I do) or you stay at the hotel where the event is being held you can also get the exam for free (which I did). Since you'd be helping out in class and may sometimes have to pull your attention away from the lectures or exercises, you get access to the OnDemand version of the course too.

So I got:

SEC401 OnDemand Bundle - $449
SEC401 Community SANS Columbus - $3910 (if paid by 10/30)
One exam attempt - $579

All for $900.

Doesn't hurt to apply and see if you can get in.

EDIT: Here's the link... https://www.sans.org/work-study
EDIT2: I see you already considered Work Study. I'd reconsider that consideration.

swish45

LionelTeo wrote: »

Yes you can,

GSEC is CISSP with the software development and harware architecture domain replace by Windows and Linux Hardening. An a small portion introduce to GCIA.

The books I recommend is

CISSP Study Guide (2nd Edition) (Eric Conrad)
- Minus Hardware Architecture
- Minus Software Development
Microsoft® Windows® Security Resource Kit
Linux Administration: A Beginner's Guide, Fifth Edition
Internet Core Protocols

Additional Time
Network Security Bible (Eric Cole) *Someone reviewed on the Amazon page that they use it along for GSEC course

It may seems like you have to read a lot, but yes, since you are not going for the actual course so you have to read more to covered on the broader scope to pass the exam. Otherwise, you would have to ask for kidney to donate.

Good luck

Hello LionelTeo,

Thanks for the advice. I hope go through the above material before attempting the GSEC.

Question, the Microsoft Windows Security Resource Kit is an old book published in 2005. Is it still relevant to the GSEC exam.
If not, can you recommend and alternative?

Thanks.

NovaHax

Dynamik...another user on this site...has managed to challenge and pass EVERY GIAC exam...No joke...EVERY last one.

Here is his post on eh forums about how to do it:

https://www.ethicalhacker.net/forums/viewtopic.php?f=90&t=11757#p62170

I'm planning on giving it a whirl soon. But it sounds like a very solid and well thought out approach.

docrice

I never realized he had challenged virtually all of them. That's fantastic. And quite frankly, I think it shows he knows this material quite well because if you're approaching an exam based merely on a public syllabus and finding existing resources from non-SANS courseware, you'll probably be investing much more time digging up information and soaking it in to up your chances at passing the exams.

This is a far cry from someone like me who has the inherent advantage of referencing the courseware and being able to answer exam questions correctly because they were written based on that courseware.

NovaHax

docrice wrote: »

I never realized he had challenged virtually all of them. That's fantastic. And quite frankly, I think it shows he knows this material quite well because if you're approaching an exam based merely on a public syllabus and finding existing resources from non-SANS courseware, you'll probably be investing much more time digging up information and soaking it in to up your chances at passing the exams.

The guy is a machine. I actually work with him. And he makes the rest of us look bad, lol. He has nearly the full lineup of OffSec certs, to include OSWP, OSCP, OSCE, OSEE. And on top of having the full lineup of GIAC certs and his GSE, he's also one of only 10 people in the world who has achieved the titles of both the Red and Blue team SANS Cyber Guardian.

An awesome resource to have on your team though.

LionelTeo

He is an inspiration to me, and I am also going down that path. Its possible, but the amount of time he spent on studying, I am sure he deserve that after having all that hardwork. I started mine studying streaks 2 years ago, and reading approx 600 to 1200 pages every month, and naill all my 8 security certifications in 2 years, unless the book I am studying is relatively difficult, I slowed down and take sometime to study. Now I am moving to OSCP, I had to delay my course till september this year because I want to touch on every great book I can find on amazon before going, then move on to recertify all my GIAC certs before attempting GSE in 2016, then I will move to clean up all GIAC certs challenge one by one. I had been doing recons on books by GIAC instructors and GIAC certification holders and other great possible books and sharing them on the first thread of this forum.

So far my planned path is

OSCP -> GSE -> GXPN -> GWAPT -> GSNA -> G2007 -> GCPM -> GSLC -> G(all forensics). I planned to have them in the next 4-5 years, hopefully everything is smooth and I can start posting all the books I self study for. OCSE will come in somewhere in between I am not so sure where to place it for now. I am only 27, hope I can be a beast by 33

realPSI

Old thread but I found this book today and wanting some feedback if anyone has seen or used it:
GSEC GIAC Security Essentials Certification ALL IN ONE EXAM GUIDE
ISBN 978-0-07-182091-2
Author: Ric Messier

LionelTeo

The books seems good to me given his GSEC and CISSP education background, I would not put all the eggs in one basket and pick up Eric Cole book to read along. Its best to cover more if your challenging an exam.

WilliamK99

I am hoping to challenge 401 as well. I currently hold CISSP, GSLC, GCIH, and currently taking GCIA. I also hold the CEHv8 certification. I was told I needed 401 to help me gain an edge on switching jobs in the Army. What books are you allowed to take into testing center if you are challenging the exam? Thanks.

LionelTeo

Any books that is not electronic and does not violates copyright would be eligible.

JDMurray

You can take any paper into the exam room. You'll still get a dry erase board and marker despite having all of that scratch paper with you.

I would suggest using a testing center that has a history of hosted GIAC exams, otherwise the proctors may not fully understanding why you should be allowed to take an arm-load of books into your exam.