SEC504 Course and Exam (Passed)

So I feel owe the community my experience with the SEC504 course and the exam itself. Let me give you some highlights of both

Course - Ft. Lauderdale, FL (Nov) with Kevin Fiscus

First of all, let me say that Kevin Fiscus is the truth. The guy knows his stuff, understands how to teach by keeping students engaged, and is very entertaining. Highly recommend him.

The class would normally start from 9am and end at about 5pm. There is A LOT of material to cover in such a short period of time so it is definitely drinking from a water hose.

The course itself is theoretical and practical. You will learn about session hijacking or SQL injection and follow up with a lab to reinforce what you learn to give you a better understanding of the material. This is a great way to learn.

I have Microsoft certifications and also the CISSP, this is far better in terms of content. By understanding the different hacking techniques used in the real world, we can better defend our organization and respond appropriately. I plan on taking some additional SANS courses in the future, maybe 1 or 2 per year.

Exam - Yesterday

I'm a very busy guy, work, finishing up my undergrad, family and coaching soccer so I didn't have much time to study. What did I do to pass? (I don't recommend this approach, but it worked)

While at work and during my workouts I'd listen to the mp3s to reinforce that knowledge. I played them at 1.5x the speed in order to finish them faster.
Thursday night I took my first practice test without a book and made a 64% (yikes)
Friday night I began making my index, took me about 4 hours (7pm - 11pm)
Saturday at midnight, I took the exam using the index I created and my books which resulted in a 72% (passed, yay... still yikes but was half asleep as I finished the test at 3:30am)
Saturday at 2:00pm was the moment of truth - I had enough time to look up just about every question to confirm my understanding. I had 3 minutes to spare, but I will say that a good index is the golden ticket.
Passed with an 88% (wish I made a 90%)
Make sure you understand the concepts because there are some practical questions!!!!!!!!

All in all, it was definitely worth it and it was another cert on the books. I am going to share my index although it's mostly frowned upon here, but might help someone out. PM me directly if you want the index.

Find more posts tagged with

Comments

chanakyajupudi

Congratulations!

cyberguypr

Congrats!

5ekurity

Congrats Abel, it was nice chatting with you in class a few times. I'm sitting for it this Friday 3/18.

the_Grinch

Congrats!

EngRob

Congrats! I was in the same class with Kevin.

IaHawk

Congrats! GCIH is up next for me!

JoJoCal19

Congrats on the pass! I feel ya on the 88. That's what I got on the GSEC.

Robicus

So awesome! Thanks for sharing!

Congrats

TechGromit

abelamorales wrote: »

Thursday night I took my first practice test without a book and made a 64% (yikes).

Congratulations on the pass, but I think you pissed away one of your practice tests. They shouldn't be used as a challenge, to see if you can pass the test without an index. Since you must have had the test already scheduled for Saturday, taking the 1st practice test a few days before the exam isn't enough time to study if you found that you were no where near ready for the exam. While you did pass in the end, I think you took quite a risk trying to cram everything in a few days before the exam.

Personally for such an expensive exam, I wouldn't have taken that kind of risk.

abelamorales

TechGromit wrote: »

Congratulations on the pass, but I think you pissed away one of your practice tests. They shouldn't be used as a challenge, to see if you can pass the test without an index. Since you must have had the test already scheduled for Saturday, taking the 1st practice test a few days before the exam isn't enough time to study if you found that you were no where near ready for the exam. While you did pass in the end, I think you took quite a risk trying to cram everything in a few days before the exam.

Personally for such an expensive exam, I wouldn't have taken that kind of risk.

Thanks for the feedback, TechGromit - the approach I took was recommended by the instructor (I never took a GIAC exam before so I listened) Definitely risk, but I had to take the exam last week, I believe it was my deadline. At the end of the day, I'm happy I passed.

TechGromit

Someone rep me this, I just wanted to respond.

"You seem a little upset. Are you mad he has GCIH and you only have GSEC? It was his practice test, he could have marked A for every question if he wanted to."

I just look at it not the best advise for others, to cram two practice tests and make an index three days before the exam isn't the best strategy for passing the exam. Abelamorales was kind enough to sent me a copy of his index, it was 300 entries with no details. It worked for him, but I couldn't pass the exam with his index, guess I'm not as bright as him.

abelamorales

TechGromit wrote: »

Someone rep me this, I just wanted to respond.

"You seem a little upset. Are you mad he has GCIH and you only have GSEC? It was his practice test, he could have marked A for every question if he wanted to."

I just look at it not the best advise for others, to cram two practice tests and make an index three days before the exam isn't the best strategy for passing the exam. Abelamorales was kind enough to sent me a copy of his index, it was 300 entries with no details. It worked for him, but I couldn't pass the exam with his index, guess I'm not as bright as him.

No hard feelings dude, what works for me may not work for you and that's fine. I'm happy with my end result, talk about ROI on time. (1 week of SANS training, 2 nights of studying, and 1 day to take the exam)

So the purpose of the index is for you to have the ability to easily flip to the book and page to research/validate your answer. The index was great because there were tools I didn't recall that I put on my index and was easily accessible. Use the index I created and add the details you need - just know that the index worked well enough for me to make an 88% on the exam so tune it your needs.

bsjj27

I would be interested in checking out your index, I'm taking SEC511 not SEC504, I more so want to see how your formatted it. I've been taking IT certifications for over 15 years and this is the first time I've taken a Sans course. I was surprised that it was opened book, I've never heard of that before.

abelamorales

bsjj27 wrote: »

I would be interested in checking out your index, I'm taking SEC511 not SEC504, I more so want to see how your formatted it. I've been taking IT certifications for over 15 years and this is the first time I've taken a Sans course. I was surprised that it was opened book, I've never heard of that before.

Same here, but I think it's reasonable considering professionals reference sources all the time. Send me a PM with your email and I'll shoot you the index.

TechGromit

abelamorales wrote: »

So the purpose of the index is for you to have the ability to easily flip to the book and page to research/validate your answer. The index was great because there were tools I didn't recall that I put on my index and was easily accessible. Use the index I created and add the details you need - just know that the index worked well enough for me to make an 88% on the exam so tune it your needs.

Just for a comparison my index for the GSEC was 1800 entries with short descriptions for every entry, printed landscape. I currently have 260 entries in my GCIH index and that's just for the first book, I have another four books to go.

I just accessed my Mp3's last night for the first time. They now include a zip file that you can download and listen to offline. I copied the first 6 lectures to a CD and listened to part of the first book, 2nd lecture on the way to work today.

abelamorales wrote: »

1 week of SANS training, 2 nights of studying, and 1 day to take the exam

I see you have a CISSP, may I ask how long you studied to pass that test? I'm planning on taking that exam within the next year and was planning to spent 6 to 9 months preparing for it.

abelamorales

TechGromit wrote: »

Just for a comparison my index for the GSEC was 1800 entries with short descriptions for every entry, printed landscape. I currently have 260 entries in my GCIH index and that's just for the first book, I have another four books to go.

I just accessed my Mp3's last night for the first time. They now include a zip file that you can download and listen to offline. I copied the first 6 lectures to a CD and listened to part of the first book, 2nd lecture on the way to work today.

I see you have a CISSP, may I ask how long you studied to pass that test? I'm planning on taking that exam within the next year and was planning to spent 6 to 9 months preparing for it.

That's a bit overkill for me because there is a lot of redundant information. I mean you'll probably be able to score higher than me because at some points I took some educated guesses based on my experience. Good luck and let us know how that goes!

So the CISSP is a different beast within itself. I used Clement Dupuis CISSP videos to learn the material as he makes it interesting enough and I also used the practice tests. This was really a total of 2 months for me. Then I spend $3K with InfoSec Institute (including exam [out of pocket]) for the bootcamp. This was great because it put me into the CISSP mindset and my brain was numb for an entire week, nonetheless I made some great contacts there. Anyway, 5 days later, I took the exam and had to wait 6 weeks before getting my score since I was one of the early birds to take the new exam under the new domain structure.

My biggest advice for the CISSP is to understand the concepts. Make sure you're doing well on your practice exams and whatever you lack in, make sure you brush up on and understand why you got the question wrong. There is no such thing as magic, so don't just accept the answer and memorize it because there is an explanation for it. I will say that the CISSP also paid off dividends in my career - if you'd like to chat offline, I'd be more than happy to do so. I am thinking of getting a soft-skill cert such as the CSM because sometimes we focus too much on the technical and forget how important soft skills are in our profession.

5ekurity

I'll add my $.02 with regards to the CISSP question.

It took me about 4 months of self-study juggling the test prep and life. As Abel said, don't just accept the answer and memorize it because there is an explanation for it. I found it most valuable to take a concept (i.e. Brewer Nash / Chinese Wall) and put the explanation into my own words, and be able to explain it to another 'techie' for validation. When I was able to successfully teach others, I knew I was ready for the test.

As far as materials used: Shon Harris CISSP book, Conrad 11th hour, and SelfTestSoftware practice tests.

ccnpninja

Congrats!

the_Grinch

I studied for 60 days straight before passing the CISSP. I work in security so that helped to a degree, but as it is always said "think like a manager and ISC2". I used the 11th Hour, some notes from a friend who wrote a course and teaches CISSP and Cybrary.it videos (these were essential). Haven't seen the new version, but my understanding is the Cybrary.it videos are still very useful.

mazx

Congratulations!

gncsmith

Congrats!

Mady123

Hi took two practice tests and gave my first attempt in May and got only 65%. Really feeling hard to give exam this month with managing baby and this is the attempt where I have to clear the exam to finish my goals at work and I am at cutting edge.

Please guys someone help me with tips on indexing or good study materials. I managed to get a copy of SANSbooks and reading them for now.

.

I made index of myself with 78 pages so far and it is not ending at all. Whatever I read and feel I am keeping it in index and it is keeps growing every time I read and wish to tweek Somebody Please please please help me with your index so that I can change mine accordingly. masamikeri at gmail dot com.

cyberguypr

We had this conversation the other day. What are you expecting to get out of someone else's index? I know everyone is different but 70 pages sounds almost unmanageable to me. I'm no expert and my index was just 13 pages. It sounds like you are either writing too much or not using the page in an optimal manner. You can take a peek at what I did for this test here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html.

docrice

Mady123 wrote: »

Please guys someone help me with tips on indexing or good study materials.

I'll be blunt - it sounds like you haven't absorbed the material sufficiently. If you have to rely heavily on an index to find the answers to the exam questions, you're simply not ready. An index is there as an occasional aid, not a constant reference. In my experience, GIAC exams provide more than enough time to complete the exam, provided you have a solid understanding of the material. If you have to reference an index often or constantly look up the books for most questions, you will run out of time.

Mady123 wrote: »

I managed to get a copy of SANSbooks and reading them for now.

If you have the courseware and the lab materials, you have everything you need to prepare for the certification exam. That said, if you didn't obtain the courseware legitimately (that is, take the class through official means), you have to understand that the SEC504 material likely gets updated frequently to keep up with the times and the books you have may contain outdated content. It is also against the courseware license agreement for someone to pass along the class books to someone else.

It sounds like your continued employment at your current job is contingent upon passing the exam. Therefore your objective here seems to be more about obtaining the certification rather than really comprehending the material.

Mady123

No offense, but guys here seem to taking things in a manner of harsh and responding. I started documenting all of the good stuff I found useful and ended up with more index.I can surely revise and reduce it.May be not to the extent you guys did.But May be little more.and got copy of books through sans self study .and it is my goal to study and learn incident handling and so opted for gcih and my job does not dictate me to have it.It would be good for highly technical people like you to advise and encourage instead to find faults in others.

docrice

If you got your books through SelfStudy, that's fine. We occasionally get some people on this forum who just want some easy button method to pass the exam and we don't look kindly upon that.

My original opinion still stands - if you're getting 65% on your practice run (and assuming you're using up all the hours allotted to the exam) you're just not ready. If this material hasn't become semi-natural to you, you have to go through the books and labs again. There are multitude of concepts in 504 which requires seeing things from both defense, offense, and incident management which is not a trivial task. It gets harder and harder from here, especially when you get into incident response. Your practice exam should've broken down the areas you were weak in. Use those as your guide.

If you don't find yourself clicking with the course content within the next couple of weeks, you may need to extend out your exam date. I do not recommend rushing through this to get to the finish line.

Mady123

Thanks docrice.that would be a valuable suggestion.I will see if I can get extension.

cyberguypr

I concur with docrice. It seems the material has not been absorbed to the point where you could comfortably pass. I fear you may rely on the index too much and then be in for an unpleasant surprise on exam day. Yes, you need to trim that index down, but more important, you need to make sure you understand the concepts.

gwood113

Congratulations on the pass.

cyberguypr

Most of us are reluctant to share indexes because it's a very personal thing tailored to each person. Creating them is an integral part of the learning process. If you want to refine yours check out the threads here on how to create them.