Gse!!

I had finally obtained the GIAC Security Expert certifications on May 17 after going through a 2 years process of preparing and taking the exam. So here I am sharing the good news with the community with my preparation without any disclosure of the exam lab content itself.

The story begins 2 years ago when I had finally decided to go for the GSE Theory exam. The journey was indeed long and difficult, but it was definitely more torturous on the mentality than the actual preparation for the exam itself. Since this is not an ordinary exam, I took quite a while preparing the index using materials from all 3 courses for the GSE Theory. In the end, I took GSEC Windows and Linux, and all 6 books for GCIA and GCIH into the exam hall. I had also brought in the book team handbook written by Don Murdoch for the theory test.

The theory exam wasn't too difficult. I felt that I had over prepared for the theory exam after finishing it. Even though the exam had a time limit of 3 hours against 150 questions, I did not really used the books that much for the exam. However, comparing to a standard SANS exams with 150 questions which had 4 hours allocated for the candidates, the GSE the exam definitely requires the candidates to know his material content well. I walked out with a passed with 84% and about 30 minutes left (can't recall).

After getting the theory exam done, the next step is to book the lab. Initially, I had intended to went for the lab the same year which i had taken my theory. But I decided not to rush and spent more time to prepare for it, which led me to postpone the GSE labs exams until SANS October Vegas last year. To prepare for the GSE labs, I had tried to walk through the practical in GIAC course materials and make the best used of it. As for the reference materials, I had also added study notes from other certified GSE as part of my exam notes. The biggest challenge when preparing for the exams is that I had no idea if I am on the right track of the preparation. I eventually give up preparing for the exam and concluded that I might as well just went for it since there isn't anything else I can work on anymore.

Lab exam day comes, I was definitely anxious. Met up with some of the candidates taking the labs and discuss about how each other was preparing for the exams. Time went by fast and we proceed to register and get seated. There was about a total of 20 candidates who sat for the exam. After finding my seat, I swear there was something wrong with my assigned laptop not being able to connect to the shared server. Tried to follow the handed out instructions twice, I eventually reach out to the lab instructor like a total noob. The lab instructor was definitely helpful and come by to work on resolving my issues. But eventually, they couldn't figure out what's wrong and shifted me to a backup machine. Luckily, I am able to connect to the shared server with the new laptop which sort of calm me down a little.

Everyone starts pouring out their exam notes. Those who live in US can easily bring in more books. I even saw some of the candidates brought in a luggage full of SANS books for the exam. Since I flown in from Asia (and got some stuff in the states to work on), I do not the luxury of space. After some consideration, I went in with printed notes, blue team handbooks, SANS **** sheets and GSEC windows and linux.

Time flies really fast while doing the lab. There are so many things to write in for submission. Since I am can't disclose anything, I am going to skip the details. But we definitely had a lunch break at the end of each morning session. During the afternoon session, they also provide some snacks for tea break. Most people won't step out for the tea break, but I figured to go and grab some anyway. While it's really better to maximise every time available for the exam, I am one of those oddballs who believes in taking a break can help to perform better.

So two days went by... sort of in a similar way. I went out with a heavy heart as I felt I can perform better in some areas. I tried not to think of it. Based on the information from GIAC, they will take a month to mark the exam. During the waiting period, it is definitely a mental journey waking up expecting to hear the news. One month went by, and I got the email morning informing me of my GSE results... I did not meet the criteria to pass the exam. I was devasted... I thought I would have nailed it. Then there is an additional paragraph which reads...

For each person just short of passing GIAC asked the subject matter experts, "Would you be comfortable with this person as the top technical security expert in your company given this body of work?" The answer in most cases was, no. However, in your case the subject matter experts felt that with just a bit more seasoning and hands-on work to address your deficient areas that you would be ready to hold the GSE credential.

The original GSEs were all required to hold at least five Gold credentials before even attempting the GSE lab. Our analysis reveals that success rates are much higher among GSE candidates who do hold multiple GIAC Gold credentials.

This being said, GIAC would like to offer you a unique opportunity to complete additional work in the specified deficient domains to then be eligible to earn your GSE credential. In order to earn the GSE credential, it is required that you complete a GIAC gold hands-on research project in the specific areas where you were deficient. The research and writing work will give you additional hands-on skills and seasoning that would have been helpful to you during the GSE lab. Completing this additional research work will compensate for the deficient domains and demonstrate to GIAC that you do have the hands-on skills necessary to earn the GSE credential. GIAC staff will work with the gold program advisors to approve your research topic, which must be technical.

Apparently, I was given another chance to supplement for the GSEC domain which I had failed. GIAC had given me an additional chance to complete a GSEC Technical White Paper as part of the unique opportunity to obtain the GSE. Without any choice, I start of working on it as soon as possible after getting the result. Luckily for me, I had some past experience before from working on my GCIA Gold Paper. However, since I am not good at writing and explaining the concept I am writing on, hence the white paper took me around 6 months to finish it. After getting the paper cleared, they evaluate the paper and updated my name to the list of professionals to hold the GSE accreditation. I am so proud of it and was extremely delighted to be able to get a huge load off my chest and be part of the selected few to be able to hold such a prestigious accreditation!

NOTES Used

SANS Cheet Sheet
Blue Team Handbook
Cary Barker GSE Study Guide GSE | Cary Barker: Information Assurance dumping ground of doom
Joaquin GSE Study Guide (to get this, you have to join the GIAC Google Study Group and search for his name)
Read my GIAC GCIA Gold Paper for some additional insights of analysing pcap using cmdline effectively: https://www.giac.org/paper/gcia/8966/learning-dridex-malware-adopting-effective-strategy/128882

For anyone who is interested in my work experience, I had about near to 8 years experience and only had experience in SOC environments.

The lab exam is not hard. It is designed in a way that anyone can complete the lab, but it is just a matter of how long it will take to finish it. The GSE labs expect the candidates to know the domain knowledge well enough to be able to complete it within a very limited allocated time. If you are looking at the GIAC Course Materials and found that you can be more efficient in every area than what the course materials suggested, then you are very likely to be ready for GSE. Based on the List of GSE Professional list and the total number of candidates that I recall during my lab exam, only 8 out of 20 candidates that went to the lab had a direct passed.

Find more posts tagged with

Comments

gespenstern

Congratulations! That is HUGE! GSE is definitely at the top of the food chain!

b0Ris

Awesome write up. I am planning to go for this certification in the future and this was very helpful and informative.

JoJoCal19

Wow freaking congrats man!!! That's awesome! Thanks for the write up as well. That will be very helpful for when I start on prepping for it.

cyberguypr

Congrats on taming the beast. I may give it a shot one day when I grow up

UnixGuy

what a champion, fantastic journey! you earned it!

Well done!! I hope you get to work on a level that get you to use all the knowledge you've earned!

chrisone

Congrats! very cool write up! hoping to look into GSE sometime in late 2019 once I get OSCE, OSEE, GXPN, GNFA done. Ok, maybe in 2020 lol

al88

Congratulations!

I've always felt GSE is the kind of cert that if you take it .. you retire somewhere in the Caribbean.

However I know that is never the case

for some, it's even a new career level starting point. So my question, what's next for you? Career wise (considering you were always in SOC) and the next certificates (if any

averageguy72

Congrats!

Randy_Randerson

Huge props my friend! That is no small feat you have been able to accomplish. Soon as I get done with GWAPT and GCIA, I'll finally bite the bullet for GSEC just so I can sit for it. Thank again for the write up as well!!

LionelTeo

al88 wrote: »

Congratulations!

I've always felt GSE is the kind of cert that if you take it .. you retire somewhere in the Caribbean.

However I know that is never the case for some, it's even a new career level starting point. So my question, what's next for you? Career wise (considering you were always in SOC) and the next certificates (if any ).

Not sure about career wise. As for getting more certificates, I think I am done with certificates in general. Based on my experience working with people, there are some very talented people in this profession that is better than me even though they did not have any certs or experience to show it. In fact, I even had to learn from them and respect them for some of the amazing stuff they had done. I am thinking about moving towards researching and working on some GIAC gold since they show the exploration of the concepts instead of getting "just another paper". Not sure if you had came across some professional who hoard too much certs until they give the impression of being a certificate hoarder. This is one impression which I would definitely like to avoid. As of now, I would like to take a break first. I would check on techexams in this few days, so please feel to ask me any more questions if you have.

sb97

Congratulations and well done!

TechGromit

Congratulations, it's really a badge of honor. A GSE crushes a CISSP, I only hope present and future employers gives you the credit you deserve for all that hard work.

Donklander

Besides GSEC,GCIAH, and GCIH, which SANS course do you feel helped most with the written and with the lab?

LionelTeo

None, the content can change anyway. For each lab and practical related section covered in all 3 books, I would suggest trying to find out how can you be faster and more efficient than in performing the same task than what the books covered where possible.

MalwareMike

Awesome! I think this is the first review I have seen of the GSE, great read!

quogue66

Congrats and thank you for the great review. It was great to read about your experience and the process. I will start down this path in January of 2019 as part of the MSISE program. You answered a lot of the questions I had regarding the process and how you are graded. Thanks again!

Robicus

Congratulations - well done!

ccnpninja

Congrats!

mjs1104

The lab portion of the GSE is what scares me the most. I'm not looking forward to it at all. What did you do to prep for the lab part?

LordQarlyn

Congrats! Seriously, big congrats! According to my last visit to the GIAC website, there were only 199 people, in the entire world who have this certification. Knowing the process, and cost, this is a major achievement! I hope you broke out a nice bottle of Moet's for that!

TechGuru80

So not to be a downer but did you actually get your GSE number yet? Based on the original post, you still had requirements to fulfil so I’m sure we all want to know if it’s easy at that point with a “provisional” pass.

Robicus

He's GSE #199.

krucial85

I'm a little late but Congratulations! I'm considering taking the GSE but, like you referred to in your post, I don't want to be viewed as a certificate hoarder. I've been working diligently to get civilian certifications while I finish out my last couple of years in the military to become familiar with the "civilian way" of business and get the knowledge I lack in information security. I was once an Infantry Soldier and now I've transition to working with computers, I know a big change, and I want to be as prepared as possible when I enter the civilian workforce.

katawia

Congrats to LionelTeo and others for all your efforts and success in obtaining the GSE !!!

To whom it may concern:

I am at a cross roads and need some input.
Which is a better route to get skills to provide cybersecurity service (goal/objective) (eg: Malware/Exploit analysis/research or ...)?
In your response please consider the ability to use the SKILL SET as your response for me to FOCUS on.

1. Go the SANS GSE route?
GSEC, GCIH, GCIA with two Gold (GPEN, GXPN) + GSE exam

2. Go the Offensive Security route?
OSCP, OSWP, OSCE, OSWE, OSEE

Consider the following constraint/option:
1. If Money is an issue. (Employer will not pay for the courses)
2. If Money is NO issue. (I will pay out of pocket, attend live classes in the evenings and not use company time)

Please note:
I'm looking at building skills that will bring in the know how...the Money will follow (Please let's put morals like money is NOT everything and yada, yada, aside). I could also be doing this simply because I have the time (to do my hobby, which can also make me some money down the road) and money.
Of the two routes, which one will make me basically SKILLED
If I'm missing anything let me know...I'm doing this not for the certs but to simply Build Skills and provide services.
Please help !!!

TechGromit

katawia wrote: »

I am at a cross roads and need some input. Which is a better route to get skills to provide cybersecurity service (goal/objective) (eg: Malware/Exploit analysis/research or ...)

If the end goal is to do Malware/Exploit analysis, wouldn't a GREM be the way to go? Nothing against a GSE, but I believe it's more geared toward how to properly handle a security incident that occurred. Triage, analyzing how the attack took place, what was accessed / stolen, recommended mitigating actions to prevent it from happening again. This really isn't deep diving into Malware analysis or Exploit analysis.

I recently received an email from one of the GREM authors, they are considering creating an Advanced GREM version of the course, I barely passed the GREM, so I will not be pursuing this.

Hi all, My name is Anuj, and I'm co-author for the FOR610 Reverse-Engineering Malware course. We are developing a follow-on advanced reverse-engineering course that will cover topics including reversing encoding/encryption routines, kernel-mode debugging, Python scripting to automate code analysis, assessing code reuse, and analyzing VB, Delphi, and obfuscated .NET files. We would love to hear what else you would like to see in the new course, which is why I created this brief three question survey. (I removed the Link)

We would appreciate any feedback. Thank you! -Anuj

katawia

TechGromit wrote: »

If the end goal is to do Malware/Exploit analysis, wouldn't a GREM be the way to go? Nothing against a GSE, but I believe it's more geared toward how to properly handle a security incident that occurred. Triage, analyzing how the attack took place, what was accessed / stolen, recommended mitigating actions to prevent it from happening again. This really isn't deep diving into Malware analysis or Exploit analysis.

Thanks for the prompt response and sharing the email from Anuj. I sincerely appreciate your input. In the end and as part of my plan, I'll be taking GREM and GXPN as my subtitute for the 2 Gold certifications for the GSE. I know it will be tough but doable. If I'm not paying then I want get the skills and help. If I were paying, I may go the route you're suggesting. Once again thanks.

tboe

RockStar! Congratz