Passed GPYC - Any questions?

ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
I haven't seen many reviews or posts on this, so I thought I would contribute something. On-demand is my training mode of choice, so I was not in a live classroom.

SEC573: Automating Information Security with Python was solid. Days 1 and 2 were a Python primer, Days 3 - 5 were dedicated to Defensive, Forensics and Offensive Python respectively. As usual, the training incorporated a nice balance of conceptual and pragmatic learning. I found it very useful and was pleasantly surprised by the concise section on Regex.

The exam wasn't very challenging, but I came in with some familiarity with scripting. Additionally, my last GIAC exam was GXPN which was pretty difficult. That may have skewed my impression. Either way, I spent less time studying for this as I did other GIAC exams. No code writing, just standard multiple choice.

I should point out that my purpose was almost entirely to strengthen my scripting skills, and I found the training very valuable in that regard. Taking the exam was more about showing immediate value to my employer.

Comments

  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    I've read from a few sources that youre better off buying the violent python book and saving a ton of movie...and using that money on a different sans course. Thoughts?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    I see why someone who is already skilled in Python scripting might say that, but I don't know that it's true as a blanket statement. Violent Python is a cookbook, not comprehensive training. It's not out of bounds for beginners, but they would need a lot of supplemental material to be get to the point where they would be comfortable with its content.

    For example, Violent Python covers both lists and dictionaries in a single page. That leaves a lot of blanks to fill for those inexperienced in coding. Of course there are other avenues for filling in those blanks that are far less expensive. I guess I would say that if someone is experienced with Python or other scripting languages, I agree that the SEC573 is unnecessary. Those lacking in experience would find it valuable but not necessarily worth cost if they're paying out of pocket.

    But for those lacking in experience (and who have funding from their employer), the PyWars labs alone are extremely helpful. The training can really help you get up to speed if you want to get your parsing, analyzing, automation and tool development skills off the ground quickly.
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    Awesome response, thank you. What are the PyWars examples like and how many are there?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    There are 53 standard pyWars questions if you take the class in any format. I know if you take On-Demand, there are another 30 "bonus" questions or so. Each question has a simple or scenario based question with corresponding dynamic data that you have to take some action on. For example, question(5) has .data(5) that must be processed in some way to get the answer.

    Because the data is dynamic, you are encouraged to use functions and variables in your solution as opposed to static numbers and strings. I think there is also a short time limit before any .data() becomes stale, which also pushes you toward using functions.

    I'm sure I can get into specifics, but the exercises range from returning a sorted list of elements to more complex scenarios where you have to loop through a file, parsing out data patterns (like SSNs) using regex.

    There is a also a local instance of the pyWars server provided when you purchase On-Demand, so pyWars is available even after the access to the online lab expires. Documentation shows it has the the first 53 questions, but not the bonus ones.
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    How does this course compare with the Code Academy course? I've completed that one, but am interested in learning Python in a more useful context. Would this course be a good logical next step, or is there too big of a gap between the two?

    Oh and, congratulations!
  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    Thanks! I haven't taken the Code Academy course, so I can't really comment on how they compare.
  • kkershkkersh Member Posts: 1 ■■□□□□□□□□
    Hi @ITHokie sorry for such a delayed question, but I was wondering if one needs to focus heavily on intense regex for the exam? It's definitely one of my more troubling aspects of the course.
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    @kkersh there will definitely be a fair amount of regex questions on the exam.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • ITHokieITHokie Member Posts: 158 ■■■■□□□□□□
    There were a few regex questions, but I think I can only remember one that I would describe as intense. The others I thought could be "intuited" by understanding the basic concepts. Just make sure you do the labs and know the basics. If you encounter 1 or 2 that are really challenging, move on after a few minutes. Make sure you have time to knock out everything else that is more doable. I say this because some of the questions can take a little time since you'll need to trace through a script or function. 
  • simpleply1simpleply1 Member Posts: 1 ■□□□□□□□□□
    Are questions pattern similar to practice tests offered by SANS or different?
Sign In or Register to comment.