GSEC suggested self-study route?

For those of you who have successfully gotten the GIAC GSEC cert, what was your self-study road-map?

Thanks for the suggestions.

Find more posts tagged with

Comments

iVictor

I think Network Security Bible is a useful book to GSEC preparation. But those who have passed GSEC should be in a better position to recommend additional self-study resources.

docrice

I went through SANS 401 so I didn't do the self-study route. That said, recommending books specifically for the 401 is quite difficult since the GSEC exam by design covers such a wide range of topics. You'll need to know a little bit of practically everything - crypto, networking, Windows, UNIX, physical security, risk analysis, wireless, virtualization, incident handling, etc..

Perhaps using the study guides for Security+ and CISSP might be good starting points, as well as some Windows security resources (say, the Server 2008 Security Resource Kit and maybe a Red Hat security book).

Try your hand at the free assessment to get a feel for the kind of questions the GSEC hits you on:

https://www.sans.org/assessments/

If you've spent a decent amount of time in the IT industry with at least a little bit of exposure on the Windows and UNIX security side of things, the GSEC shouldn't be too difficult.

[Deleted User]

docrice wrote: »

I went through SANS 401 so I didn't do the self-study route. That said, recommending books specifically for the 401 is quite difficult since the GSEC exam by design covers such a wide range of topics. You'll need to know a little bit of practically everything - crypto, networking, Windows, UNIX, physical security, risk analysis, wireless, virtualization, incident handling, etc..

Perhaps using the study guides for Security+ and CISSP might be good starting points, as well as some Windows security resources (say, the Server 2008 Security Resource Kit and maybe a Red Hat security book).

Try your hand at the free assessment to get a feel for the kind of questions the GSEC hits you on:

https://www.sans.org/assessments/

If you've spent a decent amount of time in the IT industry with at least a little bit of exposure on the Windows and UNIX security side of things, the GSEC shouldn't be too difficult.

Do you feel that the free assessment is an accurate reflection of whether or not you are prepared for the exam? I took it just for fun and did quite well with the exception of the Linux questions. I believe that if I got a good Linux book I could ace that. Most of the questions were basic in terms of InfoSec. I don't know that I would even take the GSEC but I was just curious what you thought about the assessment.

docrice

If you felt that the assessment questions were relatively basic, I'd say bump up the difficulty one or two levels for the real exam. The GSEC is one of those well-known tests that's perhaps over-estimated for its depth. This is how I felt when I took the assessment, then the course, followed by the exam.

The real tricky part of prepping for the GSEC is the fact that since it covers such a wide range, there are bound to be areas where you're just not going to do well in unless you've taken the course and know exactly what the exam is based on. While I consider the GSEC not too hard as a test, at the same time when I took SEC401 it was still an overwhelming amount of information that I had to take notes and go through the books for another month before I actually sat the exam. And this is with over a decade in the industry. But as I said, I think people tend to view the GSEC as harder than it really is. It's based on a 400-level SANS course, and the good stuff really starts at the 500 level.

Maybe a good book for getting up to speed on the Linux side is the Hacking Exposed edition for it. At least that's what my first answer might be.