My Journey to getting the GIAC Security Expert (GSE) certification

BrianAnderson · November 2012

Since the age of seven years old I have been playing with technology and attempting to figure out how it works. With this passion for technology and supportive parents, I had built my first computer at the age of eight years old. As the years when on, I decided to enroll in a High School that specialized in Information Technology in Saint Petersburg, Florida. From then on I had a solid understanding of how computer systems are built(received A+ training), how network communications function (went to a Cisco NETACAD Academy), and how to create web sites with a Oracle 9i database backend (took the OCP/Java course in high school).

Shortly after graduation I decided to start my own hosting solution providing dedicated severs and voice communication to video gamers around the world. This was very successful but demanded a lot of overhead, which is something I couldn’t justify the ROI. So I moved on and joined the United States Army and became a Information Technology Professional. While attending Advanced Individual Training to become a "IT Specialist" I received the class Distinguished Honor Graduate and continued on to a few more courses at Fort Gordon Dixon Hall.

After going to my first assignment in the military I figured it would be smart to start at the ground level and build a solid foundation to build my career off of. I Completed the CompTIA A+ certification in about two weeks, which equaled to be 1 exam per week, and continued to complete the CompTIA Network+, and the CompTIA Security+ the next two following weeks. After completing these four exams (3 certifications), I decided to focus on my family a little more as my wife at the time was pregnant with our daughter.
As complications raised in the marriage I returned to studying for my CISSP and in 2010 the United States Army sent me to a week long course to review what I have learned by watching Shon Haris video’s, reading the amazing Shon Harris CISSP ‘All-in-One”, and joining various Yahoo groups such as CyberKungFu.

After departing the military I noticed that some of my knowledge was starting to go way since I have not been actively utilizing the knowledge, so I decided to drive on and take the EC-Council Certified Ethical Hacker version 7 (CEHv7) exam. I passed this exam either in May or June of 2012. In July 2012, I decided to revisit the CCNA curriculum that I studied back in 2003. By July 08, 2012 I obtained my CCENT, CCNA and my CCNA: Security.

I took a little break from studying and started back up in October by signing up for two SANS’ courses as they were having a special for the October Cyber Awareness month. The two courses that I signed up for are SEC504: Hacker Techniques, Exploits & Incident Handling and the SEC560: Network Penetration Testing and Ethical Hacking. These courses I feel will serve me well in the future as these focus on the career field I want to enter.

On 13 November 2012, I have successfully completed the GIAC Certified Incident Handler exam and scored in the high eighty’s. My study period for this exam started once I received my On Demand materials on October 25. My methodology that I used is to Watch the videos in full (waiting for my material to arrive), Then watching the videos again during the day time while taking notes. I then Indexed all 6 books in an excel document and once completed I sorted the topics in alphabetical order.

A day after this exam and a lot of pondering, I have decided to go for the GIAC Security Expert (GSE) certification in addition to the Cyber Guardian Program (Red Track) that I was originally going to go for. From the research I have done on this exam, I know not to expect an easy walk in the park with either the written or the lab. However the knowledge gained by successfully mastering this certification will bring together all the information I have already learned and fill in the gaps that I do have.

So the journey begins! I will continue to add posts and update this thread as I make progress towards the GSE and try to include tips and things to do if you’re interested in taking this exam as well.

BrianAnderson · November 2012

In determining if I would go for the GIAC Security Exam I visited a lot of various sites after doing a few Google searches. From those I came to the conclusion that this certification will be extremely useful in solidifying my skill sets as an Information Security Practitioner and will not necessarily allow me to stand out more now, however maybe in the future as HR departments haven’t learned of this certification as much as others. However individuals in the field know the value.
The first and most important site is the GIAC Site. What do they say about the exam?

GIAC Security Export - GSE

....Mission Accepted, Deadline Accepted.

YFZblu · November 2012

Looks like you're ready to roll - Good luck and welcome to TE. I'll be following this thread for sure.

uyen_nguyen · November 2012

Hi Brian, where is your location? I am in Los Angeles. I am on the same track as you too. I am challenging the GSE and I have planned to do it for 3 years. So far, i have finished GCIH, GAWN, GSEC and I already registered for GPEN and studying for the GCIA. Hopefully 5 prerequisite GIACs will be finished before 2013 new year. And OMG, your date for GPEN and GCIA are very near to my planned register days.

docrice · November 2012

I think we have a few people in this forum who technically meet the prerequisites for the GSE written exam (myself included), and the idea of being able to renew all your GIAC certs by maintaining your GSE status is very appealing. That said, speaking for myself I feel I need more real-world practice before I can even begin to consider attempting the exam.

Good luck to you guys who are aggressively going for it. If you do the exams (pass or fail), be sure to write about your experience.

wmcglass · November 2012

Brian, it seems that we have a lot of history in common. Congrats on your recent accomplishments. I've passed the GSE written exam and am excited to attempt the lab at Orlando on March 8th and 9th. I hope I see you there. Likewise to uyen_nguyen. Hope to see you both there. I am excited to hear about your progress.

uyen_nguyen · November 2012

@wmcglass: I wont be able to take the lab exam in March but I will in September. I have school in March and my school Fall semester won't start until October. My path for GSE is GCIH/GAWN/GSEC/GCIA/GPEN. I think that a lot of people choose GPEN for GSE too. Brian and wmcglass, you guys rock the SANS/GIAC forum.

wmcglass · November 2012

uyen_nguyen wrote: »

@wmcglass: I wont be able to take the lab exam in March but I will in September. I have school in March and my school Fall semester won't start until October. My path for GSE is GCIH/GAWN/GSEC/GCIA/GPEN. I think that a lot of people choose GPEN for GSE too. Brian and wmcglass, you guys rock the SANS/GIAC forum.

Ah I see. Well best of luck in September. Keep us updated.

BrianAnderson · March 2014

Hello Everyone,

Sorry for not being more active on the forums, but I've had a busy time with work, personal life and certifications over the past year and some change. In the past year I have been successful in passing all of the necessary SANS Certifications required to take the challenging GIAC Security Expert (GSE) exam.

There are multiple routes a person can take when preparing for the GSE. The route I decided to take is by taking the GSEC, GCIH, GCIA with no gold and two substitutes (GPEN, GXPN).

As I just applied to take the GSE Multiple Choice (Part 1) exam on 11 March 2014, I am now in the Application process (takes around 10 business days from what the site says) to become eligible to take the written exam at a Pearson Vue testing center.

My review of the individual exams:

1) GSEC - GIAC Security Essentials ( http://www.giac.org/certification/security-essentials-gsec )

The GSEC exam stands for GIAC Security Essentials, which is a very good description of the exam itself. I found the depth to be the foundational levels required by the GCIA/GCIH exams and solid system administration for Linux/Unix and Windows Systems. Nothing to difficult for someone who's been in the cyber security arena for more then one or two years. I took the exam on 11 March 2014 and didn't use any of the authorized books, nor did I have a Index for this exam and managed to get a score above an 80%. I did however apply and participate in the workstudy program for SANS Brussels 2014 (SEC401).

-- The workstudy program that SANS offers is an amazing chance to assist SANS with facilitating with the live events taught world wide while receiving a discounted rate of tuition. For more details on the program you can check out: (https://www.sans.org/work-study/)

2) GCIH - GIAC Certified Incident Handler (Incident Handler Certification: GCIH)

I prepared for this exam via the OnDemand option for SEC504 that SANS offers back in November 2012. I found this course to been one of the best courses I've taken till then from any training body and the certification itself from GIAC is still highly in demand and is well worth the investment. I wont go into the topics of the exam as its listed on the site, and probably has changed since the time I took the exam.

3) GCIA - GIAC Certified Intrusion Analyst (Intrusion Analyst Certification: GCIA)

This course was one of the harder exams that I've taken and shouldn't be taken lightly. The importance of the material covered within SEC503 and the exam objectives covered by the GCIA will only gain in value as time goes on. For this course I decided to take the OnDemand version, which looking back might of been a mistake only because of the quality of the training SANS provides in person, however with that said, the material is still inside the OnDemand training, however requires you to do a lot of digesting of the material by yourself. My index for this one was around 30-40 pages and I took about 3-4 weeks of preparation time before taking the exam. I also work in the cyber security industry looking at packets for a good amount of the day, which is what assisted me in passing the exam. Exam tip: Know your RFC's, packet structures (IP Headers, TCP/UDP and ICMP and how it looks in hex).

4) GPEN - GIAC Penetration Tester (Penetration Testing Certification: GPEN)

This course was one of the funnest courses I've taken with SANS OnDemand training. Ed Skodus and the SANS staff did an amazing job with the training material for the SEC560 course and labs. I decided to take my time with this course and digest all of the material in depth as this is a career field that I am seeking employment in, and find the topics very appealing. I spent 3 solid months focusing on the training materials for this exam while going full time to college at WGU and working full time. I found the hands on labs to be very important in the exam preparation. Using the tools allows you to digest the theoretical topics covered in the courseware.

5) GXPN - GIAC Exploit Researcher and Advanced Penetration Tester (GIAC Forensics, Management, Information, IT Security Certifications)

The GXPN exam was a painful yet enjoyful experience. Not having a programming background Day 4 and Day 5 of the SEC660 was more like a full semester of college per day. I took this course at SANS London 2013 (Nov 2013) with James Lyne and James Shewmaker. Both instructors are very knowledgeable and subject matter experts in their own specialities. James Lyne's energy levels made it easy pay attention and stay focused on the learning, even if the material was very complex. The course author for the SEC660 course is Stephen Sims, who created an even more advance course that I plan on taking after fully digesting the training material covered in Day 4 and Day 5 of this course. Day 4 is exploiting Linux systems, and Day 5 is exploiting Windows Systems.

Overall my SANS experience has been an amazing one, and I would recommend doing in person training and then taking the OnDemand bundle option to continue the studies after the training. In addition to taking the GIAC Security Expert (GSE) exam, and SANS Cyber Guardian program, I've also decided to take on the SANS Technology Institute's Master of Science Degree in Information Security Engineering (MSISE: Master of Science Degree in Information Security Engineering) after completing my Bachelors of Science in Information Technology with an emphasis in Security.

Until the next update,

Brian Anderson

GIAC Certification Profile: https://www.giac.org/certified-professional/brian-anderson/132244

BrianAnderson · March 2014

uyen_nguyen wrote: »

Hi Brian, where is your location? I am in Los Angeles. I am on the same track as you too. I am challenging the GSE and I have planned to do it for 3 years. So far, i have finished GCIH, GAWN, GSEC and I already registered for GPEN and studying for the GCIA. Hopefully 5 prerequisite GIACs will be finished before 2013 new year. And OMG, your date for GPEN and GCIA are very near to my planned register days.

Sorry for the late reply, I'm currently living in Europe (Germany).

BrianAnderson · March 2014

Well this morning I received a surprise from SANS/GIAC. Not expecting to hear anything back for 10 business days, I was shocked to see an email from the GIAC Customer Service stating that my application is approved. Interesting little details in case anyone else is going through the process or thinking about it:

Once you have your application approved you will receive an email similar to this:

"Your GSE application is approved." ... (took out personal information ...

You may log into your SANS/GIAC account and pay for the multiple choice exam online or phone in your credit card payment to SANS Customer Service. Once your payment is processed, you will have four months to complete the multiple choice portion (just like other GIAC exams). Unlike other GIAC exams, the passing score is 75%, the time limit is 3 hours, and there are no practice tests. Also consider that your scores on the multiple choice exam are combined with your scores during the labs. Don't just stop with 75%. A higher multiple choice score could mean the difference if your hands-on performance is marginal in a particular domain.

If you are successful on your multiple choice exam, please email us to request that the GSE Lab be added to your invoice . Once the lab is added to your order, you may pay for it and work with our staff to schedule your seat at an upcoming lab.

On to brushing up on topics!

docrice · March 2014

Go get 'em! This should be very interesting to read about. I may have to eventually follow you on this route since re-certifying all my existing GIAC certs will get expensive. Plus the challenge of a practical exam is most noteworthy.

I have a co-worker who got his GXPN a while back and he mentioned that taking SEC660 was no joke, and it's probably especially difficult without prior programming experience.

SephStorm · March 2014

Congrats! Just found your thread, good luck!

5ekurity · March 2014

Congratulations, I'm sure that amount of coursework required some serious dedication and sacrifice. It's exciting to see someone progress through all of it though. I'm a newbie as far as SANS training curriculum is concerned, but I'm hoping to pursue the GSE one day as well. Fortunately I have an employer who values education, unlike my previous ones, where I had to pay for everything but the CISSP attempt.

MSP-IT · March 2014

I'll definitely be keeping up on this thread. Have you self-paid your way through the GIAC exams/training?

EDIT: It also looks like you'll be in the first 100 certified professionals. That's a great achievement.

BrianAnderson · March 2014

MSP-IT wrote: »

I'll definitely be keeping up on this thread. Have you self-paid your way through the GIAC exams/training?

EDIT: It also looks like you'll be in the first 100 certified professionals. That's a great achievement.

I'm hoping to be one of the first 100, but I don't know when I can take the practical due to work requirements. My employer has been kind to assist the majority of the training costs, however as the training costs to complete the GSE requirements are pretty high, I paid out of pocket for two of them (GPEN, and GCIH) and will be paying for the GSE exam itself in order to continue with the Forensics program.

f0rgiv3n · March 2014

Thanks for sharing this, it is adding some much needed stoke to my motivational fire.

MSP-IT · March 2014

BrianAnderson wrote: »

I'm hoping to be one of the first 100, but I don't know when I can take the practical due to work requirements. My employer has been kind to assist the majority of the training costs, however as the training costs to complete the GSE requirements are pretty high, I paid out of pocket for two of them (GPEN, and GCIH) and will be paying for the GSE exam itself in order to continue with the Forensics program.

What industry are you in, if you don't mind my asking?

LionelTeo · April 2014

Hey Brian,

I am also preparing for the GSE, hopefully to get them in 2016. So Good luck to you! Do share we us more on your GSE experience and how your work has help you. I think it could help me a lot.

Best of luck to you!

Regards!

Drackar · May 2014

I just saw your post as well. Good luck. I can't wait to see what your experience is on the written exam. I am taking the GSE this year as well. I am on track to take the written in August so that I can make the lab in September.

TechGromit · June 2016

Any updates on this? I was interested to know what the GSE lab involved, is it you have to penetrate a system?

It's must be a pretty hard Exam and Lab, I have yet to see anyone on the forums with a GSE, but someone at work has it, I'll have to hit them up for info.

LionelTeo · June 2016

I dont think he had passed it yet.

GIAC Forensics, Management, Information, IT Security Certifications

I know one day will be a full incident response which you have to present a incident response report.

Another day will be a open ended exam which you have to answer the questions.

Linking to this page may be a terrible response.
GIAC Information Security Expert | GSE Certification

But from what I heard, everything that was tested is listed there, there is nothing extra and nothing less.

LouAlbano · July 2016

LionelTeo wrote: »

I know one day will be a full incident response which you have to present a incident response report. Another day will be a open ended exam which you have to answer the questions. Linking to this page may be a terrible response. GIAC Information Security Expert | GSE Certification But from what I heard, everything that was tested is listed there, there is nothing extra and nothing less.

Registered to reply to this thread. I just took my recert today. LionelTeo is correct, that's pretty much what to expect. The "terrible response" page is even more accurate. I hadn't seen that recently but I will say it's pretty correct according to my practical 4 years ago. Fire off any questions.

My Journey to getting the GIAC Security Expert (GSE) certification

Comments