GCED - Passed!

NetworkEng756NetworkEng756 Member Posts: 13 ■□□□□□□□□□
Passed the GCED exam today. Only a 87%, but I was getting antsy and click happy by the end, lol. While my employer paid for the class, I shelled out the $599 for the discounted exam on my own, so I went in VERY nervous hoping I wouldn't be flushing that down the toilet.


My tips for passing GCED (and presumably and GIAC exam):

1. MAKE YOUR OWN INDEX! This was instrumental in getting me prepared for the exam. My index was over 40 pages long, and I definitely would have run out of time if I didn't have it.
2. Study! I took the OnDemand course and listened to some sections several times. I took the sections quizzes until I got 100%. It's important going in to the exam understanding the concepts of everything completely.


I only brought in my index, class books, and a few SANS **** sheets. Those **** sheets definitely helped me on 3 or 4 questions when I couldn't recall the correct switch for a command.


As for the two practice tests they give you, don't expect the questions do be on the exam at all. In fact, the questions were much longer and more situational than the straight questions the practice tests give you.



Finally, I've read a few posts on here about GSEC vs GCED. I had taken both OnDemand courses, but didn't have the $$ to pay for the exam until I was in the 504 class. I was thinking of taking the GSEC later this summer, but have decided against it. With CCSE, CCSA, and Security under my belt, I don't believe the GSEC would be worth the cost. I don't think it will present me with any better opportunities at a new job, even though the resume bots probably search for GSEC, if they search for a GIAC cert.

Just my 2 cents.

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Great job on passing. We don't hear much about SEC501 so if you could review your impressions about the material and other aspects of the course, that'd be great. I'm very curious what this course is like and I've entertained the idea of going through it one day, but I'm worried that it might overlap with other training I've taken.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • NetworkEng756NetworkEng756 Member Posts: 13 ■□□□□□□□□□
    The 501 course was a good extension of the 401 course. I wouldn't say there was any overlap with 401. Here's the breakdown:

    1. Defensive Network Infrastructure - Basically just securing routers and switches. I'm a Network Engineer so this wasn't new to me at all.
    2. Packet Analysis - Just what it says. Lots of Wireshark. Goes beyond 401 and a bit more in depth.
    3. Penetration Testing - Basics of pentesting methodologies and tools and whatnot. Guessing here, but probably a good primer for the 560 source.
    4. First Response - Good intro to IR, guessing it's a good intro to 504.
    5. Malware - Went over malware infections, what to do, sandboxes, etc. I've already had plenty of experience here, so not too much new.
    6. Data Loss Prevention - Rather than technical, this really just went over roles and responsibilities and such

    As I said, it was a good extension of the 401 course. I wish I would have went right in to 560 or something, but since I'm a jack-of-all-trades at work, it was easier convincing my boss to pay for the course about "defending the enterprise" than it was trying to justify a course just on pen testing.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Thanks for the overview. 501 would have been a good follow-up to 401 for me some years back, but since I've already taken SEC502, SEC503, SEC504, SEC560, and I'm about to take FOR508, I'm guessing it probably wouldn't be cost-effective for me now.

    I wish there were more IT professionals who would take a course like 501 as I think some of the ideas taught in there are generally lacking in the common enterprise IT shop that I've seen.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Khaos1911Khaos1911 Member Posts: 366
    I personally would love to take 501, but boss has me going to GSEC bootcamp in San Diego this week. If only I could get into the work study program icon_sad.gif
  • SysEng345SysEng345 Registered Users Posts: 1 ■□□□□□□□□□
    NetworkEng756,


    Congratulations on your passing of your GCED! I'm seasoned in IT. But have always had a test engine before going into the test; not this time though. Some training dollars came available. I'm in SEC501 OnDemand now and sweating just a little, since the quizes do not mirror what Eric is teaching.


    Thank you for your tips; I will use them. I think where I fall short at present, is packet analysis, so I guess I will eat, sleep, breathe Wireshark.


    GSEC would not be worth the cost, especially since you already have CCSA; you can really burden yourself down with yearly cert fees!
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    Congrats and thanks for the write-up!
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    The 501 course was a good extension of the 401 course. I wouldn't say there was any overlap with 401. Here's the breakdown:

    1. Defensive Network Infrastructure - Basically just securing routers and switches. I'm a Network Engineer so this wasn't new to me at all.
    2. Packet Analysis - Just what it says. Lots of Wireshark. Goes beyond 401 and a bit more in depth.
    3. Penetration Testing - Basics of pentesting methodologies and tools and whatnot. Guessing here, but probably a good primer for the 560 source.
    4. First Response - Good intro to IR, guessing it's a good intro to 504.
    5. Malware - Went over malware infections, what to do, sandboxes, etc. I've already had plenty of experience here, so not too much new.
    6. Data Loss Prevention - Rather than technical, this really just went over roles and responsibilities and such

    As I said, it was a good extension of the 401 course. I wish I would have went right in to 560 or something, but since I'm a jack-of-all-trades at work, it was easier convincing my boss to pay for the course about "defending the enterprise" than it was trying to justify a course just on pen testing.

    Huh. Seems like 501 would be a step back then. Honestly I was hoping for a more advanced course. I'm really stuck on where to go from here now.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I took 501 after 504 and was bored to death. DO NOT take 501 if you have taken or plan to take 504 or any other 500 series courses. I would label 501 as appropriate for the manager that wants a glimpse into the technical aspect of security operations. Someone trying to jump from sysadmin into security who doesn't have formal security experience would also benefit from this course. If you've done some incident handling, pentesting, packet analysis, and other cool stuff, look elswehere. You can thank me later.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    If you have taken SANS 504 then it seems SANS 503 (for the GCIA) is the popular next choice.
  • tumblejermtumblejerm Member Posts: 16 ■□□□□□□□□□
    I have taken the GCED course in San Diego in May 2016. And I have been struggling to prepare for this test. I have created an Index of all 6 books and took my first practice exam and got a 49% icon_sad.gif. I thought my index failed me and had a hard time finding the tools and attack types from within my Index and really don't know how to improve it as I spent over 8 hours creating the index.

    Is there any way I could borrow your index and I could e-mail you mine as well to see if i'm doing it right etc. This has been giving me anxiety for months now and I'm not sure what else to do.
Sign In or Register to comment.