Passed the GSEC today

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
This is one of the more important exams in my certification plans this year. I spent the past month working on this, first with the OnDemand course (I took a week off from work just to go through it) and then the next few weeks parsing the books, taking notes, and reviewing the areas I was weak in.

No doubt this is a solid course. I will say however that from a practical perspective I think my money would have been better spent on something more focused like the GCIA, but cementing foundations is a necessity. Otherwise, the bulk of this course was review for me since I have experience with most of the concepts and almost all the tools reviewed. For those who haven't had at least a few years of experience with both Windows AD networking and Unix, the sheer breadth of material can be overwhelming. When people talk about the number of pages in the bound course material (in my case, six books at roughly 250 - 300 pages each, plus lab work), they're not kidding. No wonder why they give you four months to complete your certification attempt. And this is coverage that I feel is still relatively high level.

The test that I took today was pretty close to the practice exam I tried last week. I hate exams though - I'm not a morning person, always have that "exam-twitch" and nervous feeling in my stomach, and this causes me to become trigger happy. There's an on-screen timer staring at you and I need to get a handle on the psychological factor. Of all the questions I missed, the vast majority were during the first few dozen when I was warming up into the test session (and a few were the kind I shouldn't have missed but did because I should read the questions more carefully).

Overall, I finished in just under a couple of hours at 93.33% and I only skipped a couple of questions for later review. Not quite as high of a score as I wanted (I mean, it's open book / open notes after all), but a pass is a pass. I will say that if I did not have access to the course materials, my score would have fared far worse. CompTIA's Security+ is a good introduction to GSEC, but it comes nowhere near close to the level of depth and technical coverage. I actually learned some new things (like reading hex in a trace and pinpointing the specific values in field headers, for example), some of which I should have learned a long time ago. This in itself made the course worth it for me.

I think I'll go for the practical later on this year, after my CISSP attempt. For now, I need a couple of weeks off from studying and give myself a chance to deflate.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • kriscamaro68kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□
    Congrats. That is an awesome score. I took a practice exam about a few weeks back thanks to dynamik and scored a 63% on it. At the time I was studying for the security+. I hope to take this exam later this year. Good luck on the CISSP.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Great score! Anything 90%+ qualifies you for the Advisory Board mailing list, so be sure you get in on that.

    Good luck on the CISSP; it's 1000 times worse ;)
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    See you on the advisory board ;)

    You thinking about any more SANS certs in the future?
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    dynamik wrote: »
    Good luck on the CISSP; it's 1000 times worse ;)

    Oh, great. Juuuuust great... I'm really not looking forward to this one. I have three slightly-older references to read through: my Global Knowledge CISSP Prep Course material from a few years back, the official CBK from a few years ago, and Shon Harris' fourth edition. I also picked up an Exam Cram for practice questions.
    Paul Boz wrote: »
    You thinking about any more SANS certs in the future?

    I'm definitely thinking about the GCIA and maybe the GCFW, GPEN, and GCIH. I really want to do the GCIA though. Maybe Q1 next year when the funds permit. The 558 course (Network Forensics) sounds really cool, but they don't offer a self-study version since I think it's new and I really don't want to incur travel costs. GAWN 617 (Wireless Ethical Hacking, Penetration Testing, and Defenses) sounds awesome as well, but then I start thinking about how much all the re-certifications are going to cost, even if they're discounted. I might just do the OSWP for now...
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I'd recommend either the GCIA or GCFW. The courses are very similar but have their own subtle differences. If you're a firewall guy go with the FW. If you're more intrusion analysis go with the IA. Otherwise the foundation material is the same. The GCFW mentions all of the GCIA subjects but in many cases to a lesser degree.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    docrice wrote: »
    This is one of the more important exams in my certification plans this year. I spent the past month working on this, first with the OnDemand course (I took a week off from work just to go through it) and then the next few weeks parsing the books, taking notes, and reviewing the areas I was weak in.

    No doubt this is a solid course. I will say however that from a practical perspective I think my money would have been better spent on something more focused like the GCIA, but cementing foundations is a necessity. Otherwise, the bulk of this course was review for me since I have experience with most of the concepts and almost all the tools reviewed. For those who haven't had at least a few years of experience with both Windows AD networking and Unix, the sheer breadth of material can be overwhelming. When people talk about the number of pages in the bound course material (in my case, six books at roughly 250 - 300 pages each, plus lab work), they're not kidding. No wonder why they give you four months to complete your certification attempt. And this is coverage that I feel is still relatively high level.

    The test that I took today was pretty close to the practice exam I tried last week. I hate exams though - I'm not a morning person, always have that "exam-twitch" and nervous feeling in my stomach, and this causes me to become trigger happy. There's an on-screen timer staring at you and I need to get a handle on the psychological factor. Of all the questions I missed, the vast majority were during the first few dozen when I was warming up into the test session (and a few were the kind I shouldn't have missed but did because I should read the questions more carefully).

    Overall, I finished in just under a couple of hours at 93.33% and I only skipped a couple of questions for later review. Not quite as high of a score as I wanted (I mean, it's open book / open notes after all), but a pass is a pass. I will say that if I did not have access to the course materials, my score would have fared far worse. CompTIA's Security+ is a good introduction to GSEC, but it comes nowhere near close to the level of depth and technical coverage. I actually learned some new things (like reading hex in a trace and pinpointing the specific values in field headers, for example), some of which I should have learned a long time ago. This in itself made the course worth it for me.

    I think I'll go for the practical later on this year, after my CISSP attempt. For now, I need a couple of weeks off from studying and give myself a chance to deflate.

    So in your opinion, for someone about to take Sec+, and no previous experience outside of user level security support, the GSEC is more valuable? Or a specialty, such as GCIA, GCIH, etc?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Paul Boz wrote: »
    I'd recommend either the GCIA or GCFW. The courses are very similar but have their own subtle differences. If you're a firewall guy go with the FW. If you're more intrusion analysis go with the IA. Otherwise the foundation material is the same. The GCFW mentions all of the GCIA subjects but in many cases to a lesser degree.

    I've done some firewall work and VPNs already which makes the GCFW a natural choice, but for once I need a course that goes into new territory for me. Based on what I'm reading on your other thread, it looks like going for both FW and IA would be a nice combo since there's apparently some overlap. Ultimately, it comes down to cost. I'm not brave enough to challenge the exams because even if I manage to pass, I certainly won't score high (and since the score's public, I don't want to have a low one for the sake of professional dignity). IA first, then maybe FW afterward. I'll have to convince the company to reimburse me if I can. Otherwise, it's back to ramen noodles for dinner.
    SephStorm wrote: »
    So in your opinion, for someone about to take Sec+, and no previous experience outside of user level security support, the GSEC is more valuable? Or a specialty, such as GCIA, GCIH, etc?

    If you're relatively new to the security world, I think after the Sec+ the GSEC would be fantastic. In my case, I've been doing Active Directory, Cisco networking, firewalls, VPNs, authentication systems, PKI, etc. in varying capacities for the last decade so it wasn't as huge of a value to me education-wise. Folks who haven't been exposed to that kind of stuff as much would benefit greatly and I would recommend as a solid prerequisite before doing the GCIA, etc.. I think I saw a YouTube video that mentioned that the first four days of the GSEC pretty much covers Security+ and then some. Keep in mind though that I never took a Sec+ course - I just studied the Mike Meyers book for a week and got an 880 (out of 900) on the test. I found the GSEC considerably harder in some ways.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Windows gave me the worst time on the gsec. It was like a mighty kick to the nuts after spending my pro career doing 100% networking. Using windows every day does not make you a sysadmin. I actually just mentioned in my gcia thread the fact that I'm cramming MS protocols right now.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    It's interesting you say that because as a Windows admin first and foremost before anything else in my skill set, I found the Windows questions on the GSEC relatively difficult as well compared to the dead-easy Unix questions. I think part of the reason for this in general is that Microsoft has a uniquely (tedious and sometimes inconsistent) way of doing things. For example, a GUI tool can do most things for a given feature while the command line equivalent can do it all. There's also a lot of versioning differences to consider between NT 4.0 / 2000 / XP / 2003 / 2008 / R2 / Vista / 7, as well as possibly the incremental differences between subversions within each OS (Home doesn't support domain joins while Professional / Business / Enterprise / Ultimate editions do).

    Then you have protocol implementations such as SMB which was upgraded in Vista / 7 and default inclusion of dual-stack support. While the basic NT domain model and the underlying protocols such as heavy RPC dependency, etc. hasn't changed since the 4.0 days, there are more choices riding over it (Kerberos, NTLM, etc. for the security services support providers) as well as all the other required stuff for AD like LDAP on both TCP and UDP, Global Catalog replication, DNS SRV records, etc. and the trusts and tools that go with it. Then you look at how granular NTFS permissions can get vs. what you get on Unix. Also, "permissions" in the Windows world is a specific thing (actions you can take on "securable objects") vs. privileges vs. logon rights. "Permissions" as a term in the *nix world is applied much more broadly.

    Networking and Unix seems to be more straightforward and consistent. While some firewalls do first-match (PIX, IOS ACLs) and others do best match (pf, Windows Firewall with Advanced Security), in the end an IP header is an IP header, IPsec is IPsec.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Man the Unix questions were wiffle balls. Dynamik can attest to my disdain for Unix (because I'm stubborn) and I didn't have to reference the books for one single question. I'm going to have to seriously get proficient with Unix and Windows administration for the GSE.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    docrice wrote: »
    Oh, great. Juuuuust great... I'm really not looking forward to this one. I have three slightly-older references to read through: my Global Knowledge CISSP Prep Course material from a few years back, the official CBK from a few years ago, and Shon Harris' fourth edition. I also picked up an Exam Cram for practice questions.

    Shon Harris 4E was my primary resource. I used a few others, but none of them really seemed to matter much. It really comes down to experience and your ability to interpret what they're asking.
    docrice wrote: »
    I'm definitely thinking about the GCIA and maybe the GCFW, GPEN, and GCIH. I really want to do the GCIA though. Maybe Q1 next year when the funds permit. The 558 course (Network Forensics) sounds really cool, but they don't offer a self-study version since I think it's new and I really don't want to incur travel costs. GAWN 617 (Wireless Ethical Hacking, Penetration Testing, and Defenses) sounds awesome as well, but then I start thinking about how much all the re-certifications are going to cost, even if they're discounted. I might just do the OSWP for now...

    A GSE written (essentially GSEC, GCIA, and GCIH) will renew everything, and that's only $400.

    The OWSP is almost exclusively WEP, and IMHO, it's not really worth it. It definitely needs an update. Now's a great time to do the PWB course; they just updated that for BT4.
    Paul Boz wrote: »
    Windows gave me the worst time on the gsec. It was like a mighty kick to the nuts after spending my pro career doing 100% networking. Using windows every day does not make you a sysadmin. I actually just mentioned in my gcia thread the fact that I'm cramming MS protocols right now.

    I called Paul as soon as I finished mine, and I told him he'd need to brush up on Windows, but he'd kill the rest of it. I got an earful icon_lol.gif
    Paul Boz wrote: »
    Man the Unix questions were wiffle balls. Dynamik can attest to my disdain for Unix (because I'm stubborn) and I didn't have to reference the books for one single question. I'm going to have to seriously get proficient with Unix and Windows administration for the GSE.

    Multiple times per week, I hear something to the affect of, "Linux is free because it sucks. No one would pay for it." He lives in a sad and lonely world... ;)
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    dynamik wrote: »

    Multiple times per week, I hear something to the affect of, "Linux is free because it sucks. No one would pay for it." He lives in a sad and lonely world... ;)

    Honestly since Cliff left I haven't gone there much.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I just noticed that passing the GSEC apparently implies that I'm certified(?) at CNSS NSTISSI 4013, kind of like how I got 4011 when I passed the CCNA Security exam. While I understand that the course requirements met some government baseline, is this of any real significance on paper? It seems like a nice bonus but I'm uncertain what the practical benefit of this is.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I didn't get a notification from SANS about that so I don't have a clue. Please post back if you find out more though.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I didn't get a notification either, but noticed it on the SEC 401 course page:

    http://www.sans.org/security-training/security-essentials-bootcamp-style-61-mid

    "SPECIAL NOTE: This course is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC)."

    Is listing this on a resume just filler if I'm not applying for DoD-ish positions?
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    docrice wrote: »
    Is listing this on a resume just filler if I'm not applying for DoD-ish positions?

    I don't list the NSTISSI 4011 on mine because non-DoD contractors don't know what it is.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Not4TJMNot4TJM Registered Users Posts: 2 ■□□□□□□□□□
    I just finished GSEC 401. If I am trying to get into the cyber world and don't have daily access to FW/Intrusion tools. What order should I take the following SANS certs?
    GCIA, GCIH, GCFW, GPEN? Any help will be greatly appreciated since I got management to pay for the SANS OnDemand Option 2 (4 long courses).

    Thanks
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Not4TJM wrote: »
    I just finished GSEC 401. If I am trying to get into the cyber world and don't have daily access to FW/Intrusion tools. What order should I take the following SANS certs?
    GCIA, GCIH, GCFW, GPEN? Any help will be greatly appreciated since I got management to pay for the SANS OnDemand Option 2 (4 long courses).

    Thanks

    It really comes down to what you want to do. GIAC provides fairly detailed course descriptions and day-by-day breakdown of what the course covers. Assuming you know what you want to do (which may be your hold-up ;)), you shouldn't have any trouble making a decision. There's going to be significant overlap between the GCFW and GCIA as well as between the GCIH and GPEN.
  • Not4TJMNot4TJM Registered Users Posts: 2 ■□□□□□□□□□
    dynamik wrote: »
    It really comes down to what you want to do. GIAC provides fairly detailed course descriptions and day-by-day breakdown of what the course covers. Assuming you know what you want to do (which may be your hold-up ;)), you shouldn't have any trouble making a decision. There's going to be significant overlap between the GCFW and GCIA as well as between the GCIH and GPEN.

    After GCIA, then GCIH, GCFW or GCED (anyone done this yet?). I am going to keep taking as many as long as Uncle SAM will keep paying!

    Thanks

    Not4TJM
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Not4TJM wrote: »
    After GCIA, then GCIH, GCFW or GCED (anyone done this yet?). I am going to keep taking as many as long as Uncle SAM will keep paying!

    Thanks

    Not4TJM

    Niiiiiiiiiiiiiiiiiiiiiiiice. GI bill?
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • jgq85jgq85 Member Posts: 8 ■□□□□□□□□□
    Wait, this is an open-book test?
    Where are you supposed to take it at?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
  • twodogs62twodogs62 Member Posts: 393 ■■■□□□□□□□
    Even though open book, you really have to study books and already know many answers without lookups.
    the official course material is 6 books. Make good notes and indexes.
    you can take additional books also, but have to fit in backpack and you have to be able to carry bundle of books in one trip. You have to have good desk at testing center where you can spread books out.
    the test seems like an endurance test to me. 160 questions and 5 hour time limit.
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    I've only seen requests for CNSS certs on federal positions.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • GForce75GForce75 Member Posts: 222
    docrice wrote: »
    This is one of the more important exams in my certification plans this year. I spent the past month working on this, first with the OnDemand course (I took a week off from work just to go through it) and then the next few weeks parsing the books, taking notes, and reviewing the areas I was weak in.

    No doubt this is a solid course. I will say however that from a practical perspective I think my money would have been better spent on something more focused like the GCIA, but cementing foundations is a necessity. Otherwise, the bulk of this course was review for me since I have experience with most of the concepts and almost all the tools reviewed. For those who haven't had at least a few years of experience with both Windows AD networking and Unix, the sheer breadth of material can be overwhelming. When people talk about the number of pages in the bound course material (in my case, six books at roughly 250 - 300 pages each, plus lab work), they're not kidding. No wonder why they give you four months to complete your certification attempt. And this is coverage that I feel is still relatively high level.

    The test that I took today was pretty close to the practice exam I tried last week. I hate exams though - I'm not a morning person, always have that "exam-twitch" and nervous feeling in my stomach, and this causes me to become trigger happy. There's an on-screen timer staring at you and I need to get a handle on the psychological factor. Of all the questions I missed, the vast majority were during the first few dozen when I was warming up into the test session (and a few were the kind I shouldn't have missed but did because I should read the questions more carefully).

    Overall, I finished in just under a couple of hours at 93.33% and I only skipped a couple of questions for later review. Not quite as high of a score as I wanted (I mean, it's open book / open notes after all), but a pass is a pass. I will say that if I did not have access to the course materials, my score would have fared far worse. CompTIA's Security+ is a good introduction to GSEC, but it comes nowhere near close to the level of depth and technical coverage. I actually learned some new things (like reading hex in a trace and pinpointing the specific values in field headers, for example), some of which I should have learned a long time ago. This in itself made the course worth it for me.

    I think I'll go for the practical later on this year, after my CISSP attempt. For now, I need a couple of weeks off from studying and give myself a chance to deflate.

    Good luck on the CISSP. I was always wondering about this exam. Something I may have to look into down the road. Taking the CISSP before it changes on the 15th of April?
    Doctoral Candidate - BA (33/60hrs) ~ MBA/Project Management ~ BA/Business-IT
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I've pretty much abandoned going for the CISSP since passing the GSEC five years ago. Always entertained the thought of getting it, but there's too much going on at work.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ccnpninjaccnpninja Member Posts: 1,010 ■■■□□□□□□□
  • ansel1261ansel1261 Member Posts: 24 ■■□□□□□□□□
  • mehminmehmin Member Posts: 10 ■□□□□□□□□□
    Congrats on passing. Would you recommend which of the GIAC certifications to consider going after first? I'm new to IT and working on NET+ now. My plan, if you'd like to call it that, is SEC+ next then MS desktop support. I think it'd be valuable to get a GIAC certification but not sure if there's any kind of recommended starting point.
Sign In or Register to comment.