One of the things I love about working in InfoSec is the way people in cybersecurity share what they know with each other. As a SANS Subject Matter Expert (SME), I was* required to share what I know with students who ask for help. Sometimes that means replying to their questions via email. Other times it means walking them through course concepts, material, or virtual machine (VM) configuration/tweaks/hacks via LiveChat. Often it means counseling them on what they should do to prepare for the GIAC certification exam associated with their particular SANS course, particularly if this is their first GIAC certification.
Officially, I cannot comment on what GIAC will or will not include in their exams. If you want something official, ask them. But what I can do is share what I have learned from my own experiences taking SANS courses and passing multiple certification exams. In this I stand on the shoulders of giants, some of whom I will name and link to below. I will also add my own spin, expanding on some things I mentioned in a similar (and much shorter) post in 2018, and hopefully contribute something positive to the collective knowledge out there to help you not only pass the exam, but to retain what you learn so you can use your newfound knowledge and skills as you go forward.
Tip 1: SANS Courses Are Not For The Faint of Heart
If you have never taken a SANS course before, prepare yourself to drink from the fire hose. I have taken several courses myself as “just a student,” audited others as a SME for quality reviews, poked, prodded, and otherwise pounded on more VMs and lab exercises than I can count, and the biggest takeaway I can share with you is that every single SANS course is as dense as neutronium. Every. Single. One.
In over two years of helping students try to shoehorn mass quantities of information into their skulls, I never had one complain about the material being too light. Consider yourself warned.
Tip 2: GIAC Certifications Don’t Come Easy
I once had a student tell me he “didn’t have time” to do all the labs for his course, so he wanted to know which ones he needed to focus on to pass the exam. He also joked that maybe he’d bring all his books with him for the exam. His entire attitude was that he could do a few key labs, scan though the books, then waltz into a testing center and get his cert. After some extended discussion I learned that his previous certification experience was for the Certified Ethical Hacker (CEH) and the CompTIA Security+ exams.
Don’t get me wrong, each of those certs has value, and they can definitely open doors into the cybersecurity field. But neither one is as demanding or detailed as, say, the GIAC Security Essentials (GSEC). What’s more, SEC401, the course associated with the GSEC, is a foundational course in the overall scheme of courses offered by SANS.
As is the case for many, SEC401 was my introduction to cybersecurity training and certifications. I took it live, spending long days in gawd-awful hotel chairs, blowing my mental buffers every day for six days straight, followed by additional study online courtesy of the OnDemand materials available, and reviewing the printed texts while I built my index. After I took (and passed) the five-hour long certification exam, I went home, had a beer, and collapsed into a barely coherent mess. From talking to others, my experience is not unique.
Daniel Miessler compares multiple cybersecurity certifications in his blog post, A Guide to Information Security Certifications (https://danielmiessler.com/blog/infoseccerts/). He rates quite a few of the better known certifications based on difficulty, respectability, and renown, among other criteria. In Miessler’s opinion, GIAC certs range from 7 to 10 on a 1 to 10 scale, and my own personal experiences incline me to agree with him. But don’t take my word for it, or his. Exercise your Google-fu and get as many different perspectives as possible, then evaluate and analyze what you find and make your own decision.
Tip 3: Having a Good Index is Vital
One question we SMEs get asked a lot is, “Why do we have to make an index?” I didn’t get it either until I went through the process myself and discovered just how much creating an index forces me to really dig into the course material. Just attending the classes (or watching the videos if you are taking the class online) and going though the course materials may be enough to learn the material for typical college class, but I guarantee that if you go through the books, highlight, log, and annotate everything that you don’t already know by heart, you will walk away with a far more complete grasp of the materials on your course. But that is not the only reason why indices are important.
I have found that most people fall into one of two camps when it comes to preparing an exam index:
- “I just want a lean & mean listing of terms and the books/pages where I can find the details.” or…
- “I do not have the time to go flipping through all my books during the exam looking for the answers I need, so I’m going to add brief definitions and other reference info to my index. If I need more detail, I can go to the related pages in my books as required.“
For the record, I belong to Camp #2. For my money, every second I can shave by getting quick answers to comparatively simple questions is priceless because those seconds give me the extra time I need to wrack my brain or fumble through my course books on the more challenging ones. And these are a few of my favorite references to help you get the job done!
- Better GIAC Testing with Pancakes
If you don’t already know about Lesley Carhart (aka @hacks4pancakes), I strongly suggest you follow her. Her blog post on creating an index covers a ton of excellent information and suggestions. I routinely refer students to this post and I know for a fact that I am not the only SME who does. The section of her post with the subheading WHAT YOU NEED TO KNOW remains spot on. My personal process for creating an index is somewhat different from hers, but reading her process and ideas absolutely contributed to my own.
- SANS Index How To Guide with Pictures
Another excellent article, this one by Matt Edmondson, on how to make your index. He was the one who taught me to get my index spiral bound. It takes a little planning ahead, but not having to wrestle with a 3-ring binder while sitting your exam is absolutely worth it!
- GIAC Exam Preparation Guide
And this is the official word from GIAC on what you should do while preparing your index. Since it is their exam, you might want to pay attention to what they have to say about preparing for it.
- Wargaming GIAC Certifications
In spite of the fancy title, this article by hacker/pen tester/SANS instructor Matt Toussain (aka @0sm0s1z) is really about how to use a tool called Voltaire to build your index. Matt wrote Voltaire for his own use, but he’s a giver, and he is sharing Voltaire with the world. His YouTube video about Voltaire also goes into depth about the whys of building an index, and has a ton of practical tips.
Tip #4: Honor Your Learning Process
Every person has a different learning style. Some are visual learners, others are aural (listening) learners, and still others learn by taking really great notes. The truth is that we all use all of these methods for learning, and the more ways you are able to get the material in to your brain, the better.
SANS often (usually) provides MP3s of the live class recording with the OnDemand access to the course materials. These are great to listen to while commuting, doing housework, working out, whatever. And one of the cool things about them is that they include additional material that gets edited out of the videos. If your course includes the MP3s, you should be able to download them through your SANS portal.
Go to: Account Dashboard > My Online Training > SANS Self Study
Once you get there you can download the MP3 files individually, or as a single zip file.
There are also online flashcard stacks on services like Quizlet that you can use to build your familiarity with cybersecurity terms, or that you can use to make your own to help you study for your exam. Ultimately, it is up to you to do what works for you to learn the material as thoroughly as you can before you walk into that testing center.
Tip #5: Take Study Breaks
We tend to think that in order to do something well we have to work hard at it every single day until the job is done. The truth is that your brain needs rest just like your muscles do. I’m not saying to slack off and not do the work. Rather, I suggest that you plan for rest days, just as you do when you are strength training. Sleep is another undervalued, yet priceless commodity when you are trying to absorb tons of new information and assimilate it. I guarantee that if you give yourself a chance to absorb and process what you are studying, when you return to your studies your results will be much better than if you try to “tough it out.”
However you proceed, do your best, ask for help when you need it, and I wish you all success when it’s crunch time.
* Sadly, shortly after I wrote this post I was furloughed by SANS. When COVID-19 shut so many things down, SANS let a lot of people go. That said, the time I spent with them was amazing and I would work for them again in a heartbeat!