Skip to main content
HashnodeTriminator's Blog

Command Palette

Search for a command to run...

My SANS GCIH Experience

Updated
9 min read
My SANS GCIH Experience
K
Kerwin

Cybersecurity Professional | Writer | Frontend Developer

TLDR

What I did right:

  • Created an index and continuously refined it until exam day

  • Labs, labs...and you guessed it...more labs.

  • Read the material from cover to cover.

  • Participated in the CTF.

  • To quickly know which book contained which topic, I used sticky notes/page markers for topics pertaining to a specific book.

  • On the cover of each book I listed the topics and wrote important information that I either felt weak in or what was most commonly observed throughout the book.

  • I used my two practice exams to hone in on areas I was weak in. Besides certain topics, I honed in where I was failing from a test taking perspective and changed my strategy. For example, the 1st practice exam, I did not even take a break but on the 2nd one I did.

  • When struggling with a question on the exam, I relied on my gut instinct. (Of course this was done after I ran out of questions that I could skip)

  • I used my 15 minute break to gather my thoughts and decompress before working on the CyberLive portion of the exam.

Only resources you need are from SANS. Thats it.

What I did wrong:

  • I did not start building an index from day 1 of the course. This would have saved a lot of time.

  • My schedule for studying was inconsistent. Due to this I had to pay for an extension Depending on your skill or experience level, this exam requires deep focus to pass.

  • I did not lab everyday. Even one lab a day makes a huge difference.

  • Early on, I did not practice doing the labs without hints or copying and pasting commands provided. It may seem at first that you seeing and grasping the material by just doing them with assistance but I found I made great progress when I did these labs with no hints and manually typed the commands.

  • I created flashcards and spent an ample amount of time using them. Although this has helped with my retention of the information in the long run, it was not as effective for the exam. I would have been better off fine tuning the index, doing labs and looking over topics I was weak in.

  • I did not take the first practice exam sooner. This can be a bit controversial but taking the first practice exam quickly, a week or two after completing the course, I believe would have been beneficial and expedite my time for preparing for the exam.

  • I did not schedule the exam until later on. Yes I know, I should know this by now but scheduling the exam early reduces anxiety and increases productivity. This should be done after your first practice exam. From there you can adjust the date after if needed.

How I would do it over:

  • Index from day one of the course.

  • Each day of the course, do as many labs as you can from that day, even if you are only able to do lightning labs.

  • Do the first practice exam after creating the index and doing each lab at least once.

  • Do the labs until a decent amount of them feels like second nature.

  • Refine the index to the point where you can find what information you need as quickly as possible.

  • In creating the index, study the material and highlight topics, sentences and words in the book.

  • Schedule the actual exam early.

Reason for pursuing this certification

In the pursuit of greatness

I was fortunate enough that leadership at my company made the decision to offer SANS training. Thankfully, I showed initiative early on by passing previous certifications like Blue Team Level 1 and based on merit, I was selected. I chose this particular certification based on the recommendations of leadership but also because I wanted to have a solid understanding of both defensive and offensive activities. I knew this training and certification would broaden my horizons and provide great exposure.

Length Of Time To Prepare

Felt like forever

I took the SANS 504 course in late October and finally took the exam in late March. Due to my infrequent schedule of studying, I had to pay for an extension which grants you an additional 45 days. I did not need all 45 days and instead just used half of that time. No excuses but preparing for an exam around the holidays is challenging.

Preparation

I strictly used the material provided in the course. Nothing more than that. On days where I felt lazy, I would just listen to video recordings or James or Joshua. Even when I was driving , I would play the MP3 audio recordings. Was this necessary? No, but for me, I needed to keep the momentum going in anyway that I could. Early on, I also used flashcards on my phone through the Anki app. Instead mindlessly doomscrolling, I would use the Anki app which did help with long term recollection of the information. Additionally I created an index but it wasn't the best in hindsight. The format was not pleasing to the eyes and it was not color coded. Nonetheless, I felt as though I should take the exam since I have been reading the material on and off since November. I took the first practice exam in January and suffered defeat. I took no breaks and did not answer all the questions. When I failed the first practice exam with a 46%, my confidence was at an all time low. I did not feel "smart" at all.

I had to take a break, reassess and get back on the train. Instead of doing the extra activities like flashcards, I solely focused on refining the index and doing labs. I would not take the second practice exam until March. In that time period, I honed in topics I struggled with and reflected on what I could do differently on the next exam such as having better time management with questions and using breaks provided in the exam.

When I failed the second practice exam with 61%, I saw the improvement but it still wasn't enough to pass. This time I did take breaks and did answer more Cyber Lives. So close yet so far.

You already know what I did. Went back in the lab, refined the index on topics that I scored poorly on along with doing labs on those topics. I was 8% away from passing so this motivated me to get in the hyperbolic time chamber and be absolutely focused on passing this exam. For the week of the exam, I had my index set and I was doing labs for 2-3 hrs a day. To note, definitely ensure you have the index printed out and it is in a format that is easy for you to read and navigate to the specific page that you need to get to. The day before the exam, I dialed it down, briefly looked over some notes and a few labs I struggled with. I ensured I had all my materials ready for the morning.

Exam Day

To say I was nervous is an understatement. Luckily, this did not affect my sleep. I was well rested and ready to take on the exam. I arrived at my test center early and had to wait a bit before entering. When I entered the room, I went through the usual procedure of verifying my identity, signed some documents and took my big ole bag of books with me. I sat down, said a prayer, organized my books and began the exam.

I started off well, answering questions efficiently and not needing to rely on the index too much. As the exam went on however, the questions got a bit more tricky and my index came in handy. Some questions were skipped in the process. I was able to find what I was looking for and power through the multiple choice portion of the exam. I then took my break, went for a walk and then began the CyberLive portion of the exam.

This portion did cause me stress early on in my exam preparation but on that exam day, I was flying. Due to the countless repetitions I put in with the labs, I was able to knock out a majority of the CyberLives quickly, looking at the workbooks as needed.

Before hitting that submit button, I closed my eyes and hoped for the best. When I saw my score, I could not believe it. 93%

I walked out there grinning from ear to ear and blasted music all the way home.

Closing Thoughts

That boy done came up.

The experience of preparing for and taking this exam has definitely help in my growth as a professional. I have always been curious of the red team side of things and this certification has allowed me to see how attacks unfold, understand basic exploitation concepts and common attack techniques.

After achieving this great milestone all I can say is: "The price went up" or whatever Marlo Stanfield said in The Wire.

As for what comes next, I am not sure. But with the confidence and skills gained from this exam, I will definitely look to build on this momentum. After feeling down with those practice exam results, all I can say is we back up! Triminator out!

Special Thanks

Leadership at Carnival for investing in me by sponsoring this course and the exam.

James Leyte-Vidal for being a great instructor during the course

Joshua Wright for creating a detailed and engaging course.

My classmates during the course and people I met outside of the course. Some of these names include Antonio, Luna, John, Ekkasit, Artem, Ruthie, Anthony and Steven.

My teammates for the CTF : Eric, Michael and Filip. Learned a great deal from that experience and had fun during it thanks to those guys.

Resources

SANS SEC504: Hacker Tools, Techniques, and Incident Handling: https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling?msc=Coins%20Blog

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

T

Triminator's Blog

20 posts

Cybersecurity Professional | Writer | Frontend Developer