Passing the GCIH Exam

I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.

New SANS GIAC changes to exams

One thing that was particularly new for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS with GIAC now has added a section that tests your knowledge through a virtual lab. Now, I have to say I think it’s actually pretty awesome! It puts your real world skills to the test to see if you can actually can apply needed practical skills. It also gives companies assurance that their employees are also getting and being tested on real hands on work and not just theory based topics.

The one thing I did find a bit annoying was that the virtual lab seemed a bit laggy. This was both on my practice tests from home, as well as the actual exam at an exam center. So, when you type anything within the virtual VM’s, be sure you type very “slowly”. Otherwise, you’ll realize you typed too quickly, and that certain characters were missed or mistyped.

How to study for the exam?

The honest answer is to refer to the SANS GCIH outline on their website here: https://www.giac.org/certification/certified-incident-handler-gcih#objectives

If you follow their guideline there you will not have any issues. What I felt really helped me personally is actually being involved with the Incident Handling process at my current job. The work experience you gain will definitely help you out on the exam and goes a long away. But every topic you seen on the SANS GCIH objectives page will be tested. Therefore, know all of those topics really well and understand them along with how they work. For example, learn all of the incident handling processes, and the workflow of what you would do for each incident handling process.

e.g. Incident Handling: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

GIAC Advisory Board

One of my goals with my SANS GIAC certs was to get on the advisory board. In order to accomplish that, one must get 90% or more on a single exam. Fortunately, for me this time around I did achieve greater than 90%. GIAC sends you an email to ask to see if you would like to join the advisory board. I am super excited about it, as I have heard great things about topics that are discussed within the GIAC Advisory board mailing list. I’d definitely recommend you try your best to get 90% or above. It really pays off in the end! I believe it also gives you a chance to teach the class if you wish to join the SANS Mentor/Instructor program.

What’s planned next?

For my next cert, I have not yet decided on what I will aim for in 2020. I’m leaning towards GCFA, or GCIA or OSCP. I’d like to work more on IR, and in that case something like GCFA might make more sense to take a look into for the coming year. I’m also looking to get a bit more into pen testing infrastructure as well, so that is where the OSCP might also come in handy. But, the extra edge goes to the GCFA cert as of right now.

Final Thoughts

Overall, the GCIH really tests your mind from an incident handler’s perspective. And, going into this exam you should have your incident handling hat on, because that is what it takes to pass the exam.

Feel free to share your experience related to the GCIH cert, or other questions you might have on your mind below in the comments section.

This site uses Akismet to reduce spam. Learn how your comment data is processed.