Passing The GSEC Exam

Passing The GSEC Exam

So, I’ve officially nailed down another Information Security certificate. And, this time a certificate from the SANS Institute with their GIAC- GSEC certificate. I thought I’d make a post for other people that plan to challenge the exam, and share my own personal experience through it all.

Is it Right For Me ?

The big question would be why are you thinking of obtaining this certificate? Does your work require it? Are you new to the information security field and want a better foothold into the industry? Do you wish to gain more knowledge and/or a higher quality of training? If it’s any of those reasons apply to you, then I would definitely point you towards getting your GSEC certificate.

Preparing For The Exam

So some may ask how they can best prepare for the exam?

Read the syllabus guideline on the SANS website –> This guideline covers all of the type of topics that will be covered on the exam.

The exam is going to cover all of those topics mentioned on that SANS web page. So that means you should expect questions from each one of those topics and categories.

During the practice exams they will display “stars” for each of those categories pertaining to how well you answered the questions in each category realm. I found that extremely helpful during the practice exams, as it let’s you know which topics are your strengths and weaknesses. This then allows you to better spend your time on weaker areas.

A good SANS resource to check out is the SANS Prep Guide:

Practice Makes Perfect

I would highly advise anyone to make use of BOTH practice tests that come with your certification attempt. I found they really set the tone of what you will encounter and experience during the final exam. It sets you up to get used to the 5 hour time limit, yes the exam is very long. Both of my practice attempts were done within 4 hours of time, where as my actual exam ending up taking me the whole 5 hours.

After completing the first practice exam review the topics where you received anything less than 3 stars. You will want to spend more time in areas where you are weaker in to better learn the material. Remember, no one is perfect, but practicing and learning material till you can master it is what makes you better.

Finding a Testing Center

I’ve heard different stories from different people that attend different testing centers. The one I went to was very picky with everything, and I don’t blame them for doing their job. I’m sure some cheaters out there have caused all of these new steps to be put in place. In my case, the test center attendants went through all my material I had brought in for the exam. They patted me down before I went into the testing room and during my 15 minute break. Other than that, the people there were extremely nice and friendly. The downside was that the heat broke down in the building for that floor when I arrived in the afternoon.

I worked on the exam for 5 hours in very cold room with several other people where the outside temperature was -3 Celsius. Honestly, those 5 hours go by very quickly especially if you are in your own zone. The testing center I was at did not provide any food or beverages, nor did they offer any to me at anytime. Therefore, be sure you take some very quick snacks or drinks you can chow down in 10 minutes. In my case, I had some granola bars, and a warm coffee which seemed to keep me going during the half way point. By the end of the exam hopefully you pass, which means you can have a victory dinner afterwards.

Day of the Exam

Get some good rest the day before the exam. I found getting good sleep helped with keeping me alert and awake for the morning of the exam. I felt confident, fresh and was ready to go all in and see if all of that studying paid off.

Be sure you plan your trip accordingly so you have more than enough time to prep. I was at the test center about 40-45 minutes before the exam. There is a LONG process to enter you into the system, take a picture of you, sign documents, show your ID’s, have any material checked, place items in lockers.. etc.. etc.. You get the point! Don’t be late!

Also, double check your ID’s that you bring along with you and the name you have on your SANS account. Another fellow came in for a test, but his exam had his nickname, while his ID’s had his first given name. They had to ask him to leave, as he could not take the exam unless the names match exactly as the government approved ID’s you bring in with you.

Make sure before you leave your place that you have any and all material that you will be taking with you the the exam. This includes any SANS cheat sheets (TCP/IP headers guide), any books you think will help you out.

It’s Over Now!

The exam is over (hopefully you have passed) and can finally take it easy. The stress is over and the relief sinks in slowly. You’ve done all that you could do and you can look back at all the effort and time put in to learn a whole bunch of new material. From, what I have heard from other GIAC certified members is that the GSEC exam has the most content out of all of the certificates. GSEC covers A LOT! of material from different aspects of Information Security. Further certificates other than GSEC seem to be more concentrated on specific types of topics.

What’s Next?

As soon as I completed my GSEC exam, a week later I started a new SANS course SEC 542. I also plan on challenging the GWAPT exam after I complete this course. I believe with more companies going into the cloud, and seeing a huge influx of more web based applications. My personal belief is that Web Penetration testing is going to become very important in the next few years. So, I think this will be a great course to start off with and hopefully move into the Sec 642 Advanced Web Pentesting course.

I hope this guide is helpful to all future GIAC GSEC exam takers. Feel free to comment and post any other questions you may have regarding the training/exam. Wishing you all best of luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.