image showing course workbooks with index tabs

GSEC Exam Prep

Courses, Current Projects, Learning Path

A few notes before I get started:

  • GIAC Exams are open book.
    • “Easy!” you may think. Nope, not easy! There are two factors at play here. One is time, and the other is the amount of content covered. The GSEC exam is 180 questions with a 5 hour time limit. That’s roughly a minute and a half per question. After reading the question and answer choices, that doesn’t leave a lot of time to choose or find your answer! There is so much content in the books that finding the answers in the books is not easy. This is where a good index comes in! But if you look up every question, you will run out of time, so you really do have to know the information well even though it’s open book.
  • The GSEC just got a facelift, and I think I was part of the last group that had the old version of this exam.
    • The books I have are dated 2020. If your books are dated after 2020 then you probably have the newer version of the exam, in which case your prep might be a little different. That said, I think I would have prepared pretty much the same way for the updated exam. The main difference I’ve heard is there may be some hands on (performance-based) questions on the new exam while the one I took was all multiple-choice.
  • There are already so many great posts out there describing how to create an index and prepare for the exam. Here are a couple of my favorites:

OK, now on to how I prepared!

Have I mentioned the family motto of the family I grew up in? My brother-in-law pointed it out and it is so true it’s scary. “If it’s worth doing, it’s worth overdoing.” To which my mom replied, “If it’s worth doing, it’s worth doing right.” Haha so my family tends to go a little over the top! That may or may not apply to my index…

After I finished the week-long SANS SEC401 course, it was time to study. I started by reading all of the books cover to cover, with an excel spreadsheet open as I went that would eventually become my index.

Index Creation

The excel file for my index started out very simple. Three columns:

  • Book.Page – I chose to have this info in one column, but you could easily do a column for the book and a column for the page.
  • Term/Keyword/Command – This is where I may have gone a little overkill (see family motto above!). Instead of one entry for each topic, I thought of all the ways I might want to look it up and made a separate entry for each. Since I knew I’d be sorting the index alphabetically, I wanted as many options as possible to find the details I was looking for.
    • For example, under Threat Agent they talked about Nation State Actors, so I added one entry for “Threat Agent – Nation State Actor” and another entry for “Nation State Actor (type of Threat Agent).” You get the idea. There were a few things I had more than two entries, when I saw more than two ways I might be looking for the same content. It didn’t take much extra time, as I copied and pasted the page and description, and I felt like it was useful come exam time.
  • Description – some people leave this out, but I wanted details in the index so in this column I added the related definition or description.

Book Prep

When I started each book, I prepped the book first:

  • Since the books all look so similar, I used a sharpie to write the book number on the front cover, and that ended up really helping as I was moving from book to book during the exam.
  • I flipped through the book and made a Table of Contents (TOC), noting each section and the page number it started on. I don’t know why these books don’t already have a TOC, but that stuck out to me during the course so I knew I wanted one to reference. In the end, I printed the TOC and appended it to the back of my Index. Here’s an example of what my TOC looked like:
Image is the first part of a Workbook Table of Contents, listing out each Module and its Objectives with their respective page numbers
  • I also wrote the Modules and their starting page number on a sticky note to put on the front of the book as a quick reference.
  • Finally, I used little post-it tabs and an extra-fine point sharpie to create tabs for each module in the index.
Image is a photo of post-it tabs marking the sections of the SANS books
  • I marked each Lab’s start page in the Workbook with a sticky note as well!
Image is a photo of the lab workbook with sticky note contents on the front and post-it tabs marking the page of each lab.

So Much Reading

Then I started reading. As I read, I highlighted important terms or definitions/concepts on the pages and added any terms or info I felt might be notable to my index.

Example of index entries:

As I mentioned above, I duplicated entries with every different way I thought of that I might want to look up each topic. I also put everything that seemed notable in the index, so it ended up being so long! More on that later…

As I went through each book, every time I came to a lab I went to the lab workbook and worked through that lab. I also highlighted and indexed the lab workbook, and I’m glad I did because I definitely used it during the exam!

It took me about the equivalent of a full day to work through each book—a little more for the longer books. The instructor suggested one week for each book after the course, then another week for practice exams, and I think that was great advice on the timing.

Index

Once I’d gone through all the books, it was time to format my index.

First I ran a spell check—lots of typos when I was typing quickly! Then I alphabetized by topic and added a row before each new letter to mark the transition.

Then I did a print preview and it was SO many pages! I didn’t want to pay too much for the printing, so I adjusted the font size etc until I felt like it was manageable for my eyes but also made the most of each page.

Image is a section of one page with a small font and an alphabet heading for the letter A.

I also printed out the SANS cheat-sheets that were included in the course, as well as all the book TOCs, to add to the back of the Index.

Pretty much all of the posts I read about creating a SANS index recommended using the index for a practice test before finalizing it, so I printed my Index to PDF so I could use it for a practice exam.

Practice Exams

I felt like the practice exams were so helpful in preparing for the actual exam!

Since it’s a long exam, make sure to block out the full 5 hours for the practice exam. I would recommend replicating the exam environment as much as possible. There are 15 minutes of break time built in to the exam, so you can use the restroom or grab a drink of water, but you do have to finish any questions you skipped before you can start the break. If you skip quite a few questions to come back to later, keep that extra time in mind as you plan your breaks!

I kept a little notepad nearby as I took the practice exams, and made a note of two things.

  • How many questions I looked up—I just made a tic mark for each question I looked up, and at the end I could assess what ratio of the questions I looked up vs just answering on my own. I thought knowing this in relation to how long it took me to take the practice exam would help me with timing on the actual exam.
  • Any topics I didn’t feel confident in—I made a note of the topic of each question I had to look up, and any question I answered on my own that I wasn’t 100% sure I had the right answer.

After the practice exam, I used this info to review the material and revise my index.

At this point, you have a choice. Take the second practice test, or go straight for the actual exam. My goal was to score over a 90% on the exam, so I opted to use the second practice test. (If you don’t use it, please consider gifting it to someone who is prepping for the same exam!)

Final Index (aka Your SANS Masterpiece)

After the second practice exam, I finalized and printed my Index. I printed mine on my home printer then assembled it as follows:

  • A simple cover page
  • Printed Index (this ended up being 80 pages, and I printed it front and back so it used 40 pieces of paper)
  • SANS handouts from the course as well as a few other relevant SANS cheatsheets I found on their web site
  • The course book TOCs that I made

Once it was assembled, I took it to Office Depot and paid about $5 to have it spiral bound with a clear cover. Then I used more post-it tabs to mark where each letter of the alphabet started, and the handouts and TOCs. Isn’t it beautiful?!

I may be a little biased because of all the time and brainpower that went into its creation! 😉

The Exam

My SANS class was in May. I originally scheduled my exam for the first week of July, but when I only had a week until the exam I pushed it back one more week because I wanted a little more time. I was so nervous that my prep wouldn’t be good enough!

I ended up taking it the second week of July, and the day before my family left on a 3-week road trip across the country. (100% would not recommend, packing last minute to drive from Texas to California with stops in Utah, Washington state, and Oregon was a tiny bit stressful! Did I mention I have 6 kids? I’m sure I could create a whole nother post with details on the logistics of road trip prep if this were a different kind of blog!)

Anyway, the testing center was great and it went as smoothly as it could be. I did take almost the full 5 hours, and ended up looking up about 1/3 of the answers, but I scored a 94% and couldn’t be happier with that outcome!

I was really glad I had such a thorough index, and I feel like the detail I put into it helped really internalize the concepts in the course—which is the point of the whole exercise, right? I ended up referencing some part of everything I included in my index—the SANS handouts, info I’d indexed from the labs, etc—during the exam.

Have you taken a GIAC exam? What would you recommend or not recommend from your prep experiences?

Leave a Reply

Your email address will not be published. Required fields are marked *