A colleague sent me this study plan, and I was so excited to dive in!
Here’s Katie’s intro to her plan:
There are many ways to learn. While some people prefer to have a live instructor in a course, others are great at doing self-study. I teach SANS FOR578: Cyber Threat Intelligence, which is a great course if you want to learn about cyber threat intelligence (CTI), but I realize not everyone can afford it.
Here’s the good news: if you are committed, you can learn a lot of the same concepts that paid courses teach, but on your own. It won’t be the same, but you can still learn a ton if this learning style works for you. I wanted to share a self-study plan to help out anyone who wants to take the initiative to learn about CTI. There are lots of great resources out there, but I realize as you’re starting out that someone saying “go look at all the things!” isn’t that helpful because you’re not sure where to look. My goal is to bring together free resources I’d recommend studying and provide a minimal framework and question to help tackle them.
optional paid resources that can supplement the free learning that just took place!
This plan is very thorough and will take quite a while! My plan is to take it step-by-step and work my way through from beginning to end. I created a study notebook, and it’s already filling up with the nuggets I’m learning.
I considered publishing my study notebook here, either as I go through each resource or at the end, but quickly thought better of it. There’s a lot of value in going through the resources and I don’t want to take that opportunity away from anyone! I will, however, post updates on how my study is going and post any extra helpful nuggets I learn along the way.
Today I started reading Psychology of Intelligence Analysis by Richards Heuer, and it’s fascinating!
If you’re interested in Cyber Threat Intelligence, this study plan is a great resource that I’d definitely recommend!
“Easy!” you may think. Nope, not easy! There are two factors at play here. One is time, and the other is the amount of content covered. The GSEC exam is 180 questions with a 5 hour time limit. That’s roughly a minute and a half per question. After reading the question and answer choices, that doesn’t leave a lot of time to choose or find your answer! There is so much content in the books that finding the answers in the books is not easy. This is where a good index comes in! But if you look up every question, you will run out of time, so you really do have to know the information well even though it’s open book.
The GSEC just got a facelift, and I think I was part of the last group that had the old version of this exam.
The books I have are dated 2020. If your books are dated after 2020 then you probably have the newer version of the exam, in which case your prep might be a little different. That said, I think I would have prepared pretty much the same way for the updated exam. The main difference I’ve heard is there may be some hands on (performance-based) questions on the new exam while the one I took was all multiple-choice.
There are already so many great posts out there describing how to create an index and prepare for the exam. Here are a couple of my favorites:
Have I mentioned the family motto of the family I grew up in? My brother-in-law pointed it out and it is so true it’s scary. “If it’s worth doing, it’s worth overdoing.” To which my mom replied, “If it’s worth doing, it’s worth doing right.” Haha so my family tends to go a little over the top! That may or may not apply to my index…
After I finished the week-long SANS SEC401 course, it was time to study. I started by reading all of the books cover to cover, with an excel spreadsheet open as I went that would eventually become my index.
Index Creation
The excel file for my index started out very simple. Three columns:
Book.Page – I chose to have this info in one column, but you could easily do a column for the book and a column for the page.
Term/Keyword/Command – This is where I may have gone a little overkill (see family motto above!). Instead of one entry for each topic, I thought of all the ways I might want to look it up and made a separate entry for each. Since I knew I’d be sorting the index alphabetically, I wanted as many options as possible to find the details I was looking for.
For example, under Threat Agent they talked about Nation State Actors, so I added one entry for “Threat Agent – Nation State Actor” and another entry for “Nation State Actor (type of Threat Agent).” You get the idea. There were a few things I had more than two entries, when I saw more than two ways I might be looking for the same content. It didn’t take much extra time, as I copied and pasted the page and description, and I felt like it was useful come exam time.
Description – some people leave this out, but I wanted details in the index so in this column I added the related definition or description.
Book Prep
When I started each book, I prepped the book first:
Since the books all look so similar, I used a sharpie to write the book number on the front cover, and that ended up really helping as I was moving from book to book during the exam.
I flipped through the book and made a Table of Contents (TOC), noting each section and the page number it started on. I don’t know why these books don’t already have a TOC, but that stuck out to me during the course so I knew I wanted one to reference. In the end, I printed the TOC and appended it to the back of my Index. Here’s an example of what my TOC looked like:
I also wrote the Modules and their starting page number on a sticky note to put on the front of the book as a quick reference.
Finally, I used little post-it tabs and an extra-fine point sharpie to create tabs for each module in the index.
I marked each Lab’s start page in the Workbook with a sticky note as well!
So Much Reading
Then I started reading. As I read, I highlighted important terms or definitions/concepts on the pages and added any terms or info I felt might be notable to my index.
Example of index entries:
As I mentioned above, I duplicated entries with every different way I thought of that I might want to look up each topic. I also put everything that seemed notable in the index, so it ended up being so long! More on that later…
As I went through each book, every time I came to a lab I went to the lab workbook and worked through that lab. I also highlighted and indexed the lab workbook, and I’m glad I did because I definitely used it during the exam!
It took me about the equivalent of a full day to work through each book—a little more for the longer books. The instructor suggested one week for each book after the course, then another week for practice exams, and I think that was great advice on the timing.
Index
Once I’d gone through all the books, it was time to format my index.
First I ran a spell check—lots of typos when I was typing quickly! Then I alphabetized by topic and added a row before each new letter to mark the transition.
Then I did a print preview and it was SO many pages! I didn’t want to pay too much for the printing, so I adjusted the font size etc until I felt like it was manageable for my eyes but also made the most of each page.
I also printed out the SANS cheat-sheets that were included in the course, as well as all the book TOCs, to add to the back of the Index.
Pretty much all of the posts I read about creating a SANS index recommended using the index for a practice test before finalizing it, so I printed my Index to PDF so I could use it for a practice exam.
Practice Exams
I felt like the practice exams were so helpful in preparing for the actual exam!
Since it’s a long exam, make sure to block out the full 5 hours for the practice exam. I would recommend replicating the exam environment as much as possible. There are 15 minutes of break time built in to the exam, so you can use the restroom or grab a drink of water, but you do have to finish any questions you skipped before you can start the break. If you skip quite a few questions to come back to later, keep that extra time in mind as you plan your breaks!
I kept a little notepad nearby as I took the practice exams, and made a note of two things.
How many questions I looked up—I just made a tic mark for each question I looked up, and at the end I could assess what ratio of the questions I looked up vs just answering on my own. I thought knowing this in relation to how long it took me to take the practice exam would help me with timing on the actual exam.
Any topics I didn’t feel confident in—I made a note of the topic of each question I had to look up, and any question I answered on my own that I wasn’t 100% sure I had the right answer.
After the practice exam, I used this info to review the material and revise my index.
At this point, you have a choice. Take the second practice test, or go straight for the actual exam. My goal was to score over a 90% on the exam, so I opted to use the second practice test. (If you don’t use it, please consider gifting it to someone who is prepping for the same exam!)
Final Index (aka Your SANS Masterpiece)
After the second practice exam, I finalized and printed my Index. I printed mine on my home printer then assembled it as follows:
A simple cover page
Printed Index (this ended up being 80 pages, and I printed it front and back so it used 40 pieces of paper)
SANS handouts from the course as well as a few other relevant SANS cheatsheets I found on their web site
The course book TOCs that I made
Once it was assembled, I took it to Office Depot and paid about $5 to have it spiral bound with a clear cover. Then I used more post-it tabs to mark where each letter of the alphabet started, and the handouts and TOCs. Isn’t it beautiful?!
I may be a little biased because of all the time and brainpower that went into its creation! 😉
The Exam
My SANS class was in May. I originally scheduled my exam for the first week of July, but when I only had a week until the exam I pushed it back one more week because I wanted a little more time. I was so nervous that my prep wouldn’t be good enough!
I ended up taking it the second week of July, and the day before my family left on a 3-week road trip across the country. (100% would not recommend, packing last minute to drive from Texas to California with stops in Utah, Washington state, and Oregon was a tiny bit stressful! Did I mention I have 6 kids? I’m sure I could create a whole nother post with details on the logistics of road trip prep if this were a different kind of blog!)
Anyway, the testing center was great and it went as smoothly as it could be. I did take almost the full 5 hours, and ended up looking up about 1/3 of the answers, but I scored a 94% and couldn’t be happier with that outcome!
I was really glad I had such a thorough index, and I feel like the detail I put into it helped really internalize the concepts in the course—which is the point of the whole exercise, right? I ended up referencing some part of everything I included in my index—the SANS handouts, info I’d indexed from the labs, etc—during the exam.
Have you taken a GIAC exam? What would you recommend or not recommend from your prep experiences?
I feel a little weird about it because these classes are not cheap, but hear me out.
I’ve been a SAHM (read: six kids and all the craziness that comes with running that crew) for more years than I like to admit. I mean, yes I’ve done a lot of things outside of that role over the years (volunteering with the HOA, the PTA, and BSA… and playing a major support role to the therapy practice my husband owns), and yes, I love my family and have worked hard to create a good life for my kids. But I realized recently that I want more to fill my desire to learn and connect and serve outside of just my family.
So I felt like it would be a logical next step to get a Master’s degree, since I already have a bachelor’s degree but it’s not in a field I want to pursue. Then as I explored options (statistics? data science? software engineering?) I learned about cybersecurity as a field and immediately knew: that’s what I want to do. But as I did my research, I was recommended to wait on a master’s degree for various reasons, and to pursue certifications instead. I’m sure either path would be fine, but certifications cost significantly less than a MS.
Lots of self-study for the CompTIA certs was great, and those certs were relatively inexpensive, but I wanted some kind of class. Something with people. Interaction. Enter SANS. Lots of content, a teacher, interaction, labs, and certification at the end. I decided to make the investment and feel that to me it was worth it.
I took SANS SEC401 (Security Essentials). I had really hoped to attend in person, but alas covid, so live online is what I got. They did a great job with the delivery, but I did miss the networking and comradery that could have been better in person.
The course materials arrived about a week before the class, and those books were a little intimidating! Six course books and a lab book, each about 300 pages long. I also downloaded the course content a few days before the class, which I’d definitely recommend since it takes a while to download even on a strong connection.
the short stack
Most people could probably have a great experience with this class at home, but as I was thinking through how that would go for me (the class was in a time zone two hours behind ours, and my house and kids tend to get very loud in the evening hours…) I decided that with as much as I was investing financially in the class, it would be better for me to find a way to make sure I could focus without distraction and without my normal day-to-day distractions (read: children, dinner, cleaning, work), so I flew to my parents’ empty house in San Francisco (they were taking their first post-covid trip) and it was the perfect venue for the class!
Now for my setup for the class. With live online, there’s a GoToMeeting for the class video, Slack for discussion, and VMs for the labs.
I used two computers: my MacBook for taking notes (I used Pages, then copied my notes into OneNote when I was finished so I’d have a backup), and my Windows laptop for the GoToMeeting, Slack, and the VMs. (I also had OneNote open on the Windows machine… when I occasionally took a screenshot I just dropped it into OneNote so it would be easy to add it to my notes on the MacBook.) I also pulled up the pdf course books on the MacBook, but found it was simpler to use the paper books.
My dad had this table set up for working from home, and it worked great as a home base for me as well.
The class itself was intense. 9am – 6pm for 6 days, with a 5 minute break every hour and a 45 minute break for lunch. Add a few more hours if you do the NetWars along with the class (for this one it was Thursday and Friday evening)–which I’d definitely recommend. I also learned that in 5 minutes you can’t do nearly as much as you might think!
The course content was great, which you can read about on the SANS website. I did put all the content from the course on a flash drive–including the digital course books, VMs, audio files, and my notes–so I can keep it as an archive in case I want to reference something from it after the download access expires.
Things that helped me throughout the week: drinking lots of water, some Dr Pepper for the afternoon lull (I know, so healthy); DoorDash (I think I used them twice, one on a NetWars day when I didn’t want to take a break to make something to eat for dinner); pre-prepared meals and snacks (thanks, Costco); and fresh air (seriously, take a walk at some point every day to clear your head).
I guess my big takeaway is this: if you can afford it, a SANS class is a great way to learn a lot of content in a short amount of time. If you can’t afford it, I’m sure you could get a lot of the information through free or inexpensive resources. The difference is the large amount of reliable information delivered in a neat little package. If you can get your employer to pay for SANS training, even better!
Now I’m ready to go through the course material again as I build an index to prepare for the GSEC Exam. But the exam prep deserves its own post!
I passed the Security+ exam yesterday! My hard goal was to finish before the SY0-501 exam version is retired this summer, but secretly I hoped to finish in March or April. Well, life got in the way of my March or April dreams, but I met my true goal so I’m definitely happy about it.
The resource that helped me the most was CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson. For A+ and Network+ I used the books as a resource to clarify concepts I didn’t feel like I understood fully from the videos, but when I started with the videos for Security+ I felt like I wanted a little more meat. So I picked up the book and started reading, which turned out to be a great choice. My strategy was to read each chapter, taking care to make sure I understood the concepts, highlight the main points in the chapter summary, then go through the practice questions at the end of each chapter. If there were questions I got wrong, I would figure out the correct answer and make sure I understood before moving on.
Once I finished the book I took the practice exams that came with the book, along with Professor Messer’s practice exam book, making sure to review each question that I missed to understand the concepts in them.
Last but not least, a review of the CompTIA exam objectives – this is a must for any CompTIA exam, they’re so detailed! I like to go through and check off each concept I feel comfortable with in green, marking in orange each concept I think would be helpful to review, and marking in red the things I really just didn’t know. (Markup on the iPad is great for this.) Then I reviewed all the orange and red concepts before the exam.
Honestly, it didn’t feel as difficult as I expected. I did have six performance-based questions, which surprised me because usually there are no more than five, so I got a little nervous when I clicked next after the fifth one and the next question wasn’t multiple choice. As I moved through the multiple choice questions I thought, I think I’m getting these answers, but maybe they’re trick questions? But finally I got to the end and was pleased with my score. (Yes, I know a pass is a pass but I’m an overachiever so I still like to see how high of a score I can get.)
The In-N-Out by the testing center has become my go-to celebratory post-exam lunch!
Time to complete the trifecta! I started studying for this one as soon as the holidays were over, and I’m excited to really dig in. Here’s are the resources I’m planning on using:
Professor Messer and Jason Dion both have great material, and in my opinion they complement each other well. I like the depth that Professor Messer goes into, and how closely his videos follow the course objectives. And I like how simply Jason Dion explains the concepts. My strategy for this one will be to listen to the Udemy videos in the car or other times when I want something to listen to, and watch Professor Messer’s videos at the computer while taking notes (because I’m very much a visual learner and taking notes helps my comprehension a ton).
I wanted to finish by the end of the year, and when December came I realized I would need to take the exam before the kids finished school–because once they’re home all day every day, and with my husband planning on being home most of the days during the break as well, I want to be able to be present for the festivities! So I scheduled the exam for the day before their last day of school.
Then life got unpredictable, of course, and I ended up having way more work to do for my husband’s business (I’m his admin and tech support for all the business things). Test week crept up on me and I didn’t feel ready! So I added Jason Dion’s Udemy course and extra practice exams (The courses were on sale for $10 each and for me it was so worth it!) to my list of resources, doubled down on all the practice tests–going through them afterwards to see what I missed, which helped me learn a ton–and went through the exam objectives to make a good list of the things I was weak on.
I was kind of surprised how helpful it was to read the sections in the textbook on the things I struggled with. Subnetting was hard to really get down with the videos, but going through that chapter in the book brought it home for me! I was still consistently failing the practice tests the first time through, so on test day I was super nervous.
But guys, as I went through the test I was surprised at how many answers I just knew. And a few I worked through carefully, and one or two I ended up guessing. And it felt so good to get the Congratulations message!
Then I celebrated with some In-N-Out on the way to get the kids from school. ‘Cause what’s an achievement without a little celebration after?!
Getting ready for the Network+ exam next! I have to say, I’m glad that I started with A+. I feel like it was broad and foundational, making it easier to jump in to the more specialized network topics.
I’m fascinated by the idea of Virtual Machines in the cloud.
Amazon Web Services has a free training course for their entry level cert, so that’s on my list for sure! I’ve gone through the first module already and have played around with an EC2 instance (linux!) and it’s pretty cool. But there’s so much I don’t know about how it works and all the things you can do with it!
Professor Messer’s Study Groups – I listened to the podcast while driving across the country, but these would be pretty cool live!
I really liked Professor Messer’s practice exams book. His questions were the most like the ones I found on the actual exams than most of the other practice questions I used.
I started studying in March of 2020, and had some good momentum before all of the COVID craziness hit. My study time slowed down a bit because I was busy with so many other things (mom of 6 here, thank you very much… online learning is not my friend). I was ready to take the Core 1 exam by June and the Core 2 exam in July, and managed to pass each on the first try!
I really liked the material in this exam. I think if you’re new to tech, it’s a great foundational cert. I had a few people recommend starting here, and a few people say they thought it wasn’t worth it and they’d recommend skipping it. I’m really glad I started with this one instead of skipping it, and here’s why:
I kind of have a tech background… I mean, I started using computers when I was a kid (and I was a kid in the 80’s–yes, I’m dating myself here–so computers weren’t even really mainstream yet!) and I think I was about 6 when I wrote my first computer program: I thought I was hot stuff because I made an ASCII spaceship launch on the screen! When I was in my late teens I decided it would be cheaper to build a computer instead of buy one, so I bought the parts and used the instruction manuals as a guide (the internet was pretty new at the time so there weren’t a ton of online resources at the time). But then I took a few computer science classes in college and quickly realized programming–like full-on software development–was not for me, so I changed my major to math and loved that. (Full-on geek here, and proud of it!) I think if there were other tech majors besides computer science and engineering at the time I might have landed there, but alas. In the end, I graduated with a non-tech degree because, well, it’s a long story, but basically it was a time thing.
But the thing is, even though I’ve dabbled in tech over the years since then, there was still so much on the A+ exam that was either new to me or long-forgotten that is really foundational. Whatever job I end up with, I don’t want to be caught without basic foundational computer knowledge and I think the A+ prep helped me get to a position where hopefully that won’t be an issue.
I guess that was the long route to say, if you’re not sure about the A+ just go for it!
The following courses on LinkedIn Learning were awesome! Check your local library for access to LinkedIn Learning courses, it’s a great way to get amazing content for free!
Wireshark: Functionality by Lisa Bock – This one went into more detail about what you can do in Wireshark and how to get the most out of its functionality!
I’ve learned that there’s a lot of detail in each packet, and a tool like Wireshark can help unlock the magic! If you haven’t tried it out, I’d definitely recommend it.
