I asked for some of the successful GIAC GSE candidates to talk about the experience. Don Murdoch was an early SANS adopter and has been a security practitioner for over 20 years. These are his thoughts.
As an information security professional, I’ve had several opportunities to take SANS courses, sit for GIAC exams, and apply the knowledge earned to better defend networks and respond to all manners of security incidents. I took the GSE exam in April of 2014, and wanted to share some reasons why I went the extra mile in order to help motivate others to complete the journey.
I have kept most of my GIAC certifications current, re-certifying in three cycles over years. The process started 2006, as I earned the GCIA in 2003. This process always benefited me, because I received a “knowledge domain update” every time I re-certified. I did the best to make the maximize the effort. For example, I local mentored several SANS courses, which is a great help because you work through the material while you coach others through it. Local mentoring was also very personally rewarding as I paid it forward, and I had real life experience to share with every group of students.
In early 2013, I faced the prospect of going through this process a fourth time, I did some serious thinking about which one of credentials I wanted to maintain, and which I would drop. After counting the cost of keeping these certifications current I weighted the individual certification prep time against preparing for the GSE itself. I decided that sitting for the GSE was a much better use of time. After all, I would need to go through about half of that material in greater depth to push my skill base a bit deeper in order to be ready for the exam, so sitting for the GSE maximized the commitment.
Further, the reward of earning most advanced credential in my field fully maximized the return on investment of the time commitment I would need to sit for the GSE. It certainly doesn’t hurt that GIAC keeps the individual credentials current when I passed the multi-choice test every four years.
When it came to preparing for the exam, GIAC has done a stellar job explaining what the objectives are, the topics covered, the prerequisite skills, and the exam process. There is nothing hidden, no secret sauce, or trick to pass – just make sure that you fully understand every test objective and can demonstrate the supporting skill and use the appropriate tool(s) to meet the objective. People with a few years of security engineering and incident response experience, when coupled with the prerequisite course material, have a very good chance to pass if they follow this advice. I would highly encourage anyone who has work experience and has applied the three prerequisite courses in the workplace for a few years to sit for the exam. A few books were very helpful. For example, Davidoff’s and Ham’s “Network Forensics” book was a real treasure, as well as a few of the Kali pen testing books published by Packt.
Stephen Northcutt is Director for Academic Advising at SANS.EDU and chair for SANS Rocky Mountain 2017.