Book/Course Reviews

Course Review: SANS SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH)

No Comments

With one SANS course and certification under my belt, I had a better idea of what to expect and I changed my study strategy accordingly (see below). Also, this is second course in the SANS Security Engineering Master Program.

Material

I opted to go with the OnDemand option, which came with the following:

  • Official courseware books (sent via USPS)
  • 20+ hours of video training
  • Labs Two practice exams

There are six books, one book for each day of their in-person training.

  • 1: Incident Handling Step-by-Step and Computer Crime Investigation
  • 2: Computer and Network Hacker Exploits – Part 1
  • 3: Computer and Network Hacker Exploits – Part 2
  • 4: Computer and Network Hacker Exploits – Part 3
  • 5: Computer and Network Hacker Exploits – Part 4
  • 6: Hacker Tools Workshop (Lab)

The first book is all about incident response which I found interesting because I haven’t dealt with IR in my career. Books 2-5 are all about attacks and how the IR phases deal with them. Book 6 is one big lab and very interesting, especially if you’re new to the topics.

Studying Strategy

  • Step 1: Watched the videos at 1.25x speed, this took about a week.
  • Step 2: Read through the entire set of books with no note taking or highlighting. This step is solely for reviewing the material and not getting caught up in wanting to take notes.
  • Step 3: Go through the books for a second time but this time I will highlight topics I am not grasping fully and/or topics I feel like will definitely be asked on the exam.
  • Step 4: This will be the third and final time going through the books. I will focus more on what I highlighted rather than actually reading every word. I will only write down topics I am having trouble remembering, my goal is to keep my notes as small as possible.
  • Step 5: Edit SANS index at the back of book 5 (see below).
  • Step 6: Take practice exams (see below).

Index

With this being my second SANS course and certification, I believe this is the area I improved the most. For the first course, I relied more on SANS index and barely made any edits. This led to one major problem…when a topic had multiple pages listed, I didn’t know which page to look at, so I would sometimes waste 2-5 minutes going through 5-10 pages looking for the answer. This time around, I would highlight the page that was the most important on the index. This little change took my testing time from almost 4 hours with the GSEC to 2.5 hours with the GCIH.

Practice Exams

Just like the GSEC practice exams, I scored in the high 80’s and the real exam was very similar to the practice exams. Once again, my only complaint is that we are not able to review the practice exam questions after submitting the exam. I would like to have time to review the questions I got wrong and why…I shouldn’t have to feel rushed to write down what I got wrong and why.

Exam

The exam was fair, and the courseware prepares you well for the exam. I passed with a 89% and found the exam easier than the GSEC.

Labs

I’ll be honest and admit I did not attempt any of the labs for this course.

Thoughts

A few years back I was into ethical hacking, so I feel like I had advantage going into this class and that’s a major reason why I found this certification easier than the GSEC. It’s a fun course and I would recommend it to anyone who wants to get into incident response and/or ethical hacking.

Book/Course Reviews

Course Review: SANS SEC401 Security Essential (GSEC)

No Comments

The first course for the SANS Master of Science in Information Security Engineering program is SEC401 Security Essentials. I have read so many great things about SANS material and how their certification exams are open book, so I was very excited to get started and see what all the fuss was a about.

Material

I opted to go with the OnDemand option, which came with the following:

  • Official courseware books (sent via USPS)
  • 25+ hours of video training
  • Labs
  • Two practice exams

There are six books, one book for each day of their in-person training.

  • 1: Network Security Essentials
  • 2: Defense-In-Depth and Attacks
  • 3: Threat Management
  • 4: Crypto, Risk Management and Response
  • 5: Windows Security
  • 6: Linux Security

Studying Strategy

I pick up material faster by reviewing new topics via video. Once I comprehend the basics, I can pick up material faster through books. I knocked out the 25+ hours of video within the first week (tip: play the video at x1.25 or x1.50 to save you some time). A goal of mine was to study at least 3 hours a day.

Once the videos were done, I moved onto the courseware books. I decided to go with a new approach which included going through the material three times. My first run through of the books was solely reading with no note taking. From my past experiences, when I would take notes right away, I found myself taking forever to get through the material because I wanted to write down everything. During my second run through, I only highlighted information I found hard to grasp or topics I thought would for sure be on the test. Finally, with the third run through, I didn’t necessarily read every word, but I reviewed what I highlighted and decided if it was worth writing down.

Index

The famous SANS index! This idea of an open book certification test is brand new to me but also super intriguing. It’s especially intriguing because with the exams being open book, they are still highly regarded in the information security arena.

What I liked was that SANS provides an index in the back of book 6 so you don’t need to start from scratch. What I decided to do was take the first practice exam with the index SANS provided and tune-it, depending on how I did. I received an 87% on my practice exam, which was good but I was spending too much time looking up topics, so I decided to add to the index.

Practice Exams

The practice exams are of high quality and are similar to the real test, but you won’t see any duplicate questions. If you are scoring in the 80’s on your practice exams, I believe you are definitely ready to take the real thing. One thing I did not like about the practice exams, is that once it was over, you are not able to review the test…you will need to write down what you got wrong while taking the test. It would be more useful if the students could review the questions after the practice exam was over, so we don’t feel rushed trying to write down why we got the questions wrong but still trying to take the test.

Exam

Like I mentioned in the last section, the practice exams are very similar to the real test, so you should not be caught off guard in any way. I passed the exam with an 87%.

Thoughts

If you are new to security, then I would definitely recommend this course if your company is going to foot the bill. If you are paying out of pocket, I would suggest self-studying for CompTIA’s Security+.

Besides the amount of the information in the courseware, I found the real-life experiences and stories from the instructor to be super valuable and interesting. It’s one thing to read the material and understand the topics, but it’s another to have an information security expert tell you stories that involve what you’re learning…it really drives home the point.