Passed the GIAC GCIH Certification Exam Today

Today I passed the GIAC Certified Incident Handler (GCIH) exam. I previously reviewed the SANS Course, SEC504, which is the prep class for this exam.

In my previous career I was an attorney. After switching into IT, I took several certifications including COMPTIA's A+, Network+, and Linux+, along with getting my MCSE in Windows NT4 (yeah, I'm old). The GCIH exam was the most difficult test I've taken since the Pennsylvania Bar Exam.

The test consists of 106 multiple choice questions, about 10 or 11 of which require the use of a "CyberLive" virtual machine to perform a task. The test is open book with a minimum passing score of 70%, and there's a four hour time limit. I used up about 3 hours, with one very brief bathroom break.

If you search online for tips on passing GIAC exams, the one common theme is that you need to prepare a really good index of the course materials. SANS actually includes a course material index in their downloadable materials but you want to create your own, because the primary value of the index is the absorbtion of knowledge you get while creating it.

The way I built my index was as follows:

1. Created a MS Excel spreadsheet with one tab for each of the five course books, plus a "Combined" tab.
2. I then went through each book and indexed concepts and terms.
3. Next, I assigned a different color to each book.
4. Copied the contents of each book's tab over to the Combined tab.
5. Used the Excel Sort function to sort the entries alphabetically.
6. Copied this sorted table into MS Word and printed it.
7. I put the printed index along with a bunch of cheat sheets into a 1/2" 3-ring binder.

I also used color-coded Post-It notes to make tabs for key sections in each book. The colors of the Post-Its matched the colors in my index. So, for example if I looked in the index for a term and it was color-coded yellow, I knew immediately to grab the book with yellow Post-Its sticking out.

Overall, I think I reviewed the SEC504 books three times, and did the labs at least twice each.  Another thing I did was sign up for a TryHackMe.com account and worked through some exercises relating to topics that the GIAC practice tests showed needed more attention from me, especially Metasploit and SQL injection. 

I'm currently working my way through TryHackMe's Junior Penetration Tester learning path, but that'll be the subject for another post.