SANS GCIH –Log 1

Posted on by DruidSecurity

A few weeks ago I participated in the SANS GCIH course at SANS Charlotte ’19. It was led by the talented Jonathan Ham (@jhamcorp), best known for LITERALLY writing the book on network forensics. SANS once again put on one of the best training courses I have ever had the pleasure of attending.

This week long training is packed with information starting from the very basics, all the way up to actually popping boxes (though the methods are pretty elementary compared to some of the genius attacks out there (still, if it ain’t broke…)). However, the SANS fire hose is real, and by day 3 I was literally drowning in information and just trying to keep up with the amount of stuff we were covering. It never helps that mid afternoon is a carb fest from the hotel which immediately turns nap mode on, but doughnuts are so worth it.

However, one of the most challenging parts of the course has come AFTER the course finished. When you pair the GCIH certification and training together, you don’t actually get the certification directly after the training (I don’t know if this applies if you purchase them separately). I see the need for this though, this way you can’t use the training as nothing more than a brain dump.

Instead, I received the practice exams and cert scheduling offer about a week after I finished the course. This aligned exactly with jham’s advice regarding studying up and prepping for the actual exam. Which, I recommend taking a look at if you need some tips yourself.

So, now the really hard part has begun. I am not a studier. I never have been. I generally can go through a course or lesson and remember what I need to pass an exam fairly easily. Even just working material provides me with the knowledge I need to move forward. However, with SANS there is a caveat; if you score an 85% or above you get invited to SANS instructor training. I want that invite.

Now I am trying to juggle my normal life, with adding in around an hour of study time each evening. Which is not easy, and is very tiring, but hopefully will be worth it in the end. After two days I am midway done making my index for the second book, but have skipped the note card recommendation. I have never been able to make use of flash cards, and I doubt this will change with this exam.

Other helpful resources:

Advertisement