No More Tabs… My GIAC Certification Journey

GIAC certification

Back in November 2022, I sat through a SANS course, SEC505: Securing Windows and PowerShell Automation. The goal for this course was for me to get my first GIAC certification. This course came highly recommended to me from our CISO and being that it was based in PowerShell I was of course excited. SANS courses are expensive, no doubt; but if you get the chance to attend one, it will definitely be worth the money in my opinion. I was fortunate enough to have my company pay for my attendance, so that was definitely a factor for me. But the knowledge I walked away with was invaluable.

There are plenty of resources out there for studying, so this isn’t going to be a study guide. I’m also not a SANS expert having only taken this one course so far. I don’t plan on making any kind of blanket statements about SANS or the certification process. My goal here is to share my journey, what I found challenging, and what worked for me to reach the ultimate goal of GIAC Certification.

Table Of Contents

On-Demand Training
Books and Study Materials
Studying & Exam Preparation
Conclusion


On-Demand Training

When I was signing up for this training, it was difficult to decide between the live instructor training and the On-Demand training. My thoughts were that live training would provide opportunities for asking questions and getting immediate feedback. However, it was less flexible and would not have the ability to replay sections I was struggling with.

On-Demand training was the opposite; little to no feedback but the ability to watch sections several times was appealing. Ultimately, for me it came down to pricing; there were bigger discounts for the On-Demand training than for Live Online because of when I was booking, so I went with On-Demand.

I don’t regret that choice, and there were several sections that I did watch multiple times during my studying. However, I don’t know that it really was the difference maker. I’ll talk more about the books later, but they were far more valuable for long-term studying than rewatching the videos were (at least for me).

The best part about the On-Demand training is that I didn’t have to give up my Saturday to complete the training. Most SANS courses I’ve seen advertised are 6 days of class. On-Demand was no different. However, I managed to break Day 6 up across a few evenings the following week instead of missing Saturday. Since I had 4 months to consume the content, it wasn’t as stressful feeling like I needed to get it all done at once.

All in all, I would say that either option is probably fine for anyone. I might consider the live instructor next time to be able to ask questions or get feedback. The bulk of my studying was spent in the books, so I feel like the in-person feedback might’ve been worth not having the on-demand classes.


Books and Study Materials

brand new sans training books for GIAC certification
Shiny and New Books – Before the highlighters and tabs…

The first thing I have to say about the books is that they are FANTASTIC. Seriously, the quality and quantity of content in these books was incredible. These books now live in my office a work to serve as a reference for when I am trying to remember how something was done. These aren’t just study guides; they are step-by-step manuals for the best security practices available.

The community contributions as well as the foundational approach made sure that each section built upon things you already talked about and didn’t assume you already had the base knowledge. Even with the first day focus on PowerShell basics, it wasn’t redundant at all I learned some valuable tricks despite my entering the class feeling like a capable PowerShell scripter.

The books themselves were excellent quality. Thick sheets, well organized and easy to read. The cover was of a heavier make and held the book together nicely. There is a level of pride that comes through with the quality of the courseware, that I haven’t seen in any other course I’ve taken. These books arrived promptly and made the study process far more enjoyable than I expected. Bravo SANS team!


Studying & Exam Preparation

This was the most tedious part of the studying. If you’ve never taken a SANS course before (like I hadn’t) there are a few things, you should know. First, the course is going to be very technical. From the one course I took and talking to a few others, it is pretty clear to me that my experience wasn’t unique. These courses and exams are not meant to be a high-level overview of the topic. It’s nitty gritty details with specific information.

Second, it will help A LOT if you are getting some practical application with the stuff, you are taking the course for. For me, I’ve been pushing myself to learn more and more about PowerShell for a few years. That base knowledge made it much easier to learn the information in my class. The whole first day discusses PowerShell and would be enough to get someone who isn’t familiar ready for the class. However, using PowerShell nearly every day made it much easier for me to focus on the new information.

Finally, you have to read the books. Plain and simple, the books carry all the detail that you could want about most topics related to the course. At 33 hours, the On-Demand video training was still an incredible amount of content to consume. Even still, it was not nearly as deep as the books. Take the time and read the books.

Open Book Testing Policy

SANS has an open book testing policy, which I think is far more practical. This is practical for two reasons to me. First, you still have to have enough knowledge to know where to look. The time limits can be stressful, and there isn’t enough time to look up every question, unless you know where to look. Second, in the real world, research is critical for everyday tasks. Remembering enough to know how to find the answers is a far better day to day skill than memorization for a test.

GIAC certification study guides
Picture from when I finished book 5 of 6 during my study process

To prepare, I followed Hack4Pancakes methodology in preparing an Index. I started with the basic index that came in my book and made a copy in Excel. Then I read one of the books (6 in total), highlighting as I went. Then I went through the book again, adding tabs to make it easier to find pages during the test. My excel sheet became my custom index, color coded by book and tab. I repeated this process for each book, until I had a complete Index with tabs.

I recommend using these particular tab markers. These didn’t bleed and made it easy to write and read. I tried using plastic ones to start but ended up redoing three books when I found these.

index for my GIAC certification
Snip of the first section of the Index

I then made two copies of the index: one Numerical and one Alphabetical. This was because in some cases I could remember what book something was, and in other cases I could only remember what section it was called. Highly recommend this if you don’t mind having extra pages. Just go in with a plan for how you can navigate those books.

Finally, on test day be sure to have your two forms of ID and be prepared to explain where to find information about the Open Book policy. I personally didn’t have any issues with this, but I wanted to be prepared. The testing center I attended had the guidelines there and were prepared for me and my arm full of books.


Conclusion

In general, I loved this class. I wish the cost weren’t so high so that more people could attend. I know I would send several of my co-workers to this class. If you are someone who deals in PowerShell or Microsoft Security tools, this class is fantastic. So many aspects of this class are geared towards using built in tools and minimizing costs. The information was also very modern. Many items discussed in the class were things I was looking to implement but hadn’t gotten around to yet. the information is practical and valuable to any Windows Admin or Windows Security Admin. Overall, I highly recommend this class and would love to see more people attend it.

I know this isn’t super technical but I want to write more than that sometimes. If you enjoyed it, please let me know. Hit me up on Twitter @SeeSmittyIT to let me know what you thought of this post. Or if you are avoiding the bird site, I’m also posted up on Mastodon @[email protected]. Thanks for reading!

Smitty

Curtis Smith works in IT with a primary focus on Mobile Device Management, M365 Apps, and Azure AD. He has certifications from CompTIA and Microsoft, and writes as a hobby.

View all posts by Smitty →