As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification. I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for GIAC certification exams.
1. Don’t put off studying. SANS classes are intense experiences and you may feel worn out after a long week of technical material has been thrown at you. But if you’re serious about passing the GIAC exam, don’t wait too long after class is over to start studying. This will keep the material fresh and allow you to recall information quicker.
2. Build an index of the course material. GIAC exams are all open book and open note — sounds easy, right? False. The SANS books are thick and highly detailed. In order for the books and notes to be useful, you need to create an index that allows you to quickly find what you’re looking for. You’ll obviously still need a good understanding of the material, but the index will help you quickly research trickier questions. Building the index will also help you review the material since you’ll need to go through each page to determine keywords and concepts. I usually take a highlighter and highlight key points on each page. You can follow my guide on how to create a good index. Finally, remember to print out the index since you can’t bring any electronics with you to the exam.
3. Set aside about two months to study and prepare. We’re all busy people, and depending on your situation, you may need more time. In my experience, two months allows you to review one book a week (taking notes and building an index) and then take the practice exams.
4. Take the practice exams. You get two practice exams and they tend to be accurate representations of the type of questions you should expect on the real exam. You should have a “draft index” built by the time you take your first practice exam. Treat the experience like the real exam and see how effective your index is. If you find the practice exam difficult either because you don’t know the material or your index did not effectively help you, take notes on the questions that stumped you, study the material again, and add to your index. Then take the second exam and repeat this process.
5. Label your books. At first glance, each SANS book looks the same. During the exam you want to be able to quickly grab the book you need that has the answer you’re looking for. To help me quickly identify a book, I take a sticky note and write the number of the book on it and place it on the front cover of the book like a bookmark. This way, I can just look at the sticky note and see the big bold number rather than having to read a monotonous book cover. It’s a small thing but I’ve found the speed increase noticeable.
The process is long and time consuming but in the end well worth it. I’ve done it twice now and scored 90% on my GCIA and 98% on my GCIH. I’m confident the process will work just as well for you as it did for me. Best of luck!
I use SiteGround for web hosting. Performance and customer service are top notch. Quick and easy https implementation via built-in Let's Encrypt integration. I highly recommend giving them a try. 🙂