I passed the GSEC (GIAC Security Essentials Certification) this morning. It is a multiple choice format test with 180 questions.
I had been considering taking Security Essentials at SANS CDI in Washington DC. On the one hand, at this point in my career shouldn’t I be able to pass this certification without the conference. On the other hand, there are always things you don’t know and it would be nice to take another course with Eric Cole. SANS has a 50 question test to determine if you are ready for the course or if you don’t need the course. I scored well enough that I decided to challenge the exam. Challenging a SANS exam means instead of taking the conference, or purchasing the self-study option, you pay to take the exam and you get two practice exams. You don’t get the workbooks when you challenge an exam.
Without the SEC-401 books, I looked at other ways to make sure I got the score I wanted. The most help was my SANS CISSP+S workbooks. In 2005, I took SANS version of a CISSP prep course. I highly recommend that course for the CISSP. While it is the one SANS conference track focused on helping you pass a certification, it also tries to give you knowledge that is applicable to work. There is significant overlap between the CISSP and GSEC so those workbooks came in handy.
I also purchased GSEC: The How to Pass on your First Try Certification Study Guide by William Manning. As it says on the first page, the book is not intended to replace the SANS workbooks. I was hoping to use it as a reference but I found it lacking even for that. The built-in index isn’t very good. It give you page numbers where the term was used, so its hard to find the one page where it was really defined well. You’ll need to build your own index for the exam. I also found the book completely lacking in its coverage of Windows Linux and VOIP. If you do insist on buying this, both the first and second edition are available on Amazon. Make sure you get the updated version.
I went after the GSEC because it’s a prerequisite for the GSE. I’ve seen others complain about that. “Why have to get a lower level certification when you’ve completed a higher level certification.” SANS response is that the Unix and Windows components of the GSEC make it unique. They do offer an alternative of taking the Unix and Windows certifications separately. What I find kind of funny is the SANS Cyber-Guardian program has a prerequisite of a GSEC but a CISSP can be substituted in that program. (Although the Cyber-Guardians must attempt a GSE so I guess a GSEC really is required)