I recently had the chance to take SANS Institute’s SEC401 course. It was my first experience with SANS so I didn’t entirely know what to expect, but it was definitely interesting.
On the first day they give you a bag with 7 books, one for each day and the 7th is a lab book that you’ll be using for all them. Each of the books has an image of the slides that are covered in class; the bottom of the page contains more detailed information regarding the topic being discussed.
The labs are done on virtual machines that they give you on a USB that you get to keep. It’s a bit of a hand-holding situation when you’re going through them the first time around, so you definitely need to go over them again to fully understand everything.
One thing I was really impressed with were the instructors at SANS. They are exceptionally knowledgeable and always make time to answer questions to the best of their ability both during and after class hours. My SEC401 instructor was engaging and knew how to present with energy to keep the class interested. I’ve personally never had any teacher or professor lecture with that level of enthusiasm, so it was quite refreshing.
Although a lot of the material was review for me I still felt like it was beneficial to go over things again. After a while of not seeing something you tend to forget details about it.
To prepare you for the GSEC examination they really advise you to create your own personal index of all the different subjects and topics within the books so that you can quickly look them up if you need to. After all, the exam is open book.
My method of indexing was loosely based off of the Pancake method, which seems to be extremely popular. I basically wrote down the topic that was displayed in the header of the opening slides and included more details if I needed additional granularity on the subject.
You can really do whatever fits best for you though. The best method is the one that you are most comfortable with and can help you get to the information quickly.
They also provide you with two practice exams to give you an idea of what level you’re currently at. I went into the first one blind and scored terribly, but that’s just part of the learning process.
What’s really useful is the score report that they give you afterwards. It tells you what topics you are weak in through a x/5 star based rating.
My advice would be to not take the practice exams until all your indexing and other resources are already compiled and printed.
The reason is that if you go into it without any preparation, it doesn’t give a good indicator of how the actual exam will go. It’s more likely that you’ll just end up confused and demoralized from scoring low.
The current passing score for GSEC is at about 73%, which is getting 131 out of 180 questions correct.
My strategy was to pace myself by splitting the questions per hour. So after each hour you should have completed roughly 36 questions.
36 (4 hours left) -> 72 (3 hours left) -> 108 (2 hours left) -> 144 (1 hour left) …
I also tallied which questions that I had most likely gotten wrong. This is helpful because it gives you a sense of how much time/priority you can put into a current question before moving on.
For instance if I came across a seemingly easy question but I was a bit behind in terms of time, I’d just go with my gut and move onto the next.
If I had already amassed a large amount of possible wrong answers then I’d probably spend additional time on it because I couldn’t afford to get more wrong.
I was aiming for an 80 minimum, so no more than 36 wrong answers. Luckily I passed with a score better than I anticipated.
Getting it framed costs an additional $35 dollars I believe; it’s so worth it though. I wasn’t expecting it to look this great.
Anyway the course was enjoyable and there was a lot of the value came from being able to speak with other people who worked in the industry and hearing their stories.
As everyone else says, if you can get your employer to pay for SANS then by all means go for it. If you’re paying out of your own pocket for a SANS course then I’d really recommend picking a more advanced/specific class, otherwise I don’t think SEC401 is worth the cost.
I’ll be moving onto SEC504 and GCIH next.