Let Me Help You Pass GIAC Certifications.

Preparing for a GIAC certification exam might feel like preparing for an epic battle. But fear not! With the right strategy and dedication, you'll be ready to conquer the exam with confidence.

While everyone has a different style of learning, my goal is to combine multiple research-supported techniques to provide an effective and proven methodology. This methodology includes techniques such as:

  • spaced-practice (revisiting topics over multiple sessions with a span of time between),

  • retrieval testing (practice exams),

  • interleaving (switching between topics and methods of memorisation), and

  • learning using multiple formats (graphical formats as well as written formats)

Assumptions:

There’s a couple assumptions tied to this methodology.

  • You enroll in the official SANS On-Demand course, or have/will attend the official bootcamp for the GIAC certification you are testing for. Please note that this guide is primarily tailored to the On-Demand version of SANS courses.

  • You have the necessary computing resources (refer to SANS course requirements).

  • You have the financial means to buy sticky notes, a pen, a piece of paper, and can take a day off of work/school/life/(whatever) to take the exam.

  • You are committed to studying seriously and consistently.

  • You have a knowledge foundation that meets the minimum qualifications/prerequisites for the course.

  • This method, if adhered to, will allow you to finish a GIAC certification in approximately 2-2.5 months. You will spend approximately ~30 days watching the SANS course videos (averaging 1 hr a day), following which, you will complete the index at a rate of one book per week (at a minimum). Tack on one day for the Capture-the-flag/Capstone (if applicable), one day for each practice exam, and one day for the real exam. If you are taking a standard SANS.org course - you typically have a total of four (4) months of course access. If you are taking the SANS.edu course you have three (3). This plan should have you finishing well below those thresholds.

The process

1. Prepare: sETUP Your Lab Environment

Before diving into the course material, ensure that your virtual machine (VM) environment is set up according to the course requirements. This will allow you to pause instructional videos and complete labs alongside the course content without interruptions.

2. Ingest: Engage the Videos and Labs

2.1 Watch the Course Videos (or attend the official bootcamp)

Begin by watching the SANS-provided video material. These videos will introduce you to the core concepts of the course. Aim to watch at least one hour of videos per day, allowing you to complete the full course content in about a month.

2.2 Complete Labs syncHronously

Pause the videos when you reach a lab section and attempt to complete the lab on your own before watching the instructor's explanation. This hands-on approach helps reinforce learning and provides valuable practice. Utilize a digital copy of the workbook for easy access to lab instructions (Some courses include a digital copy as the homepage of the web browser in the provided VM!). As you reach the end of the course, do not complete the Capture-the-Flag (CTF)/Capstone "lab". We will save this for a later step, allowing you to dial-in practical knowledge immediately before the exam.

3. Index: The Key to Success

Creating a comprehensive index is crucial for your exam preparation. While many recommend a simple index with keywords and page numbers, I advocate for a more detailed approach. I add an additional column to capture, as succinctly as possible, the critical details of the keyword/concept/acronym. This serves two primary purposes:

First, it helps reinforce your learning while creating the index. Second, when you're crunched for time during the exam, you may be able to extract or infer the details you need right from the index, without having to reference the page in the book.

You are going to create the index at a rate of one book per week (at a minimum). Here's how to do it:

  1. Use a spreadsheet application to create your index.

  2. Allocate one sheet per book. Eventually you’ll add a few more sheets at the end, I’ll get to that later.

  3. Include columns for the keyword, section title, book number, page number, and a brief description.

  4. Populate the index with concepts, keywords, acronyms, commands, and tools you find throughout your reading.

  5. Use multiple lines to capture concepts that may require additional context (one line for the definition, and one that aligns with the context).

    • For example, if the concept I've identified in the book is "TCP Control bits" I would have one line for "TCP control bits" and also make another line with "Control Bits (TCP)", putting the same description for both. This way if "Control bits" are mentioned in the question, I can search alphabetically until I find "Control bits", or if "TCP" is referenced in the question, I can find the keyword by looking through keywords labelled "TCP" until I find a definition or context that matches.

    • Another example could be a tool or script that falls under the umbrella of another larger tool. Pw-inspector is a sub-tool that comes as part of the larger tool called Hydra. The pw-inspector tool can be used for trimming down wordlist files for password spraying or cracking. It may be a good idea to have separate lines in your index for both “pw-inspector” and “Hydra pw-inspector”. This allows you to search for it alphabetically if the question references “pw-inspector” by itself, or, if asked a question such as “what Hydra tool is used to trim down wordlist files?” you find it near “Hydra” and other “Hydra” keywords. (see the first picture below to see this in practice in my index)

  6. Add additional columns to mark if the entry is a tool or command. This helps you solve questions that compare tools (ex: which tool was written in x programming language?) or questions that are related to command syntax (ex: this user needs to perform x operation, would they use command a, b, or c?). This is shown on the right side of the sheet in the following picture.

Here’s an example of one of the sheets from my GPEN index (book 2):

Each individual book should have a sheet that looks like this.

7. Once all individual books are indexed, compile the sheets into a primary index sheet and sort alphabetically (shown as “Combined” in the picture below). This will be your main sheet.

Then, create two new sheets. Filter your primary sheet by the “T” in the “Tools” column and extract the information into a separate Tools sheet. Do the same with the “C” in the “Commands” column. You should now have one primary sheet sorted alphabetically, one Tool sheet, and one Command sheet.

Your final sheet should have a table with all the concepts sorted alphabetically. This is your primary index.

The last thing to do is print out your primary index, tool index, command index, and any relevant cheat sheets you may think is necessary. The “course content” section on your SANS dashboard should contain quite a few useful cheat sheets for you to print and bring. I also recommend bringing cheat sheets for frequently used tools from your course labs - It’s even been recommended to print out the man/help pages of tools as well (these can be found online also)! Other recommendations include: an ASCII table, Common Port/Protocol list, Networking Cheat Sheets, and resources such as the Red Team Field Guide. Use your intuition and print whatever you think you may need! Remember, it's always better to be over prepared and have the information with you but not have to use it!

Pro tip - Ditch the sticky note madness

Picture this: You're at the exam, your desk is tiny, and you've got a mountain of books and references crammed in front of you. Some folks suggest tabbing out your books with a billion sticky notes of various colors. Don’t. For me - having a billion sticky notes of various colors just creates visual chaos.

The exam questions aren't organised by book topic, so you’ll constantly be rifling through different books, which quickly get out of order. Plus, the book numbers are only shown on the cover and can be hard to see when everything’s stacked like a game of Jenga.

Here’s a better plan: Use one sticky note per book, positioned at the top or side, with just the book number on it. Stick the sticky part inside the cover so it stays put. When you’re in the exam and need to reference a keyword from your index, these simple sticky notes will help you quickly grab the right book without playing a frustrating game of hide-and-seek.

Congratulations! Most of the heavy lifting is now done! Now it’s time to review your practical capabilities, and then put them to use!

4. Apply: Capture-the-flag (CTF)/Capstone

You've been creating your index for a few weeks now, and it's been a while since you tackled the labs and video content. Think of this as your practical refresher before the big showdown. Stumble through the CTF like a lost tourist with a map and use hints if necessary. Try to reference your books as little as possible, but when you do need to, find the corresponding lab in your workbook and step through the CTF question with the same methodology.

Completing the CTF should provide you with a level of practical knowledge that will carry you through the exam.

Remember, the course creators aren’t trying to "trick you", but the CTF is designed to make you sweat a bit more than the practical portion of the real exam. Consider it a mental workout—no pain, no gain!

5. Test your Resources: Practice Exam One

I highly recommend you plan your practice exam around a two-day period of time that allows you to take a practice exam the first day, and then (if you perform well on the practice exam) take the real one the following day. On your practice exam day, block out 3-4 hours for the practice exam and subsequent review. Have your index printed, cheat sheets ready, and books sticky-noted.

Focus on one main thing during the first practice exam: the completeness/sufficiency of your index and printed resources.

Keep a blank sheet of paper and a pen/pencil handy. Every time you get a question wrong or stumble upon an unknown acronym, jot it down. The practice exam provides an explanation when you answer a question incorrectly, but you can’t revisit the question, so take notes quickly and move on.

After the exam, give your brain a break—step away from the computer and let your eyes rest. Then, when you're ready, research the notes you took, update your index with the new info, and you're good to go!

6. lock it in: Schedule Your Official Exam

Regardless of your performance on the first practice exam, schedule your real exam. Yup - you read that right. No matter how you did on the first practice exam you’re still going to schedule your exam at this point in the process. No “ifs”, “ands”, or “buts”.

If you score over 90% on the first practice exam, aim to take the real exam as soon as possible, ideally the next available day.

I'm fortunate enough to have 3-5 testing locations within an hour of my home, so I almost always find availability for the next day - and I'll take the day off work. I understand that's not always possible for people to cut out of work last minute — That’s why I recommend you plan your practice exam(s) on the first day of a two-day window of available time.

If you’ve scored less than 85-90% on the first practice exam, allocate a sufficient amount of time for additional content review and a second practice exam. Schedule your exam for the day following your next intended practice exam. Scheduling your exam creates a sense of urgency and focuses your preparation. You (or your company) likely paid an exorbitant amount of money to take this training and subsequent exam. It’s paid for, you’ve put in the work, now it’s time to shine!

7. The Final Rehearsal: Practice Exam Two

If your score on the first practice exam was below 90%, or if you’re the cautious type and want additional practice, take the second practice exam. Treat it like the real exam: no internet searches, just your printed resources. Make sure you also keep an eye on the clock - the last thing you want to do is run out of time, if you're stumped on a question click the "skip and review later" button and continue on. Use this exam to refine your time management skills and further improve your index. Think of it as a dress rehearsal before opening night.

8. Relax and Pass: Final Preparations and Exam Day

At this point you ARE ready. You've done your hard work. You’ve scheduled your exam. Let’s do this!!

The Day Before the Exam

  • Ensure you know the directions to the exam location, factor in time for traffic, and plan to arrive 30-45 minutes early. You can usually start an exam early, but you definitely don’t want to be late.

  • Pack your bag with all necessary materials: books, index, cheat sheets, snacks, water bottle, and the required two forms of ID. Stage it by the door so it’s a grab-and-go the day of the exam.

  • I recommend you eat healthy the day before and the morning of - but don't deviate from your normal eating habits/caffeine routines.

  • Avoid cramming. Instead, relax and engage in activities that help you unwind. Go out with friends, do some retail therapy, rest your eyes from screens. Or maybe you want to stay at the house and read, play video games, or spend "quality time" with your partner. Whatever you feel that your body needs to unwind, do it!

Exam Day

  • I tend to listen to pump up music while sipping an energy drink or tea on my way to the exam location, but do whatever you think your body needs. Caffeine and pump up music can be good for some, but please don't chug six energy drinks and have a heart attack because you altered your body's status quo. Listen to your body and give it what it needs.

  • Crush your exam, and shoot me an email when you pass :)

Next
Next

The Glass Castle Mentality