How to Pass Any SANS / GIAC Certification on Your First Try
Summary
TLDRIn this informative video, TCM discusses strategies for passing the GIAC certification, a crucial step for becoming a Qualified Security Assessor (QSA) in the PCI industry. TCM shares personal experiences and study tips, including the decision to pursue the more expensive but practical SANS certification. He details a methodical note-taking approach using color-coded tabs and an Excel spreadsheet to organize information for quick reference during the open-book exam. The video also offers insights into the value of the certification materials for ongoing professional development and provides a candid perspective on the certification's cost and industry relevance.
Takeaways
- π The speaker is discussing strategies for passing the GIAC (Global Information Assurance Certification) on the first attempt, which is a certification for cybersecurity professionals.
- πΌ The speaker took the GIAC certification as part of the criteria to become a Qualified Security Assessor (QSA) for PCI (Payment Card Industry), which regulates credit card payments globally.
- π The speaker chose the GIAC certification over other options like CISA because GIAC was more technical, hands-on, and open-book, despite being significantly more expensive.
- π The speaker used a course called GSNA Audit 507, which included a variety of security tools and scripting languages, and found it to be up-to-date and well-taught, but not worth the cost.
- π The speaker recommends creating an extensive index of topics from the study materials, using color-coordinated post-it notes and an Excel spreadsheet for organization.
- π¨οΈ The index created in Excel is then printed out and attached to the corresponding books to serve as a quick reference guide during the open-book exam.
- π The speaker suggests that the time constraint of the exam makes it crucial to have a well-organized note system to efficiently find information.
- π The speaker also mentions using practice exams to familiarize oneself with the exam format and to further refine the note-taking process.
- π The speaker used additional cheat sheets provided with the course, although they ended up not needing them during the exam.
- π The speaker emphasizes the importance of time management during the exam, given the large number of questions and the limited time available.
- π The speaker concludes by encouraging viewers to like, comment, and subscribe for more content, and shares a personal anecdote about taking the GIAC certification.
Q & A
What is the main topic of the video?
-The main topic of the video is discussing strategies and tips on how to pass the GIAC (Global Information Assurance Certification) certification, specifically the GSNA (GIAC Systems and Network Auditor) certification, on the first attempt.
Why did the speaker decide to pursue the GIAC certification?
-The speaker pursued the GIAC certification to meet the criteria for becoming a QSA (Qualified Security Assessor) for PCI (Payment Card Industry), which requires two certifications, one from column A and one from column B.
What does the acronym 'PCI' stand for and what is its relevance to the speaker's certification pursuit?
-PCI stands for Payment Card Industry. It is relevant because the speaker needs to become a QSA for PCI to perform security audits related to credit card payments, which requires specific certifications.
What was the speaker's opinion on the cost of the GIAC certification?
-The speaker mentioned that the GIAC certification was significantly more expensive than other options, such as the CISA, but chose it because it was open book/open note and seemed more technical and hands-on.
What course did the speaker take to prepare for the GIAC certification?
-The speaker took the GSNA Audit 507 course as part of their preparation for the GIAC certification.
What resources did the speaker use to study for the GIAC certification exam?
-The speaker used books provided with the course, an Excel spreadsheet for indexing topics, color-coordinated post-it notes, practice exams, and cheat sheets to study for the exam.
How did the speaker organize their study materials for the exam?
-The speaker organized their study materials by creating an index in an Excel spreadsheet, color-coding topics with post-it notes, and stapling the index to the corresponding books for easy reference during the exam.
What advice did the speaker give regarding the use of the provided books and notes during the exam?
-The speaker advised to use the books and notes as reference guides during the exam, as the open book/open note format allows for it. They emphasized the importance of indexing and organizing notes to save time during the exam.
What was the speaker's experience with the practice exams provided with the course?
-The speaker found the practice exams to be very similar to the actual exam, which helped them understand what to expect and how to use their notes effectively during the test.
What is the QSA program and how does the speaker feel about it?
-The QSA (Qualified Security Assessor) program is a requirement for performing security audits for PCI. The speaker feels that the program is somewhat like a pyramid scheme, but acknowledges that it is necessary for their career goals.
Outlines
π GIAC Certification Study Tips
The speaker, TCM, introduces the video's topic: sharing study tips and advice for passing the GIAC (Global Information Assurance Certification) certification on the first attempt. TCM emphasizes the high cost of retaking the exam and outlines the video's agenda, which includes discussing the reasons for pursuing the certification, sharing resources and study references, and providing strategies for success. TCM also mentions a personal anecdote about needing the certification for a role as a QSA (Qualified Security Assessor) in the PCI (Payment Card Industry) and the criteria involved, which includes obtaining two certifications. The video promises to cover TCM's experience with the GSNA Audit 507 course, its value, and the study methodology used for the open-book, open-notes exam.
π Organizing Study Materials for GIAC Exam
In this paragraph, TCM discusses the process of organizing study materials for the GIAC certification exam. TCM was inspired by an article written by Leslie Carhart and adapted her method to create an effective note-taking system. The process involves using post-it notes, an Excel spreadsheet for indexing topics by color and page number, and creating a reference guide for the exam. TCM explains the importance of this system for quickly finding information during the exam due to the time constraints and the exam's format. The speaker also shares personal tweaks to the method and the value of keeping the study materials for future reference.
π Exam Preparation and GIAC Certification Experience
The final paragraph details TCM's experience with the GIAC certification exam preparation and the exam itself. TCM talks about the practicality of using colored post-it notes for indexing and an Excel spreadsheet for organizing notes. The speaker also mentions the use of practice exams, which were found to be very similar to the actual exam, and the value of cheat sheets provided by the course. TCM shares a humorous anecdote about being the only person paying out of pocket for the certification at the testing center and reflects on the worthiness of the certification and the course materials. The video concludes with a recap of the study tips and an encouragement for viewers to like, comment, and subscribe for more content.
Mindmap
Keywords
π‘GIAC Certification
π‘Open Book/Open Note Exam
π‘QSA (Qualified Security Assessor)
π‘CISSP
π‘Study Tips
π‘TCM Security
π‘SANS Institute
π‘Leslie Carhart
π‘Note-Taking Strategy
π‘Work Study Program
Highlights
The video aims to provide tips and advice on passing the GIAC certification on the first attempt.
The presenter shares personal experience and study tips used to pass the GIAC certification.
The cost of GIAC certification exams is highlighted as a reason to pass on the first try.
The presenter discusses the back story of why they pursued the QSA certification from PCI.
Two required certifications for QSA are mentioned: one from column A and one from column B.
The presenter chose the GIAC certification over CISA due to its practicality and hands-on approach.
The GSNA Audit 507 course is recommended for its up-to-date and well-taught material.
The course includes lab work with tools like Nmap and Burp Suite, as well as PowerShell and bash scripting.
The presenter found the GIAC certification course expensive but valuable for its technical content.
Evan, a colleague at TCM Security, is introduced as a resident SANS expert with multiple certifications.
Leslie Carhart's method for taking notes during certification exams is recommended.
The presenter details a system of indexing and color-coding notes for the exam.
An Excel sheet is used to organize notes by book, section, page number, and color.
The importance of note organization for quick reference during the timed exam is emphasized.
Practice exams are suggested as a way to familiarize oneself with the exam format and content.
Cheat sheets provided with the course are mentioned as a potential aid during the exam.
The presenter warns about the high cost of the certification and suggests looking into work-study programs.
The presenter concludes with a recap of the note-taking strategy and encourages viewers to adapt it to their needs.
The video ends with a call to like, comment, and subscribe for more content.
Transcripts
what's up everybody tcm here back with
another video and today we're going to
be talking about how to pass your gi ac
certification aka kind of a sand
certification on your first attempt now
i'm going to talk through the study tips
that i used and some of the advice that
i got from others and how i use that to
pass my exam and trust me you want to
pass these things on your first attempt
because they are very expensive
so in this video we're going to cover
the back story a little bit of why i
took a sand certification and paid out
of pocket for it and then we're going to
go into the resources that i used and
some of these study references and
things that you can do to pass on your
first try so i will leave time stamps in
the description if you want to skip the
back story feel free
other than that as always if you like
the video please do hit the like button
subscribe comment down below
uh love each and every one of you but
with that being said we're going to kind
of jump right into it so
if you saw my last video um on the cissp
or the video on the cisp and the video
on passing that in a week i kind of
talked about
going for what is called the qsa from
pci
so pci is the payment card industry and
they kind of regulate uh all the credit
card payments that happen around the
world and in order to do security audits
for that you have to be what's called a
qsa
in order to apply as a company you have
to meet criteria in order to be a qsa as
a person you also have to meet that
criteria uh so the criteria is two
certifications um one from like a column
a and a column b and i'll put them up on
the screen here but basically one of the
certifications that i went for was the
cissp and the second one was an auditing
certification that you had to go for so
i think i had the option of like the
cisa
i forget what the other one was and then
the sand certification
now the cheapest certification would
have been going for like the cisa
um
unfortunately it really wasn't a
practical certification and i've heard
that it's a pretty tough certification
to get through if you don't have any
audit background or anything like that
um i looked into the sand certification
and while it was like
i don't know eight times more expensive
or the giac certification say um even
though it was like eight times more
expensive it was open book open note
which i appreciated and it seemed like
it was something that was more technical
and hands-on which i also appreciated so
i would never
pay out of pocket for
a sans course unless i absolutely had to
do it and in this case i had to do it
i thought overall the course that i took
which was the gsna was uh audit 507 and
i thought the course overall was really
good actually
materials were presented pretty well it
was mostly reading off of powerpoint
slides um with some information added to
it and then there were labs and i did
appreciate the labs because they kind of
allowed you to go through and actually
audit some things and a lot of it was
some stuff i was familiar with like nmap
and burp suite and tools like that but
there was also some new tricks to those
tools that i learned and then there was
a lot of other audit tools that i was
unfamiliar with there was a lot of
powershell scripting to do auditing
which was cool they covered bash
scripting which i thought was cool and
what was really new to me was like
auditing dockers and kubernetes which is
really cool um so i would say the course
was up to date really well taught but i
i don't think overall the course was
worth the price tag um unfortunately i
feel like the qsa program is kind of
pyramid schemey uh hopefully they don't
kick me out of the program for saying
that but it is what it is but that's
kind of why i ended up going for the the
sans uh course and then the giac
certification so with that being said um
the certification
when you do the course it comes with all
the materials um at least if you do the
course option so you get all these books
here i've got like i got six books
there's one for each day so if they
teach this in person you you do it per
day and then you get a workbook for all
the different things that you go through
um when they say that you can bring an
arm full of notes for your open book
open notes to your exam they are i mean
they're literally not kidding like this
is
it's like you're back in high school or
college again um this is an arm full of
notes you know i have never taken a gic
certification before so
um i went to a gentleman named evan who
is a team member at tcm security and he
is what i call our resident sans expert
because he's been through so many sans
courses and has a lot of gisc
certifications
and i asked him you know
what do you do how do you study for this
thing because there's so much
information like how how does one do
open books open notes uh and he he sent
me a link he said here's what i use for
my certifications and my certification
exam attempts and this has been
successful for me and i kind of followed
that and it worked so i'm going to kind
of share that with you
so that it's kind of known maybe more on
a broad scale so
moving over to the computer briefly he
sent me this article from leslie carhart
who goes by hacks for pancakes um
she wrote an article looks like in 2015
which is a long time ago on uh how to
take notes and i'm gonna list this down
in the description below i think it's
pretty good uh it kind of goes into the
way that she does it and i i made some
alterations but i still think it's worth
reading
essentially you get some of these
post-it tabs which i'll show you
and then you kind of go into an excel
sheet and you just go through your book
and as you go through your book you
write down these things in the excel
sheet and you kind of just color
coordinate it to your tabs eventually
you sort it and then you print it out so
i
got my inspiration from this article
thank you evan for sending it to me
thank you leslie for writing this
because this was actually fantastic i'm
just going to kind of tell you the
little bit of tweaks that i made as i
went through this so first things first
you do need post-it notes so i went out
and got these little post-it notes um i
got a bunch of these like this is
completely unopened but i didn't know
how many i was going to need so i think
i spent maybe 10 to 20 on post-it notes
overkill but you never know if you need
anymore it's better than having to run
back to the store
um from there what i did was i went and
i started going through the book and as
i went through the book i started
indexing topics that i thought were
important or i felt like could be
relevant for the exam so let's take a
look at that on excel
so here's kind of what it looks like i
went chapter by chapter so the indexing
system here is book one
and then this was section two and then
the page number that it correlated to um
and then i kind of just did these in
order and then i did them by color
um eventually i went down and then you
can see color changes for uh
book one chapter three book one chapter
four chapter five and then there's also
these exercises down here that i color
coordinated two specifics of uh what
chapter they they showed up in um so
with that you take these and you kind of
just write it out to a way that makes
sense for you um so maybe like hey this
is what the definition of auditing is or
here's the different policies or here's
where baselines are it becomes really
important honestly because when you're
taking the exam there's so many little
nuances throughout the exam at least in
my experience that it's not just a broad
definition like i i don't want to give
too much away but for example they might
ask you uh they might show you a log
file uh and say hey where would you see
this log file at you might have to go
dig that up or they might say something
like hey in windows event manager
if you're doing logging you know what
settings should be set ideally for this
specifically
and you go through and you have to kind
of figure out what those are now if you
try to memorize all those from the books
you're gonna have a hard time but these
books are meant to more be
a reference guide and for me these are
great because now when i go and i do
auditing i have a uh more methodology i
have more to add to the checklist
and i know what to build out so i think
this is fantastic you have a reference
guy that you can always point back to if
you say hey i forget what settings i
need to do you can just always go back
and point back to those so there is
value to these books and i definitely
intend on keeping them and using them
later on so with that being said you
then want to take these and sort these
alphabetically essentially
alphabetically kind of screwed with me a
little bit honestly like
as you learn your books and you learn
your chapters within your books i almost
would go back and just leave it kind of
like this like every day was a little
bit different so we might have a day on
auditing a day on windows a day on linux
and then i would know okay within linux
i knew what chapter sub chapter that was
in so leaving like this honestly wasn't
the worst idea but switching it over and
organizing it alphabetically wasn't
terrible either
so you have this and then you can just
print this out so i made it to where i
can print out every single day's notes
if that makes sense um and then i put
them on my books so i'll give you a
couple of examples um so like book one i
just stapled the index to book one if
this will ever there you go so i just
stapled the index and i wrote some notes
down here on some of the stuff
um book two
like for windows it got a little bit a
little bit longer so i had to go
landscape
but it's still a uh it's still a nice
guide and then
the nice thing too is you know you're
not going to catch everything um so
something for example is in the last
book
actually they give you an index for
everything so
um in this book at the very end
you have like the index of indexes
indices i don't i don't know what you
call them i don't know what the plural
index is but this is kind of what it
looks like right
so you do that and um if you can't find
it in your index then you you just look
in this
master index and there's a good chance
it's there
there was points in the exam where
nothing was showing up in any of my
notes or the index or anything i could
find in the book and that's fine um you
know that's kind of expected as well
and it's you know it is what it is but
at the end of the day here's the other
thing that you're doing so i took the
first uh line so 1.2.13
that page 13 is where i put my first
blue tab so if we're on book one you can
see that i kind of wrote it out
1.2.13 over here on the side that
correlates to page 13 in the book i know
everything within that
that blue tab is the first chapter or
second chapter of that book
um next chapter would be the green one
and that kind of gets you to where a
general area of you want to be um so if
i see green i just open the green tab
for example and then i know okay i gotta
find that page number with my area
at least you're not hunting things down
and having to find them on the fly
because you only have three hours for an
exam and for my test that was 115
questions so you got like a minute and a
half ish
for each question which isn't very long
if you're like flipping through your
book trying to find answers uh so that's
kind of really it um i you know i
recommend printing this out they give
you practice exams um if you purchase
that i think that the practice exams
were identical to what the exam was i
think they do a really good job of
saying hey this is what the exam is
going to feel like and then i was able
to take notes on that practice exam
that's what you see handwriting on on
some of the indexes
and then i was able to use those in my
uh my exam as well they do give you some
cheat sheets like for example they gave
me this like regex cheat sheet which is
kind of cool um and then different
little cheat sheets i just stapled those
all together in case i needed them but i
didn't use any of the cheat sheets that
they had
but your mileage may vary on that so
long-winded there but the recap of this
is you want to get some of these colored
post-it notes right get some of these
you're going to want to index in an
excel or similar spreadsheet tool um by
color and just write out the page number
the chapter and how it correlates to you
make this your own like i saw leslie's
guide and i said hey this isn't what's
going gonna work best for me but it's
pretty close i mean what i'm showing you
my methodology based off of that might
not be what works for you either so um
make your notes your own so that you can
understand them and as you're going
through these just make sure you're
you're indexing everything and that you
can go back and you can color coordinate
and
be able to reference easily when you're
taking your exam because time is
everything on these exams so that's my
little tips and tricks hopefully this
was informative for you
hopefully you never have to pay for a
sand certification out of pocket a
little side note when i was going to
take my exam i had all my books and
she's like you must be here for the giac
because the only ones that allow open
notes at our testing center by she i
mean the proctor by the way um and we
were sitting down she's like so what
agency are you with and she meant like
fbi cia because those are the companies
that pay out of pocket for these things
government pays big money for these
certifications and i was like i am the
one idiot that pays full price out of
pocket for this because i had to uh they
do have work study programs um i think
if you can get you know i think fifteen
hundred dollars for this if you could do
the work study program um and you pay
fifteen hundred dollars for
certification i think that could be
worth it depending on the certification
uh this gsna certification if you go
google it there's literally nothing on
it on reddit which i've never seen this
before i think there's like tech exams
or something uh one of those websites
like that that uh talks about it from
like eight to ten years ago but the
materials from 2021 um very recently
updated i thought it was pretty good so
um they're still keeping it up to date
even if nobody's talking about it and
obviously it's still a requirement for
the qsa so they're doing something right
there for real this time that is it uh
if you like this video again please do
hit the like button comment subscribe
all that fun jazz will be back very soon
with another video
until then
peace out
Browse More Related Video
![](https://i.ytimg.com/vi/dHxEd5o_22I/hq720.jpg)
I Passed the CompTIA Security+ Certification in 9 Days
![](https://i.ytimg.com/vi/Mukn1dxW5sw/hq720.jpg)
AZ-104 Exam EP 01: AZ104 Course Introduction
![](https://i.ytimg.com/vi/Yug9vP9ix3g/hq720.jpg?v=66306046)
I Passed the Security Blue Team Level 1 Exam
![](https://i.ytimg.com/vi/laits957XG0/hq720.jpg)
Don's Study Guide for Canadian RPAS FLIGHT REVIEWS (revised June 2020)
![](https://i.ytimg.com/vi/vp2xSJx-CzE/hq720.jpg)
How I got a 4.0 GPA with COGNITIVE LOADING (Better than Active Recall) [LOW BACKGROUND MUSIC]
![](https://i.ytimg.com/vi/H0co61hJCU0/hq720.jpg)
a-levels next week? watch this
5.0 / 5 (0 votes)