Review: SANS Security Essentials (GSEC)

Greetings readers,

Today I attempted (and passed) the SANS GIAC Security Essentials (GSEC) certification exam. I wanted to take a moment and write a review of the course and offer my experience in preparing and taking the GSEC exam. So let’s get started!

Penetration Testing with PowerShell Empire

GSEC is SANS’ foundational Infosec course. If I could describe what Security Essentials offers in one sentence it would be, “Everything you need to know about Infosec in 6 days.” Now in my case, I took the OnDemand modality, meaning I could consume the course materials from the comfort of my house on my own schedule. As a full time professional with duties that take me out of country, OnDemand was the only option. Having said that, I personally feel it was the best option.

About OnDemand:

OnDemand is great – simply great. SANS snail mails you your course books, supplemental materials,  and a DVD containing tools to be used for various exercises. They also provide you access to the OnDemand portal where you can view video lectures for your specific class. GSEC OnDemand was taught by Dr. Eric Cole. And let me tell you, he is truly a champion of the industry. Eric is an amazing teacher. He explains complicated/technical material clearly and concisely. You really can’t ask for a better instructor. I particularly liked the OnDemand format because it enabled to me to rewind/rewatch material that I didn’t understand or that I wanted to reinforce.

Course Material:

GSEC is a survey course. Similar to CISSP, you go a mile wide and an inch deep (or maybe more depending on your skill level). GSEC covers a huge swath of information security topics that all branch into specialties of their own. GSEC begins with networking fundamentals. The networking segment covers everything about network hardware, the OSI Model & TCP/IP stack, protocol analysis, packet decoding, wireless security, and more. Like most of the books, it is a lot of information to consume, but it is entirely doable. Next, GSEC covers Defense In Depth. While the concept of Defense in Depth is easy enough to understand, you’ll examine it in a fine level of detail. Along the way, Eric offers golden nuggets about every sub topic, which really justifies the cost of a SANS course. For example, I’ll never forget Eric’s three questions to ask before you do ANYTHING to improve your information security:

  1. What is the risk?
  2. Is it the highest priority risk?
  3. Is this the most cost efficient method to reduce the risk?

As the course goes on, Eric constantly reinforces why you have to ask those three questions. He describes countless case studies where well meaning Infosec professionals tried to enhance their security but failed miserably because they didn’t understand risk, the organization, or their own network. You will learn how to not make those mistakes.

Next, GSEC covers Internet Security Technologies. This section exposes you to the wide assortment of different computing technologies that, as an Infosec professional, you have to know about. This included a variety of topics ranging from internet security, honeypots, and NIDS/NIPS and HIDS/HIPS.

The fourth topic in GSEC is Secure Communications Technologies. This module focuses heavily on encryption, which for me, was a subject I dread. I just can’t get in to encryption algorithms, key sizes, or PKI. Now that being said, Eric did a fantastic job teaching it, and he really enhanced my understanding of encryption. Eric offers another golden nugget when evaluating cryptosystems: the effectiveness of a cryptosystem is determined not by the secrecy of the encryption algorithm, but by the secrecy of the key. He then poses three questions that you should always ask when evaluating cryptography:

  1. Where is the key? (That is, encryption key, such as password, token, etc.)
  2. Who has access to the key?
  3. Is the key with the data?

SANS culminates the final two days by teaching Windows and then Linux security concepts. The Windows book was massively dense, but the reality is that every topic within it is absolutely necessary to understanding and enhancing your organization’s security. Linux’s content was not nearly as massive, but I chalk that up to Linux’s relative simplicity compared to Windows.

Exam Tips: The GSEC exam is not overtly hard, it just covers a huge assortment of topics. But success really boils down to three things:

  1. Have a GOOD index. What is a good index? Essentially, it is a breakdown of content from each of your SANS books filtered by keyword, page, book number, and a short description of the item. You should have both general keywords for content such as “IPSEC” and very specific keywords such as “Authentication Header and Encapsulating Security Protocol.” If you do nothing else, have a good index. Many test questions can be answered with help from the text; but don’t expect many questions with verbatim answers ripped from the text either.
  2. Be familiar with where major subjects are located in the texts. This will ensure that if you miss anything from your index, you can find the general location to reference the information you need.
  3. Take your time during the exam. They give you 5 hours to complete the exam. I moved at a very leisurely pace, and finished in 2 in a half hours – you have plenty of time. That being said, take the time to carefully read every question. You will run into questions that are designed to troll you into selecting a wrong answer. Only after you’ve thought about it a little more will you realize you’re wrong. But this requires that you take your time – read the full question, read the full answers, answer the question that was asked (correctly).

If you do these three things, the test really isn’t that hard. Its just long, and when you’re about 3/4 through, you’ll feel pretty fried. Take your allotted break and then come back and knock the rest out.

Conclusion/TL;DR: GSEC is a fantastic course. It offers a strong foundation for newcomers to enter Infosec. If you’re a seasoned professional, I guarantee GSEC will still offer content that will dramatically improve your performance in all areas of Infosec. If you’re fortunate enough to have an Infosec juggernaut like Eric Cole, you’ll be in very good hands. As for the test, its challenging, but not excessively so. Build a quality index, be familiar with the course materials, and take your time. If you do those three things, I guarantee you’ll be successful.

Thanks for reading, and keep working on those hacking chops. See you next time on Noob2Root.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s