What is the GSEC Exam?
The GIAC Security Essentials (GSEC) exam is one of many certifications that is provided by GIAC. This is my second ever GIAC exam after I took the GIAC Fundamental Cybersecurity Technologies (GFACT) exam last year. Unlike the beginner-level GFACT exam (which was a 200-level exam), GSEC is a 400-level GIAC certification, meaning that it is considered a lower-intermediate level exam. This certification is open-book, and it is 106 questions (11 of which use a virtual machine) that are meant to be answered in four hours. To pass, a 73% score is required. Luckily, I ended up passing with a solid 92%. However, I will explain why it was a bumpy journey to earn this certification and provide some advice for anybody studying for this exam!
In terms of the content, I studied using the SANS SEC401 OnDemand course to prepare for the exam. This course consisted of seven different books:
- 401.1: Network Security and Cloud Essentials
- 401.2: Defense-in-Depth
- 401.3: Vulnerability Management and Response
- 401.4: Data Security Technologies
- 401.5: Windows and Azure Security
- 401.6: Linux, AWS, and Mac Security
- Workbook consisting of 20 labs
In addition to these books, which were +200 pages each, I was given 40 hours worth of content to study all the material covered in the course. I really enjoyed having Bryan Simon as the course instructor since he made going through the content much more enjoyable with his humor and fun stories.
How did I Get these Materials?
CyberStart America! I am grateful to say that my engagement in CyberStart’s challenges during the 22/23 and 23/24 school years has provided me with the opportunity to take the SEC401 course and the GSEC exam completely for free! Unfortunately, this opportunity is not available anymore. However, I am sure there will continue to be more opportunities similar to this one in the future!
This opportunity was very meaningful for me because if CyberStart had not paid for the course and exam, it would have cost north of $9,000! This factor played a major role in keeping me motivated throughout the 35 days that it took me to prepare for the exam.
Challenges Faced
The first thing I have to mention when discussing the trials of this exam is the amount of content it contained. As I mentioned before, I received seven books with 200 or more pages EACH. Alongside that I watched all 40 hours worth of the course. Admittedly, I could have easily just skimmed through the videos, indexed each part, and followed that method for the entire course, but the struggle I went through to watch the videos AND read the books solidified the content in my head so much more. From the start I understood that, especially at my age, the most important thing about this certification was the information I learned from it.
Another challenge that I faced during my preparation for the exam was the fact that I had to sacrifice a lot of my summer time to prepare for this certification. Since I had no time to start studying for the exam during the end of my junior year (thanks to my 5 wonderful AP exams 😀 ), I made the decision that I would have to sacrifice some of my free time to ensure my success for both my AP exams and the GSEC. This left me studying for hours per day starting from the first day of summer vacation to the day before my exam. One particular time that sticks out to me when I mention this challenge was when my family traveled for my sister’s national volleyball tournament, and I had to stay in our hotel to continue studying for the exam. I also recall the countless days I spent past midnight just to complete the necessary progress for that day. This commitment may seem unnecessary, or even silly to some, but I am very proud of the efforts that I took to pass this exam and I believe it has further established my commitment to achieving great things in this field!
Lastly, I faced some self-doubts after I had gotten back my score on my first practice test: 56%. It was crushing because I felt like I did well throughout that practice test. However, looking back, it’s pretty clear why my first score was that bad: all the virtual machine questions were blocked by the school chromebook I took my practice test on! At the time, I did not realize that the VM questions were a major part of the score, so I thought that I was completely behind in my preparation. In addition to this, I had not started building my index until I had finished ~ 80% of the content. This was definitely one of the biggest setbacks in my journey because it hurt my confidence for a few days.
Successes
Considering that I ended up scoring a 92%, I am grateful to say that none of the challenges above were too difficult to overcome. 🙂 Although I faced some self-doubts following my first practice test, I understood I just had to keep building my index and reviewing the content before my next practice test. Following three days of finishing up the last 9% of the content, creating indexes for three more books, and reminding myself not to take the practice tests on my chromebook again, I felt ready to crush my second practice test.
Following three hours (I finished an hour early) of flipping through pages, answering questions, and recollecting familiar terminology, I got a score completely beyond my expectations: 93%! This improvement in score from a 56% to 93% in three days seems unbelievable, but I have to credit a lot of that to the fact that I was actually able to answer the VM questions on my second practice test, and they turned out to be quite easy!
Following that score, I felt a lot more relaxed and chose to take a step back and relax for the rest of the day since my official exam was the following morning. I believe this helped me feel re-energized for my official exam on Saturday, July 20th. I believe this is a major milestone in my young Cybersecurity career, but I am more enthusiastic than ever to continue learning more in the future!
Advice for the GSEC exam
If you happen to be taking the GSEC exam, one piece of advice I would like to give you is to watch all the videos whilst indexing throughout, and read the book for the topics that interest you / confuse you. I feel like this would give you the best of both worlds in terms of absorbing the content whilst being efficient. Additionally, make sure you are familiar with most if not all of the labs in the workbook. These virtual machine questions were much easier than I thought they would be, but they play a major role in your final score. Lastly, I would say to try and find your favorite niche in cybersecurity from the content. The exam covers so many different topics in cybersecurity (from cryptography, to incident response, to cloud security, and even digital forensics!), so keep an open-mind and reflect on which topic you found most interesting!
What’s Next?
Following the attainment of this certification, I would like to focus on the development of my technical skills, as well as me and my friend’s organization, NVTEI. I am learning Cloud Computing fundamentals right now, and I cannot wait to begin building projects in AWS! I also just finished a week of interning at Leadership Initiatives, which really opened my eyes to even more opportunities and even encouraged me to create a LinkedIn profile! If you would like to learn about my experiences with Leadership Initiatives and why I think it is a great opportunity for high school students, check out this blog post!