Ready to take this test. We got our water, ID, notes stand…. Shoot where’s the books? I LEFT THE BOOKS AT HOME SANS is one of most recognized cyber education companies in the world, training over 40,000 students each year. They have a certification arm called GIAC, which is one of the surest paths to landing a six-figure cybersecurity job. Heck, this eBay job ad is from 2002… If I were to rank the top GIAC certifications in terms of value and prestige, they’re sitting just a notch beneath Tier-1 certs like CCIE, RHCA, or OSCE. It’s SO… expensive. If Whole Foods means “whole paycheck” to you then SANS might mean no paycheck at all, since it’s often just your employer that can afford to pay for the training. Whether from popular demand or dollar inflation, the price of a SANS course has quadrupled in the past 20 years. Priced in gold, it’s actually gotten cheaper though. But once you do sell your car to pay for tuition, you get the privilege of drinking from the SANS firehose at an in-person training event or with the OnDemand option, which is at home and at your own pace. This thing weighs like 20lbs.
You could probably use it to lift weights Shoot, I totally forgot about this. Somewhere between life and work, there’s this “Implementing and Auditing Critical Security Controls” course that got lost in the closet. Because at your own pace also means at the last minute. I’ve only got 5 days to study for this thing. And in those 5 days, I’ve also got to pack up the house and get ready to move over two thousand miles to Texas. What’s so great about dumb ol’ Texas? You see, one of the unique things about the GIAC exam is that it’s open-book, so you can bring in notes, cheatsheets, and the books to the test. The whole “open-book” thing is actually a curse in disguise, since it’s really easy to drain out the clock looking back and forth in the books for answers. Being multiple choice can also get pretty confusing depending on the construction of the question So in this extreme example, “Which of the following are NOT alternate names for SANS?”, you have to know the right AND wrong answers, think in double negatives, and use elimination very carefully. So if I don’t get super familiar with the content quick, I’m probably gonna fail. As a natural PRE-crastinator, I really hate being under pressure and like to over-prepare for things.
That means detailed notes, repeated exposure over time to really get a solid knowledge base. Which has been a pretty good strategy for me based on all the previous tests I’ve taken But being so short on time, and with zero progress on the books so far I’m actually kind of worried. Even though I normally don’t care about getting certifications, in this case, if I fail the cert, I fail the course for this master’s program I’m in. Is it possible to cram so much SANS content in just 5 days? Let’s find out. The first thing you want to do is schedule the test so we can backwards plan from there. GIAC has a remote testing option, but I really don’t like installing proctoring software since it just feels super dirty so I usually pick a testing facility. Since memory consolidation happens during sleep, I need to be in bed around 10pm and wake up before 6am.
A friend recommended Andrew Huberman’s podcast on biohacking and neuroscience, so I checked it out. He talks about setting your circadian rhythm with morning sunlight and exercise, and working in 90 minute cycles to match your body’s “ultradian” rhythm, followed by rest cycles of Yoga Nidra, Meditation, or Wim Hof breathing. Combined with my usual habit of one meal a day, I can squeeze in 8 hours of sleep, 3 hours of fitness, 2 hours of food leaving me a total of 55 hours to study. Minus the rest time and two practice tests, we’re looking at a total of 7.5 hours or 5 ultradian study sessions each day. But is there a better way than reading a whole stack of trees straight through? The strategy you want to use for SANS is to quickly familiarize yourself with the topics in the books and then make it easy to reference and locate during the test. We’re going to take what I call the “three-pass” approach, which is to read, tab, and index. In the first pass, you’ll want to speedread everything, noting key sections and their page numbers on a piece of paper. Reading flow is much smoother if you cover the slides, since content in the bullet points are usually repeated in the body. You’ll want to focus your eyes on no more than two points per line, scanning the rest with your peripheral vision Covering lines as you go also helps prevent re-reading text. After a page or chapter, close your eyes and recall what you just read which is a great way to retain information. In the second pass, you’ll want to run through the books again, using the notes from the first pass to partition sections using tabs. You should probably buy some plastic dividers but I’m just going to use these colored sticky notes instead, taping them down so they don’t fall out.
I also like to number the front of the books to identify them easily at a glance. SANS provides PDFs of the books for download, but you need to enter a password each time to open, which can get kind of annoying. Another issue is they don’t offer any tactile memory, where you’re able to remember a topic’s location in the books with your fingers. This saves you lots of time during the exam and lets you practice like you test. What digital books do help with is our third pass, building an index. To do this, you want to open up the sections you tabbed, pulling out keywords that might appear in a test question, using the PDFs to search for any pages they show up in, and save everything in a spreadsheet. In the index put the book and page number in one column, and the keyword and notes in the other column Then color code each cell to match the tab color for the corresponding book and page. Index and tabs go together like almond butter and honey. We can just find the right book, rapid flip to the right section and then get the answer.
I think we have a plan now. These $2 milk jugs are like the best water bottles I’ve used. No leaks, really thick, taste great, and like 20 times cheaper than brand name ones. I wish it was really that easy. Procrastination. Exhaustion. There’s just so much content to get through… Instead of studying like we planned, I spent the whole afternoon listening to Andrew Huberman talking about the science of motivation and drive. Pretty ironic, I know. I have this idea called the “sanctity of space,” where certain rooms are for certain functions and you only perform activities in the rooms meant for them. For instance, kitchen is for food, bathroom is for hygiene. Cooking in the bathroom or using the bathroom in the kitchen would violate this principle. But with all this packing and moving, I’ve been doing everything all in the same room, which is really messing up my flow. If you’re struggling with distractions, the best remedy is elimination. Phones and electronics are the worst space invaders because they’re multi-functional things you can bring anywhere. When you’re studying, take your phone, silence it, airplane mode it, turn it off, put it in a box, and put the box in another room.
This creates multiple layers of actually checking your phone, since reversing the process is now much more inconvenient. For motivation, you want to build small wins when your energy levels are high. These small wins create enough dopamine in your brain to then take on bigger and bigger tasks. So you can decompose the challenge of reading 5 books down to reading just one. Before reading one book, you might commit to reading just one section first. This way you can mentally construct a motivation ladder that carries you forward rung by rung. But what else am I missing? There’s gotta be some other test-taking tips out there. Since we need all the advice we can get, I decided to reach out to my friend, Jeff McJunkin, for some help. He’s an instructor teaching the SEC560 pentesting and SEC580 Metasploit courses. “My overall strategy tries to emphasize the value of your time as much as possible. Look, the scores aren’t public.
If you want those letters after your name the difference between 75% and 100% is well, nothing publicly.” I guess he’s right, I don’t need to focus so much on high scores. Some valuable advice he gave me was to build a tracker with the question numbers and desired time remaining to help maintain pace during the test, which has a countdown clock, so you can avoid spending too much time on a single question. The ones you can’t find an answer to quickly can always be skipped, and they’ll show up at the end. You might come across the answer somewhere during another question. The final tip Jeff gave is to maintain a 10% margin of safety above the passing score on the practice tests before taking the real exam. I’m feeling pretty good so far, gonna finish up my final pass, make the time tracker, and start the practice test. Sometimes things just don’t go as planned. Fatigue sets in, you want to give up. You can’t fall asleep at night. Even downloading the course MP3’s for listening gets old. Transcribing the audio is faster than 2x listening, but then we’re just reading more stuff again. There’s only so much your mind can absorb before zoning out. So I just failed my first practice test and it’s super embarrassing What made it worse is I went in feeling unprepared, which is the opposite of where you want to be Fortunately at the end of an exam, SANS gives you a breakdown of the different topics for the course, which gives you an idea of which areas to study more and focus on. For the questions, I recommend you follow a checklist approach which is to first read the question, eliminate obvious wrong choices, narrowing down to two if you can. Read the question again and pick the right answer from the remaining choices. Then double check in the textbooks if time allows. Re-reading the question after elimination should help catch tricky questions and negatives. Another thing to remember is that different exams have a different number of questions and time limits, so you’ll have to double check the course info. For the G triple C, it’s a 2 hour test with 75 questions. That’s about 90 seconds per question, and I need 54 questions right to pass at 71% That 10% margin of safety Jeff recommended puts me at 64 questions. During the test, it can be valuable to tally questions you’re sure of and the ones you’re unsure about. This can help you decide between speed and accuracy during the exam. Between practice tests you should probably take some time off studying and let your mind relax for a day. But I’ve got less than a day left so we’ve gotta do a second one back to back. I don’t know how I managed to pass the second practice test, but just barely… I woke up pretty late, so feeling a bit nervous but I think we’re going to get there just in time. Alright, so we’re here at the testing center red door that just closed. I think we’re ready to take this test. We got our Water, ID… Shoot… where’s the books? Oh my goodness. I LEFT THE BOOKS AT HOME. Wait. This is the last day I have to take it Oh man… So what do you do without books? The secret is to prep more than just a tab and index. Along the way, you should create an outline of the book topics, including definitions, notes, and diagrams. The process helps you learn much more than just reading, saves you time on the exam, and has been my tried and true method to every SANS cert I’ve taken. Scored even better than I would have with the books. This is the story of a cybersecurity student who’s won the battle but lost the war. You see the value of a SANS course isn’t in cramming hours straight for an exam just to get a cert. It’s in taking that new knowledge, bringing it into your workplace, and putting it to practice every single day… Even with a few extra letters behind my name, I’m no better prepared to audit companies against the 20 Critical Security Controls. In the Know, Do, Teach progression, I’m only somewhere here. I’d be much better off learning the controls, building a home lab, and actually implementing them by hand. I’m interested to know your thoughts. Especially those of you who’ve taken a SANS certification. Is it worth cramming for SANS just to get a cert? Would people just starting in cybersecurity be better off learning on their own? Let me know in the comments below! But that’s it for this episode of Cyberpatial If you enjoyed watching this, please consider subscribing and sharing it with friends. I’m Ricky Tan, and I’ll see you soon!