SEC504 is intense and enjoyable, so make the most of it. It covers a mix of Red Team and Blue Team skills, with a slightly heavier focus on Red Team. Take sufficient notes, as doing so will allow you to understand the core ideas and principles of the material. There will be time to look up a few concepts during the exam as it is an open book exam. However, you won’t have enough time to look up every little detail, so make sure to revise thoroughly and understand the material. This post contains my take on the important and sometimes missed aspects, and should not be mistaken for a comprehensive guide to the course.
1. Revision plan
Don’t leave revision to the last minute. SANS courses are notorious for having a large amount of content, with around 5 books consisting of 180 pages each, totalling 900 pages and an additional workbook to get through.
How long should I study before attempting the exam? On average, successful candidates study for 55 hours prior to taking the exam (this is in addition to any formal training you may receive). This is why candidates are given 4 months to prepare for the exam. (https://www.giac.org/exams/overview)
From the GIAC website, a reasonable estimate for study time is around 55 hours, but we will work with 60 hours to keep the numbers simple. Dedicating roughly 10 hours to study each book (including the workbook) should be sufficient. One strategy could be to designate one week per book, over a total of 5 weeks, utilising the workbook alongside relevant topics. Lookup any techniques and concepts which you need to polish up on online - YouTube comes in especially useful. Covering each topic at least twice is a helpful tactic. A common mistake is to neglect the workbook, and doing so means you won’t be able to apply the theory learnt and be guided through the practical elements.
2. Indexing
The mistake I made was to overcomplicate the index. Try not to do this, as it leads to unnecessary complexity, and you may end up wasting time during the exam. Keep in mind that although the exam is multiple-choice, it is crafted in a way that favours a deep understanding of concepts, rather than sheer memory. Aim to optimise for the index for speed and ease of use, as the concepts should already be thoroughly understood. The index is used to locate the intricacies and lookup an odd tool here or there, as there will not be enough time to look up every question. TIP: Use coloured sticky notes to quickly identify each book, and co-ordinate the colours with your index.
3. Use the practice exams well
Remember to read the instructions carefully before starting. The goals of the practice exams are to get familiar with the exam engine, get accustomed to the style of questions asked, and to check for any knowledge gaps. Once you’ve finished the practice exam, keep a note of the areas where your knowledge could be improved and make sure the next version of your index is well optimised. The result of your practice exam should give you an indication of how prepared you are for the final exam. If you feel ready, then schedule your exam and give it your best shot! The 4 hours will fly by, and you will come out feeling relieved that you gave it your best.