Who is the SEC504 course for?
The content of the course can be considered for beginners in the Cybersecurity field- if and only if you have basic experience with Linux CLI and Windows CMD or PowerShell. I will cite an example later on. But if you have not done any Linux commands such as cd, ls, pwd, find, or PowerShell commands like Get-Process, Get-service, Get-WinEvent, you will find the course to be intermediate level.
How much did you spend on the training and certification?
It depends. I found a cheaper way to do it, but to clarify, I couldn’t afford to pay for the course and exam attempt if I had to pay the total from my own pocket. I am lucky enough to have an employer that offers all its employees a very generous education/training allowance, allowing me to have the necessary fees financed. Below are the three options to register for the course:
1. In-Person\Live Online – The standalone price is $8,725.00. If you add the certification attempt, that would be another $949.00 (which includes two practice tests amounting to $798.00). Another add-on is the OnDemand access (a pre-recorded training session by the author himself, Joshua Wright), which is another $949.00. In total, you are looking at $10,173.00. You get four months of access to the On-Demand materials, and labs, and to take the certification exam.
2. On-Demand – You only have access to the pre-recorded training, which costs $8725.00. Adding on the certification attempt (which, mentioned before, includes two practice tests amounting to $798.00), which costs another $949.00. This option comes down to $9,224.00. Same as four months of access as above.
3. SANS Technology Institute – This is SANS higher education, degree-seeking path. This is the path I chose because it was cheaper and, in the end, you receive a degree. It’s like hitting two birds with one stone. I enrolled in the Penetration Testing and Ethical Hacking graduate certificate program. You can learn more by visiting https://sans.edu. I am unsure about the other programs, but with my path, my employer paid $5,500.00 for the course alone, and you have the option to take an in-person class, live online, or on-demand. That is almost half the cost of option number 1. On top of the lower price, it also comes with 2 practice tests, a certification attempt, and on-demand access. You only get three months of access to everything and no option to extend, though, because you have to take the certification exam to pass the semester.
Which training option did you do (In-Person, Live Online, or On-Demand)?
I’ve taken both On-Demand (not GCIH) and In-Person; for me, In-Person was the better experience. We have our own preferences or methods of studying, but I personally found the In-Person better than On-Demand. For On-Demand, you must be disciplined to keep a continuous study habit, or you will find yourself cramming in the end or, worse, spending more money to buy an extension of your On-Demand access if you need more time to study. With In-Person, it felt like I had no choice but to sit down and listen to the instructor the entire day. But don’t get me wrong- our instructor was excellent. He kept the class lively and engaging. The amount of information given during class felt like drinking straight from a firehose, but hearing real-life experiences from the instructor was well worth it. As an added bonus, you get the chance to interact and network with other aspiring cybersecurity pros. I even had the opportunity to join the first-ever 5k run in a SANS event.
How did you study for the GCIH?
As mentioned earlier, I started by attending an In-Person class. Then, I read through all the books and highlighted information along the way that I thought would be necessary/helpful for the test and in real life. I did not create my index during my first read-through of the books, but I made sure I did the practice labs along the way. Also, at the same time, whenever I went for a run or ride my bike, I listened to the MP3 files of the on-demand training. This was my initial study method. Once I completed the books, labs, and the MP3, I started my index. I went through the books again and indexed the highlighted information on my first pass of the books. I took the first practice test on July 26, 2023, and got an 87%. I then went back, skimmed over all five books again, and improved my index based on my weak areas from the first practice test. I took the second practice test on July 30, 2023, and got a 93%. I then skimmed the areas where I scored lower. Took the final exam on August 1, 2023, and got a 95%. I’ve seen a lot of GCIH-certified suggestions to watch the On-Demand videos, but I didn’t do that. I only took the quizzes in the On-Demand. When I took the quizzes, I didn’t look at my index, I tested how much information I knew without looking at my notes.
Did you use any resources other than the SANS-provided materials?
I used TryHackMe to improve my familiarity with the tools that were discussed in the course. Below is the list of rooms I used to practice:
- Game Zone – This room will get you trained on SQLi and the use of SQLMap, Pivoting using SSH, Cracking passwords using John the Ripper, and the use of Metasploit.
- NMAP Basic Port Scans – This will help you answer most of the NMAP-related questions and labs based on the two practice tests and final exam experiences I had. You will learn how to scan your targets faster instead of using the typical switches that you see from Youtube content creators. There are times that you only need to do host discovery in NMAP and not include the simple scripts, versioning, or all ports. Which speeds up your scan time. I’ve seen some posts online that their scan took a long time and they ran out of time to finish all the questions in the exam.
- Crack the Hash – You will get extensive practice in using the different Hash modes in Hashcat tool like -m 1000, -m 0, and so on. It also includes password salting.
- Command Injection – I think this room is even harder than what’s in the exam.
- Cross-site Scripting – And lastly, this XSS room.
The above list of TryHackMe rooms is all categorized as Easy rooms. It shouldn’t be hard to complete the tasks.
How did you do your index?
You will find many suggestions on how to create your index online, and the most famous index suggestion is the Pancake method by Lesley Carhart. I didn’t do the Pancake method. I thought it was too complex and organized for me, haha. My index was simple. I’ve seen people posting about having 60 pages and more for an index. I only have nine pages. I don’t think there is a perfect method to do your index. Each one of us has our unique way of studying. No one knows you better than yourself, and I am not sure I would have performed as well as if I had used someone else’s index. Going through my index to locate the correct information felt more manageable because I put them there and worded the notes in an easier way to understand. If I had used someone else’s index, I would have struggled to find the correct reference.
What is the passing mark?
70% is the passing score.
How many questions are in the exam?
96 multiple-choice questions and 10 CyberLive (hands-on) questions.
How was the exam?
I thought the questions were fair. There were some questions that I found to be confusing, but overall, they were fair. I found the multiple choice part of the exam harder than the CyberLive ones. Looking back at the score summary of my exam, I ended up getting all the CyberLive questions correct.
When will you know if you passed or failed the test?
As soon as you submit your completed test, you will be presented with a message saying if you pass or fail and with your score. No physical printed exam results will be provided to you. You will, however, get an email with your exam results. I took my test in a testing center, and the exam result was already in my inbox by the time I got my cell phone out of the locker.
Are there benefits to getting higher exam results?
If you score 90% or higher, you will get an invitation to join the GIAC Advisory Board. The advisory board is a private group of GIAC-certified professionals who scored 90% or higher on a GIAC exam. This is an opportunity to network with fellow cybersecurity enthusiasts. You can use this to ask other professionals some questions, and it also means you will start to see an increase of about 100 emails in your mailbox from this group.
I am not sure what is the score cutoff, but I also received an email about SANS Instructor Development Program. An invitation to apply to be a SANS instructor (this is pretty cool, I am gonna lie).
Now, the juicy part- TIPS for the exam:
Obviously, have a good index. One that you created yourself.
Use the “Skip” option when taking the test. Once you’ve read the question and don’t know the answer on top of your head, and you also know it is not in your index, hit that “Skip” button. At the same time, you can only skip 15 questions. Once you’ve reached 15, the “Skip” button disappears. There are two ways to get back to answering the 15 questions you skipped. When you choose to take a break, you are required to answer all of the skipped questions. The other option is that when you finish the CyberLive questions, you will be presented with the skipped questions.
You must be confident in some of your answers. You will run out of time if you are going to check all your multiple-choice answers, and that isn’t good because you don’t know how the CyberLive questions are. There are CyberLive questions in which you must use multiple tools and perform multiple tasks to get the correct answers. And the CyberLive questions are weighted more than the multiple choices questions. I had an hour left from the 4-hour limit when I wrapped up my exam.
Also, answers to the multiple-choice questions are not limited to the five-course books. If I remember correctly, there were 4 or 5 questions that I had to reference the Lab books to get the answer. For example, when a question involves an image, and you are asked to find what was being shown in the image, the lab books contain more images than the other books, and most of the lab books’ contents are screenshots of the lab exercises.
In conclusion, I learned a lot and enjoyed the journey to be a GIAC Certified Incident Handler. I look forward to taking the remaining courses to complete the Penetration Testing and Ethical Hacking graduate certificate program. I hope you find the information I included helpful in your GCIH journey!
Thank you, and please subscribe to my blog if you haven’t done so. HAPPY HACKING!
N00b_H@ck3r 
This is great information. Thank you! I definitely will need to review once we find out more about the squadron transition.
LikeLike