Skip to main content

My Experience Taking a SANS Certification: GPCS

· 5 min read
Joie Llantero
Joie Llantero
Security Engineer

As a threat detection engineer who had only been working full-time for about a year, I knew I needed to level up my cloud security knowledge. When my company offered to sponsor a SANS certification, I jumped at the chance to take the GIAC Public Cloud Security (GPCS) course. Here's how that journey went--from the classroom to passing the exam.

What the course covers

SANS GPCS dives into cloud security across the three major cloud service providers--AWS, Azure, and Google Cloud. The course covers how to uncover cloud vulnerabilities and unintentional exposure caused by improper configurations in IAM, networking, and storage services. It also discusses best practices you can tailor to your organization's needs.

note

More info can be found on the SANS GPCS course page.

The content was well-researched and struck a great balance between theory and hands-on application. As someone working in threat detection, I found it incredibly valuable to see cloud risks from a defender's perspective--understanding how misconfigurations happen and what attackers look for. I was able to take these insights back to work and develop strategies for strengthening our cloud security posture.

The in-person experience

Attending in person was worth it. I connected and networked with cybersecurity professionals from around the world--my instructor, classmates, and the SANS staff. The course also included live-online participants, and all class discussions were recorded for future reference.

Our instructor was Brandon Evans, one of the course authors, who signed our GPCS posters. I also collected a haul of SANS freebies: a 2023 shirt, stickers, pens, a highlighter, and a notebook. At a community night event, I picked up even more--a 2020 shirt, additional stickers, and a SANS poker chip. Freebies depend on extra stock, and these events are held globally.

note

Learn more about SANS Community Night through this link.

sans-freebies

The Netwars challenge

My favorite part of the course was the hands-on component. SANS runs Netwars, their own capture-the-flag competition, where you get to apply everything you've learned in real-world scenarios. It pushed me beyond the course material and got me exploring additional technologies like Terraform.

You're awarded a coin if you meet the instructor's criteria for the challenge. In our case, it was finishing in the top 3--and I'm proud to say I made it to the top spot!

sans-coin

Preparing for the exam

Balancing exam prep with a full-time job was the hardest part. My exam voucher was valid for around four months, and I had grand plans to study gradually over that entire period. That didn't happen. In reality, I only managed to focus on studying during the final month before my exam.

I reviewed the learning materials by rewatching the recorded lectures and highlighting key information in the books. SANS also provides an audiobook, which I tried listening to while driving--but the chaotic metro traffic made that experiment short-lived.

Building my index

Here's the thing about SANS exams: they're open-book. You can bring an armful of hard-copy books, notes, and printed materials into the exam room. No digital copies or devices though--phones and tablets are not allowed.

This open-book policy meant I could focus on understanding concepts rather than memorizing them. The key was having a well-organized index so I could quickly find any topic during the exam. I used the "Pancakes Indexing System" which I learned from Lesley Carhart's blog post--highly recommended.

Practice tests

The course included two practice tests, and I took them after building my index. The practice test platform is designed to be similar to the actual exam environment.

After my first practice test, I noted down every topic I struggled with, then went back to review those areas and added more detail to my index. This feedback loop worked well--my second practice test score was noticeably higher. If you're scoring between 75-85% on the practice tests, that's a good sign you're ready. The passing score for GPCS is 64%.

The actual exam

I took the exam just days before my voucher expired--talk about cutting it close. I was genuinely nervous. This was my first intermediate-to-advanced security certification, and despite the company sponsoring it, the cost made the stakes feel even higher.

Luckily, I passed. And as a cherry on top, I was invited to join the GIAC Advisory Board--an honor extended to those who score above 90%. It's a mailing list community that requires signing an NDA to join.

Final thoughts

SANS GPCS is a significant financial investment, which is why company sponsorship is usually the way to go. But the return on that investment is real--the knowledge I gained was immediately applicable at work, and using those concepts to improve our cloud security actually generated cost savings that can pay for the course itself.

If you're a cloud security practitioner looking for a structured, vendor-neutral deep dive into securing AWS, Azure, and GCP, I'd highly recommend this course. Just don't wait until the last month to start studying like I did.