Skip to main content

My First SANS Certification: SANS GPCS

ยท 5 min read
Joie Llantero

The course had a well-structured learning-path with crucial topics for anyone utilizing cloud resources and attending in-person gave me a chance to connect with other security professionals around the globe.

My experience taking my first Sans certificationโ€‹

Attending the course in-person gave me the opportunity to interact and network with cybersecurity professionals around the globe--my instructor, classmates and the SANS staff. During the course, we were also joined by 'live-online' participants and all class discussions were recorded.

I'm glad that there were a lot of SANS merchandise and freebies that came with my registration. I received a SANS 2023 shirt, stickers, pen, highlighter, notebook, and a bonus signed copy of the SANS GPCS poster from our instructor, Brandon Evans, who is one of the author of the course.

I was also able to attend one of the community nights. Upon attending, I got a free SANS 2020 shirt, stickers, pen and highlighter, and a SANS poker chip--they don't usually give out many freebies as it depends on the extra stock. These community nights happen face-to-face in various locations around the globe. I follow the SANS LinkedIn profile to keep myself updated for these type of events.


My thoughts on SANS GPCSโ€‹

SANS GIAC Public Cloud Security (GPCS) covers the nuances of the cloud (AWS, Azure, and GCP), teaches you the latest vulnerabilies, and how we can secure our environment. More info can be found on their page.

I think this intermediate-level certification is great for both asipiring cloud security professionals and those who are already experienced. I only had a year of cybersecurity experience and three years of cloud development experience prior to taking this course so I think anyone just starting out can still take GPCS.

The content was well-researched and the course was balanced between theoretical and application. I think if you consider the week-long Netwars (Capture-The-Flag), then there is more application involved.

On top of that, you are awarded a coin if you win the Netwars by achieving the instructor's criteria. In our case, it was to be one of the top 3 (proud to say I made it to the top spot! ๐Ÿ˜).


Preparing for the examโ€‹

Finding the time to study on top of doing work was challenging for me--especially since I have only been a full-time employee for a year fresh out of the university.

I reviewed the learning materials by watching the recorded lectures and highlighting essential info on the books. There's also an audiobook which I tried to listen to while driving but found it diffiult to multitask with the chaotic traffic in the metro. The exam voucher was valid for around four months. I planned to review slowly throughout the four months but failed (lol). I was only able to focus on studying for a month before my exam.

Preparing my indexโ€‹

SANS certification exams have an open-book policy so you can grab an arm-full of hard-copy books, notes, and other materials. This gave me the opportunity to focus on understanding the concepts rather than memorizing them. Note that digital copies or gadgets, e.g., phone and tablet, are not allowed.

I used the "Pancakes Indexing System" which I learned from Lesley Carhart's blog post.

Taking the practice testsโ€‹

I had two practice tests included in the course and I took them after creating my index. The practice test environment (the webapp platform) is expected to be similar to the actual test. Upon taking my first practice test, I noted down the topics that I found difficult to answer. Afterwards, I reviewed the topics and added more notes to my index. I realized that this effective for me because I got a higher score in my 2nd practice test.

I think scoring at least 75-85% in the practice test is a good estimate that you are ready for the exam. The passing score for the GPCS exam is 64%.

Taking the actual examโ€‹

I took the exam days before the expiration of the exam voucher. I was really nervous taking the exam as this was my first intermediate-advanced security-related certification exam besides from it being so expensive (though, it was sponsored by the company). Luckily, I passed and was awarded the GPCS certification. As a cherry on top, I was also invited into the GIAC Advisory Board which can be received if you got a score of greater than 90%. This is a mailing list and you will need to sign an NDA to join.

Final Thoughtsโ€‹

Taking the SANS GPCS is a financial investment so usually we'll have to get the company to sponsor it.

The course content was well-researched and it was packed with crucial knowledge that I can immediately apply at work. Seriously, using the concepts learned from the course at work can actually generate cost savings and pay for itself.

My favorite part of the course were the hands-on exercises. It gave me real-life experience of securing the cloud and pushed me to explore and learn more about other technologies like Terraform.

Overall, the course provided a focused approach to acquiring the necessary knowledge and skills to perform industry standard cloud security.