Skip to main content

My SANS GPCS Experience

ยท 5 min read
Joie Llantero

The course has a well-structured learning-path with crucial topics for anyone utilizing cloud resources. Attending the course in-person gives you a chance to network with other security professionals around the globe.

Taking the courseโ€‹

SANS GIAC Public Cloud Security (GPCS) covers the nuances of the cloud (AWS, Azure, and GCP) and how we can secure our environment. The course also equips you with the latest vulnerabilies in the three cloud service providers (CSPs). More info can be found on their page.

My favorite part of the course was doing the hands-on and bonus exercises. It gave me a real-life experience of securing the cloud and pushed me to explore and learn more about other topics, e.g., Terraform, relevant to the course. Though it is a nice know Terraform and how to code, it is not a prerequisite for the course.

Attending the course in-person gave me the opportunity to interact and network with my instructor, classmates, and other people from taking other courses. I received a SANS 2023 shirt, stickers, pen, highlighter, notebook, and a singed SANS GPCS poster from our instructor, Brandon Evans, who is also the author of the course.

I was also able to attend one of the community nights where they discussed how to hackproof your cloud. Upon attending, I got a free SANS 2020 shirt, stickers, pen and highlighter, and a SANS poker chip.

sans-freebies

The bonus challenges is also a capture-the-flag (CTF) activity and you get the GPCS coin if you reach the instructor's criteria. In our case, it was to reach a score of greater than 100 and be one of the top 3 of the class.

sans-coin

Preparing for the examโ€‹

Finding the time to study on top of doing work was challenging for me--especially since I have only been a full-time employee for a year fresh out of the university.

I reviewed the learning materials by watching the recorded lectures and highlighting essential info on the books. There's also an audiobook which I tried to listen to while driving but found it diffiult to multitask ๐Ÿ˜…. The exam voucher was valid for around four months. I planned to review one book (there were five books) per week but I found it difficult to balance with work and personal life. So, I was only able to focus on studying for a month before my exam.

Preparing for your indexโ€‹

SANS certification exams have an open-book policy so you can grab an arm-full of hard-copy books, notes, and other materials. This gave me the opportunity to focus on understanding the concepts rather than memorizing them. Note that digital copies or tech, e.g., phone and tablet, are not allowed.

I used the "Pancakes Indexing System" which I learned from Lesley Carhart's blog post.

My index started out as a printed index using Excel. When I took the practice tests, I added hand-written keywords and notes. After reviewing and practicing using my index, I felt that I should no longer print a new one. The reason is I already got used to my index.

Taking the practice testsโ€‹

I had two practice test included in the course and I took them after creating my index. The practice test environment (the webapp platform) is expected to be similar to the actual test. Upon taking the practice test, I noted down the topics that I found difficult to answer. Afterwards, I reviewed the topics and added more notes to my index. I realized that this effective for me because I got a higher score in my 2nd practice test.

I think scoring at least 75-85% in the practice test is a good estimate that you are ready for the exam. The passing score for the GPCS exam is 64%.

Taking the actual examโ€‹

I took the exam days before the expiration of the exam voucher. I was really nervous taking the exam as this is my first advanced security-related certification exam. Luckily, I passed and was awarded the GPCS certification. As a cherry on top, I was also invited into the GIAC Advisory Board which can be received if you got a score of greater than 90%. This is a mailing list and you will need to sign an NDA to join.

Final Thoughtsโ€‹

Taking the SANS GPCS is an investment. The course content is well-researched and it was jampacked with crucial knowledge that I can immediately apply at work. During the course, you will not only improve your knowledge but also develop your skills as you do the hands-on and bonus exercises. Additionally, you can connect with other professionals. Enrolling in a SANS course is not cheap but the value you will get out of it is worth it for your career.