How to ace the GIAC GCLD Certification Exam - My Journey to a 94%
Introduction
I made a post on LinkedIn a few weeks ago when I realized I was about to commit to taking the GIAC Cloud Security Essentials certification exam. I was a C student in both high school and college...studying is not my strong suit. So to say I was a bit nervous is an understatement. I spent the last 7 years of my career avoiding certifications; even going as far as ridiculing those who were "certification hoarders" as a sort of defense mechanism.
Throughout this post, I'm going to outline my journey and highlight the things I believe enabled me to achieve a 94% on the GCLD exam. We will cover the live online training, preparing for the exam, creating and index, and sitting for the exam.
Also, before we start, I want to give a huge shoutout to the inspiration for this post and what I'd largely contribute to my success on this exam to begin with; Lesley Carhart's Better GIAC Testing with Pancakes.
What is the GCLD Certification?
According to the GIAC website, the GCLD Certification "validates a practitioner's ability to implement preventive, detective, and reactionary techniques to defend valuable cloud-based workloads."
In other words, if you take this course and certification, you will learn a lot about the different services available to an organization in all three of the major Cloud Service Providers (AWS, Azure, and GCP).
Registering For SEC488: Cloud Security Essentials
At the time of this writing, I was lucky enough to work somewhere that had a training budget. A dream come true for any Cyber Security Professional looking to learn new things and buff up their resume a bit. I love training! But, the thought of taking an exam after that training was mortifying. Perhaps you can relate with me on this or you are lucky enough to actually either not mind or love test taking.
Registering for the course was super easy; as is usually the case when you are throwing a significant sum of money at a company. I chose to sign up for the Live Online version of the course. I would highly recommend this option as opposed to the self-paced version if you have a hard time committing to completing the course material in a timely manner. It's also nice to have a real human to ask questions to during training.
If you haven't registered yet and would like to, here's the link: https://www.giac.org/certifications/cloud-security-essentials-gcld/
Live-Online Training Week (1 Week)
You will likely begin your journey to the GCLD certification with a course. As I previously mentioned, I opted to attend the Live-Online training provided by SANS. Please be advised that the course is 6 days technically. However, the last day is actually the SANS "CloudWars" CTF competition. It is technically optional. Unfortunately, I was unable to attend the 6th day due to my children getting sick and the general craziness of work. The point is, if you can attend the 6th day DO IT, if you can't, don't sweat about it.
During the 5 full days of training, your instructor will go through five (5) training books that are broken up into key domains and concepts for cloud security. In fact, the course is kind of conveniently broken up into one book per day, so you can easily understand the pace and what you will be covering. I liked that, as apposed to jumping into other books/topics each day and finishing half way through.
A general tip for the training - just pay attention. I personally did not worry about starting an index or taking notes during this time, but it may be prudent to highlight key points or jot down page numbers for things your instructor will occasionally give you the "wink-wink" about.
Overarching Note about the entire live-training: Do the f-ing labs ya dingus (the content is testable). Can you technically not do any of the labs? Yes. Is that a good idea? No. You are just cheating yourself out of valuable experience.
Day/Book 1: Identity and Access Management
This is the introductory module and will begin with a lot of basic concepts; easing you into the three major cloud providers while gradually expanding on how they function from an access standpoint. You will likely be eager and ready to learn during this day, which is great because there is a lot of good and important topics.
Some cool topics that will be covered are things like Policies, Group/Role Management, Temporary Credentials, External Access, and general best practices. All critically important stuff.
Day/Book 2: Compute and Configuration Management
The second day is where you really get into the hard hitting cloud tech in my humble opinion. Now that you've covered the access fundamentals of the three major CSPs, you'll begin to understand the management of infrastructure and the challenges faced while doing so.
There are many great topics in this book including Image Management, Containers, Cloud Storage, and much more.
Day/Book 3: Data Protection and Automation
Day three will cover all things data and a bit more. If you are worried about the dreaded encryption section, don't be. This exam will not focus on memorizing encryption standards/math. That said, there is plenty more to learn here. I personally found that my exam contained the least amount of content from this particular book. I wouldn't hang your hat on that though.
Some cool topics covered during this session are Data Classification and Encryption, Availability, Infrastructure as Code, and CASB.
Day/Book 4: Networking and Logging
As a "blue teamer" myself, I found this day to be the most interesting and engaging. Everyday at work, I handle logs and analysis of said logs, but I wasn't super comfortable with all the Cloud Logging tech and concepts. This day really digs into that and I found it super useful.
Some of the topics I really enjoyed was Network Visibility, Cloud Detection and Logging Services, and more.
Exam Pro-tip: Pay attention to the segmentation section. I found a lot of questions relating to it that could easily stump you.
Day/Book 5: Compliance, Incident Response, and Penetration Testing
Day 5 feels a lot like a filler day to be completely honest. I think most folks are fatigued at this point, but honestly, there is still some really good and important stuff covered. I was a bit disappointed in the lack of Incident Response and Pentesting content, but we have to remember that isn't really what this course is about. The big two in this section are the compliance frameworks and pentesting rules of engagement for cloud.
The Indexing Method
Before we get to studying and actually creating the index, I want to highlight what the indexing method looks like and how you will do it systematically while you study. You will want to complete this gradually as you perform your first read through; don't rush to sticky note everything right at the beginning...you'll see why later.
Every book gets a color at the top. Stagger them so it is visibly apparent which is book 1 vs book 5. I did it left-to-right.
Each book's subsection gets a color and a label on the side.
Create a spreadsheet. The first column will be the book and page number; second will be the keyword to be indexed.
You can see that we color the book/page column to match the top sticky color on our book. The topic is colored according to the subsection color for easier navigation once you have the book in hand.
When you are ready to print out the index, sort column B alphabetically.
Now copy and paste the cells into a word document and use a two column layout.
Now you can print (IN COLOR) and your off to the races. You may need to hit your local fedex to print though like I did.
PROTIP: Put a stick note on the GCLD book pre-built index as well! You may end up needing it during the exam.
Self-Study Time and Index Building (2 Weeks+)
Now that you've finished the course, it's time to hit the books. Grab some coffee/tea, a nice spacious desk, and get started! I personally took a week off from the books after the class because I needed to let my brain heal and digest all the information I had just learned.
Things You Will Need
Before you begin self-study, you will absolutely need to have the following:
Colorful sticky note tabs - critical for building your index
Highlighter - don't worry about special colors
A computer with Excel/Word or Google Docs
The First Read Through
The first thing I recommend is doing a full read-through of the course material again. But this time, you'll want to begin creating your index and highlight along the way. This means it will likely take more time than you think to complete the read through. Plan on spending a significant amount of time on this; I did my first read through in 1 week by spending a couple hours a night during the weekdays and a few hours a day on the weekends.
Really take this one slow if you can afford it. Your objective is to create a solid index and begin to retain the material you may not be as familiar with.
As you go through, page by page, highlight key concepts and enter book/page/keyword combinations into your index spreadsheet. I personally treated this like a game. My goal was to turn my boring five book collection into a colorful spectrum of sticky notes and highlighter. By doing so, I know that meant I had completed my full read through and I was closer to where I needed to be.
NOTE: Highlighting on the pages will help guide your eyes during the exam, thus saving you precious time.Take a Breather
Once you complete your first read through, I personally suggest you take a break. I found myself thinking about the course material constantly throughout the day and in the evenings. I have no scientific references, but it felt like I was letting my brain start to retain some of the material instead of resuming the barrage of information.
Your First Practice Test
Ok, so you attended training, read through the content, took a break...now it's time to put yourself to the test! But hey, there is no pressure. It's only the first practice test. This is going to be your BASELINE test. It will reveal your strengths and weaknesses.
My personal advice to you is to simulate your test environment as best you can while you take your practice tests. This includes:
Taking the practice test at the same time of day you plan on taking the real thing
Don't listen to music; because you won't be able to during the exam
Don't read the questions out loud; because you won't be able to during the exam
Take the practice test in the same location you plan on taking the real thing
I even took it a step further; I lit some of my favorite incense in the room before starting. I only used it from that point on for my practice tests and I used it on exam day. I not saying it's the reason I aced the exam, but I'm not NOT saying it either.
As you take the test, use your index digitally. You won't be able to do this on test day, but its fine. Jot down notes whenever you can't find something in your index and follow up on it and make sure you add it.
Hopefully you will pass, but don't worry about this score too much. What is important is the star ratings. Make a mental note of where you need to work. Anything topic with less than 3 stars should be a priority.
Targeted Study Time (1 week)
You now have a baseline and some topics you likely need to hone your skills on. Take this next week to study that specific material and really commit some of the stuff you knew pretty well to memory.
Remember that every question you do not need to reference your books for will net you more time for those questions you do.
Note: I don't know if it was just my test, but the ISO27xxx framework questions were brutal on me! Take your time and go through to find each and document them in your index in case you need it. Second Practice Test (2-4 Days before exam)
I recommend taking your second practice test a few days before your actual exam. By this point, you should be feeling relatively confidence about both the exam content and your index. Follow all the same rituals you did for the first practice test, but this time you will want to have your printed copy of the index. This will help you simulate time management better.
I was able to improve my score by 7 percentage points. Hopefully you can do the same or better! It was at this point where I realized I was so close to that coveted 90%. At this point I had nothing to lose but go for it! If you are testing within 5% of that 90%, you are in great shape to achieve it on test day!
Now - rest, study some more, rest and get ready for the big day.
GCLD Specific Thoughts
I wanted to write this section because most of what I've described in this article is really just a general GIAC study guide. Every GIAC exam is very different content wise obviously, so let's go through some observations on the content. I can't give away specifics about questions, but I can guide your studying to focus on things that may help.
Cloud Tools Are Numerous; Focus - your studies will flood you with many different CSP specific products. It's nearly impossible to be an expert at all of them; good thing you don't have to be. Focus on remembering which products belong to which CSPs and what purpose they serve. For example, try to remember Firebase is a GCP product and it is Google's answer to cloud-based mobile development.
Don't Index Starting With CSP Name - it may be tempting to create your index and document tools like "AWS Cognito" or "Azure Network Security Groups", but I found this to be ineffective. Many time your brain will not include the CSP name in front of the product and the questions may not either. It's much faster to go to the name of a product or concept than sift through a sea of AWS this-and-that.
Take Advantage Of Lab Time - you may not have really played much with Azure or AWS in your personal day-to-day because of worrisome costs. This course does a good job of building you an infrastructure that is fairly complex without costing you a dime (if you tear it down at the end of the week). Take advantage and pay attention during these times as having some experience in the tools themselves really helps.
Read Both The Slide and The Page Text - I've seen some advice out there that you should just read the text when studying; however, I noticed that the course author for the GCLD course has unique information in both sections at times. If you are studying, make sure you don't miss something by at least glancing over the slide as well.
Taking the Exam
When the day finally arrives; take a deep breathe. Ok, I'll admit I didn't do this...I was kind of panicking a bit. I spent some of the morning studying, but honestly, there was a part of me that knew I wasn't going to make any meaningful progress by doing so. Instead, I spent maybe a few minutes trying to hammer in some of the more technical, perhaps obscure, details that I thought may appear on the exam. If they appeared, I'd know the answer instead of floundering and possibly missing a question.
Set up your environment exactly like you did with your practice tests and be prepared for your remote proctor by following the instructions that were sent to you in the days prior.
I ended up sprawling my index across my desk so I wouldn't have to flip through pages. It ended up working great!
If you are part of the #incensebrigade light it up.
Take the exam and good luck!!! Remember your pacing. If you finished with an hour left each practice exam, realize you probably have more time than you think to double check your answers in your index/books! That's the key to the 90+%
Passing the Exam
I hope this little post helps you pass the exam and achieve the 90% mark you were hoping for, but even if you got a score a bit lower, you are still a Certified Cloud Security Essentials professional! It feels so great to pass; seeing my score at first I was in disbelief!
If you do end up getting above a 90% on the exam, you will qualify to join the SANS Advisory Board. Once you sign the NDA, you gain access to a special mailing list.
If you happened across this post and it helped you out, I'd love to hear from you! Hit me up on twitter, linkedin, or shoot me an email at travis@infosecsidekick.com! Feel free to share this post!