The course featured a well-structured learning path, covering essential topics for anyone working with cloud resources. Attending in person allowed me to connect and network with cybersecurity professionals from around the world, including my instructor, classmates, and the SANS staff. Additionally, the course included 'live-online' participants, and all class discussions were recorded for future reference.
I was excited to receive several SANS freebies with my registration, including a 2023 shirt, stickers, a pen, a highlighter, a notebook, and a signed GPCS poster from our instructor, Brandon Evans, one of the course authors. At a community night, I picked up additional freebies like a 2020 shirt, more stickers, a pen, a highlighter, and a SANS poker chip. Freebies depend on extra stock, and these in-person events are held globally.
Learn more about SANS Community Night through this link.
My thoughts on SANS GPCS
SANS GIAC Public Cloud Security (GPCS) covers topics in cloud security across the top three cloud servier providers (CSPs)--AWS, Azure, and Google Cloud--such as uncovering the cloud vulnerabilities and unintentional exposure through improper setup in various cloud services (IAM, network, storages) and discusses best practices that would best suit your organization.
More info can be found on their page.
I really appreciated the course as a threat detection engineer. I was able to look at the risks invovled in the cloud and how it is set up. With this, I was able to develop cloud strategies and solutions on increasing the organization's security posture.
The content was well-researched and the course was balanced between theoretical and application. If you consider the Netwars--SANS' own capture-the-flag site--then there is more application invovled where you can practice the new knowledge and skills.
On top of that, you are awarded a coin if you win the Netwars by achieving the instructor's criteria. In our case, it was to be one of the top 3 (proud to say I made it to the top spot!).
Preparing for the exam
Finding the time to study on top of doing work was challenging for me--especially since I have only been a full-time employee for a year fresh out of the university.
I reviewed the learning materials by watching the recorded lectures and highlighting essential info on the books. There's also an audiobook which I tried to listen to while driving but found it diffiult to multitask with the chaotic traffic in the metro. The exam voucher was valid for around four months. I planned to review slowly throughout the four months but failed (lol). I was only able to focus on studying for a month before my exam.
Preparing my index
SANS certification exams have an open-book policy so you can grab an arm-full of hard-copy books, notes, and other materials. This gave me the opportunity to focus on understanding the concepts rather than memorizing them. Note that digital copies or gadgets, e.g., phone and tablet, are not allowed.
I used the "Pancakes Indexing System" which I learned from Lesley Carhart's blog post.
Taking the practice tests
I had two practice tests included in the course and I took them after creating my index. The practice test environment (the webapp platform) is expected to be similar to the actual test. Upon taking my first practice test, I noted down the topics that I found difficult to answer. Afterwards, I reviewed the topics and added more notes to my index. I realized that this effective for me because I got a higher score in my 2nd practice test.
I think scoring at least 75-85% in the practice test is a good estimate that you are ready for the exam. The passing score for the GPCS exam is 64%.
Taking the actual exam
I took the exam days before the expiration of the exam voucher. I was really nervous taking the exam as this was my first intermediate-advanced security-related certification exam besides from it being so expensive (though, it was sponsored by the company). Luckily, I passed and was awarded the GPCS certification. As a cherry on top, I was also invited into the GIAC Advisory Board which can be received if you got a score of greater than 90%. This is a mailing list and you will need to sign an NDA to join.
Final Thoughts
Taking the SANS GPCS is a financial investment so usually we'll have to get the company to sponsor it.
The course content was well-researched and it was packed with crucial knowledge that I can immediately apply at work. Seriously, using the concepts learned from the course at work can actually generate cost savings and pay for itself.
My favorite part of the course were the hands-on exercises. It gave me real-life experience of securing the cloud and pushed me to explore and learn more about other technologies like Terraform.
Overall, the course provided a focused approach to acquiring the necessary knowledge and skills to perform industry standard cloud security.