I liked the course as it had well-structured learning-path with crucial topics for anyone utilizing cloud resources. Attending the course in-person gave me a chance to connect with other security professionals around the globe.
Taking the course
SANS GIAC Public Cloud Security (GPCS) covers the nuances of the cloud (AWS, Azure, and GCP), teaches you the latest vulnerabilies, and how we can secure our environment. More info can be found on their page.
My favorite part of the course was doing the hands-on and bonus exercises. It gave me a real-life experience of securing the cloud and pushed me to explore and learn more about other topics, e.g., Terraform, relevant to the course.
Attending the course in-person gave me the opportunity to interact and network with my instructor, classmates, and other people taking other SANS courses in the venue. I received a SANS 2023 shirt, stickers, pen, highlighter, notebook, and a singed SANS GPCS poster from our instructor, Brandon Evans, who is also the author of the course.
I was also able to attend one of the community nights where they discussed how to hackproof your cloud. Upon attending, I got a free SANS 2020 shirt, stickers, pen and highlighter, and a SANS poker chip--they don't usually give out many freebies as it depends on the extra stock.
The bonus challenges is also a capture-the-flag (CTF) activity and you get the GPCS coin if you reach the instructor's criteria.
Preparing for the exam
Finding the time to study on top of doing work was challenging for me--especially since I have only been a full-time employee for a year fresh out of the university.
I reviewed the learning materials by watching the recorded lectures and highlighting essential info on the books. There's also an audiobook which I tried to listen to while driving but found it diffiult to multitask (haha). The exam voucher was valid for around four months. I planned to review slowly throughout the four months but failed (lol). I was only able to focus on studying for a month before my exam.
Preparing for your index
SANS certification exams have an open-book policy so you can grab an arm-full of hard-copy books, notes, and other materials. This gave me the opportunity to focus on understanding the concepts rather than memorizing them. Note that digital copies or tech, e.g., phone and tablet, are not allowed.
I used the "Pancakes Indexing System" which I learned from Lesley Carhart's blog post.
Taking the practice tests
I had two practice test included in the course and I took them after creating my index. The practice test environment (the webapp platform) is expected to be similar to the actual test. Upon taking it, I noted down the topics that I found difficult to answer. Afterwards, I reviewed the topics and added more notes to my index. I realized that this effective for me because I got a higher score in my 2nd practice test.
I think scoring at least 75-85% in the practice test is a good estimate that you are ready for the exam. The passing score for the GPCS exam is 64%.
Taking the actual exam
I took the exam days before the expiration of the exam voucher. I was really nervous taking the exam as this was my first advanced security-related certification exam besides from it being so expensive (though, it was sponsored by the company). Luckily, I passed and was awarded the GPCS certification. As a cherry on top, I was also invited into the GIAC Advisory Board which can be received if you got a score of greater than 90%. This is a mailing list and you will need to sign an NDA to join.
Final Thoughts
Taking the SANS GPCS is a huges investment. The course content is well-researched and it was jampacked with crucial knowledge that I can immediately apply at work. During the course, you will not only improve your knowledge but also develop your skills as you do the hands-on and bonus exercises. Additionally, you can connect with other professionals. Enrolling in a SANS course is not cheap but the value you will get out of it is worth it for your career.