avatarTeri Radichel

Summary

The SANS GSE and GSP certifications have undergone changes in April 2023, with the GSE certification process being updated and the introduction of a new GCP certification, affecting both seasoned professionals and newcomers to the cybersecurity field.

Abstract

The SANS Institute has implemented modifications to its GSE (GIAC Security Expert) certification as of April 2023, introducing a new GCP (GIAC Cybersecurity Professional) certification. These changes have sparked discussions within the cybersecurity community, with some experienced professionals like Teri Radichel expressing that while the certification process may appear more accessible and potentially less rigorous, it still remains challenging and relevant. The updated GSE certification no longer requires an in-person hands-on test, and the practice tests provided seem to focus more on practical and up-to-date scenarios, aligning with the content in the labs. The new format aims to reduce subjectivity in scoring and may be more reflective of real-world problem-solving. Despite these changes, the value of certifications for career advancement and credibility, especially for those new to the field, remains significant.

Opinions

  • Teri Radichel, an experienced cybersecurity professional with extensive qualifications, suggests that the new GSE certification format may be more reasonable and less complex than the previous version, potentially making it more accessible to a broader audience.
  • The author believes that the ability to look up information and solve problems is a crucial skill in cybersecurity, reflecting real-world scenarios more accurately than memorization-based testing.
  • There is a concern that the new virtual testing format might make it easier to cheat or compromise the test's integrity.
  • The subjective nature of the old GSE certification's scoring process is criticized, with the new format being seen as a potential improvement in fairness.
  • The author appreciates that the new practice tests are more relevant to current technologies and cloud security, which are areas of expertise and interest for them.
  • The removal of certain penetration testing tools from the certification content is viewed as unfortunate, as it may not reflect the tools commonly used in the industry.
  • The author is not worried about the changes to the certification process, given their extensive experience and existing credentials, but acknowledges that others may have more significant concerns.
  • The author questions the necessity of collecting CPEs (Continuing Professional Education credits) for certification renewal, especially for those actively teaching and providing training in the field.
  • The article suggests that the new certification process should not require additional payments to the organization for renewal or qualification, emphasizing the importance of a fair and cost-effective approach.

SANS GIAC GSE and GSP

Changes in April 2023 for SANS GSE and new GCP certification

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Cybersecurity

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The GSE certification changed in April 2023. However, the reasons for obtaining certification have not.

There’s also an option which seems to be a stepping stone to the GSE called the GSP or GIAC Security Professional.

I’m not too bothered with the changes as I recently renewed and near the end of the point where I still need certifications (I hope!) I also have two masters degrees in software engineering and information security engineering and 25+ years of experience, have written books on the cloud and cybersecurity, and gotten awards for innovation in cybersecurity — so I hope at some point that will suffice. But if you are newer to cybersecurity and trying to break into the field or improve your credibility — and your confidence — a certification can help.

Someone contacted me who was concerned about the test being “watered down.” I wouldn’t consider it to be watered down but possibly more reasonable. It may be easier to get the certification now since you do not have to take an in person, hands on test to get it — but I wouldn’t say it’s going to be “easy.”

Here’s how the test may have changed, but you’ll have to confirm with SANS or others who have taken it. I received some practice tests with hands on questions recently. I’m not sure how those relate to what you will get on your exam but here’s how they were different than the in-person exam I took.

Multiple choice vs. open-ended questions

The practice tests I got were all multiple choice, not open-ended questions. Multiple choice is always easier as you can weed out clearly incorrect answers and have a shot at getting the question right even if you don’t know the answer at all. But some of the multiple choice questions had like 10 answers, making it harder to randomly get the correct one with a guess. Still, I did on one particular question that I completely could not get working. You have a chance as opposed to a blank spot on a page where you have to write something down.

Multiple steps where every detail counts

I remember one tricky aspect of the original exam where I answered the whole question but got stuck on one small conversion issue. I couldn’t find that clearly explained in the most recent material and it wasn’t on the test. Those types of tricky things did not seem as present in the new tests I got — where you go through this whole scenario and get it all right but miss one flag on a command that trips you up. Maybe that’s a good thing. In the real world, you’d be able to have more time and ask other people to resolve that problem, but clearly you understand the concept.

More relevant? Or easier?

I am not sure if the practice tests I received align with the tests for new certifications, but I scored much higher on those (once I revised my notes as explained in my renewal blog post below) than I did in the renewal test I actually got — which had no hands-on questions.

I found the 401-related material to be significantly easier in the practice test and more relevant to than the renewal test I got. For the most part, this is good because the questions were more practical and relevant on my practice test. I also had cloud questions which I did not get on the renewal test at all. I liked those since that’s what I do — cloud security assessments, penetration tests, and cloud security training.

Real-world problems solving on the fly

In the on-site test, you could use Google to look up answers. I could not do that in the renewal test. I’m not sure how that is going on to work with the new format for the original test. I think that the ability to look up and find answers online and solve problems is a good test — compared to memorizing a bunch of things you may or may not actually use in your particular job. Security is constantly changing and new threats arise that you have to deal with and new products come out that you have to configure correctly — whether you knew it before or not — so I liked that aspect of the hands-on test. Not sure it still exists.

Complex incident response scenarios and written reports

My understanding is that writing a report is no longer a part of the test, but again, confirm that with SANS. In my incident response scenario the second time around, I found old technologies not covered in the material I used to prep for the test. Just by chance, I remembered my instructor talking about that in class, but I don’t recall that being in the books I used to study for the GSE. So I kind of lucked out on that piece of the written report.

Old technology due to complexity of maintenance?

But that was only one small piece of a complex incident response scenario with many different types of logs from many different devices. I didn’t find that type of complex scenario on the practice tests. I think it was complicated for SANS to maintain those complex and up to date scenarios (which I understand having created labs for classes — it’s a software product that requires a full SDLC.) That’s why the incident response scenarios sometimes had old technologies in them.

Scoring and subjectivity

The scoring was also subjective in the original GSE— a panel review — which can go a different direction for each person who takes the test depending on who is on the panel. They would tell you that you failed but wouldn’t tell you why. In the first test I took they said I failed a particular potion of the test that was supposed to be on the first day due to something I did no the second day. That didn’t really make sense to me. I was pretty sure I nailed the first day. Hmm. I like doing away with subjectivity.

Less complexity and alignment with lab material

In the old test, the questions were interrelated with many types of logs as they were in that incident response report scenario. I found the hands-on questions in the new test easier than that incident response scenarios I had to solve (two different scenarios since I took the original twice). The new test questions were easier because each question related to once small piece of a scenario. They also related more directly to the content in the labs which the old test did not. That seems more fair even if not as challenging.

What were those practice tests

I don’t know if and how that aligns to what is on the actual tests now because I don’t know if those practice questions were just for renewals or for the actual GSE test itself. In any case, I found the particular questions I got to be easier than the complex scenarios I got on the original GSE.

Easier? Or more fair and up to date? But not easy!

But don’t be fooled! It was not easy. There are a mountain of books and I spent about three months preparing notes and a list of commands so that I could quickly reference material I needed to pass the test. Writing things down (or typing them) helped me remember things.

Real world experience helps, either way

Also one thing about the practice tests I noticed is that I got networking questions I knew from my own experience but did not recall seeing in the content. I’m not sure if I just missed it but hands-on experience definitely helped with some of the network questions in the particular practice tests I received. Also, hands on experience with penetration testing tools made some questions easier. However, I noticed they removed one of the most widely used penetration testing tools in the industry. Unfortunate.

Less nit-picky? More on understanding of concepts?

In my renewal test I found nit-picky little questions about some random flag in a protocol, for example (not TCP flags — I know those pretty well — something else). Do you really need to memorize every single thing about every protocol or be able to look it up? I actually brought the RFCs with me to the test but forgot to print out that protocol. Oh well. I did not find the questions to be so tricky in the practice tests but maybe I just got lucky and happened to get questions I knew.

Tools and clouds

Some of the tools I had to study don’t work in cloud environments but that is not necessarily a bad thing. It got me thinking about alternate solutions to solve the same problem in a different environment. Maybe we need tools like those in cloud environments, or make them work in cloud environments.

Will it be easier to get a GSE? Time will tell…

I heard that at the time of this change, there are about 350 people with the GSE. Some of those include the new test format. I think possibly 300 people took the old test format. We’ll see what happens. If a lot more people get it that means it’s more accessible and possibly easier — but that may not be a terrible thing. Perhaps more people will know what the GSE actually is!

Hopefully the scoring will be less subjective and the questions will be more up to date. I am concerned that it may be easier to cheat because more people will have access to the questions now that it is all virtual — or worse — the test gets compromised somehow. It will be interesting to see what parts of the world hold the most GSEs in the future as well.

CPEs

I’ve never collected CPEs (credits you get from taking classes that apply to renewing certifications). They can be used for renewing CISSPs, for example. IANS provides them at their events. I’ve provided them to students who took my classes. But I’m not really interested in trying to maintain and collect them when I’m the one teaching the classes and giving the training. Can I get CPEs for that? I never checked.

I see how they can be valuable though. As teachers, my parents had to get continuing education credits. Doctors have to up their knowledge. CPEs are a way to get training that is specific and relevant to your job. It’s an interesting approach but the process needs to be smooth, painless, fair, and not cost extra money — like you can only use CPEs from SANS or people trainers who have current SANS certifications, for example.

I remember talking to a product manager about requirements for a new AWS expert program and mentioned that there should be a way to prove that people are qualified. AWS rolled out the program and said you had to have AWS certifications to be in it — meaning you have to pay AWS. That was not what I meant and I haven’t joined that program — $45,000 later in SANS certifications. Perhaps there is a fee to join or renew but the requirements to be qualified should not also involve paying the organization more money.

It’s all good

I’m personally not too worried about the changes at my point in my career. Interestingly enough, I now have 13 certificates instead of 9 like before the change.

Other people may be more concerned. I still think it will be a worthwhile experience and expand your knowledge.

Just remember us old-school GSEs who went through some additional pain to get our certs. :-) No matter what people say, the on-site test was more stressful than any test I’ve ever taken at a testing center. It was also fun to take the test in person because I met some great people that way. Too bad that is not even an option anymore.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Sans
Gse
Gsp
Cybersecurity
Certifications
Recommended from ReadMedium
avatarSatyam Pathania
Hack Any Mobile Phone Remotely

Ethically — but note — this used to work great with phone under android 10

4 min read
avatarMatSec
OSCP 2024: A New Era in Cybersecurity Certification

As of November 1, 2024, the Offensive Security Certified Professional (OSCP) exam is undergoing significant changes that all aspiring…

3 min read
avatarbl7ck0ut
Infiltrating a Threat Actor's Operations

6 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarTahir
GOVERNANCE RISK AND COMPLIANCE GANG

GOVERNANCE RISK AND COMPLIANCE GANG Hands on Skills for Projects.

7 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read