I have always held GIAC certifications and SANS Institute courses in high regard. The content of these courses is unique and rich with valuable information, and the certifications are well-known and highly respected in the cybersecurity industry. I had the opportunity to enroll in one of their courses, SEC510: Cloud Security Controls & Mitigations, previously known as "Public Cloud Security: AWS, Azure, and GCP." The course is authored by Brandon Evans and Eric Johnson.
The course provides cybersecurity professionals with the essential information needed to make informed decisions when choosing between the three major Cloud Service Providers (CSPs): AWS, Azure, and GCP. It helps students understand how these CSPs operate, identifies common vulnerabilities, and offers guidance on how to better secure cloud environments.
In this blog post, I want to share my personal experience of how I prepared for and successfully passed my first GIAC certification with a score of 90, along with my key takeaways from the course.
Establishing a Study Routine
From the outset, I knew that consistency and discipline would be crucial. I established a study routine that fit around my daily life. Each day, I woke up at 5:00 AM and dedicated two hours to studying in the morning. I would then repeat this study session in the afternoon. This structure ensured that I had a solid block of study time each day, helping me to steadily progress through the material.
First Round: Understanding the Material
I started my preparation by going over the e-books provided for the course. These e-books were my primary resource, and I complemented them by watching relevant videos. My focus during this initial phase was on understanding the key concepts. As I went through the videos, I simultaneously read the books and began creating an index. This index became an invaluable tool, organizing important information and concepts that I could refer back to easily.
After completing each section of the material, I reinforced my understanding by completing the corresponding labs. These practical exercises allowed me to apply what I had learned and gain hands-on experience, which is crucial for mastering public cloud security.
Second Round: Deepening My Knowledge
Once I had gone through all the sections, I began my second review using the physical books. This time, I focused on highlighting key words and important concepts. I also took the opportunity to verify and refine my index. This process of review and verification ensured that my notes were comprehensive and accurate.
Leveraging Audio Recordings
An additional resource that significantly aided my preparation was the audio recordings provided with the course. I used these recordings to reinforce my learning while driving, walking, or working out. This multi-sensory approach helped solidify my understanding of the material, making productive use of time that might otherwise have been idle.
Participating in Study Groups
An important part of my preparation was participating in study groups. Explaining key concepts to other students taking the course was incredibly beneficial. Teaching these concepts not only reinforced my understanding but also helped clarify some technical aspects that were initially challenging. This collaborative learning environment provided different perspectives and insights, enriching my overall grasp of the material.
Creating My Index
Indexing is a common practice in GIAC certification, and many people have their own methods. For me, I used a simple Excel sheet. In one column, I included the book number, in another, the page number. I left two columns for key concepts and explanations. I also mentioned the cloud provider at the end. Color coding can be helpful as well. Ultimately, do it in a way that you find suitable and convenient; everyone has their own study methods. Don’t overdo it.
The First Practice Test: Testing My Knowledge
With my second review completed, I felt it was time to test my knowledge. I took my first practice test to validate my understanding and the effectiveness of the index I had built. This practice test was a critical step as it highlighted areas where I needed to improve and allowed me to gauge my readiness for the actual exam.
Final Review and Mind Mapping
After identifying areas for improvement from the first practice test, I embarked on a third review of the books. This final review was more strategic; I focused on building a mind map for high-level topics. The mind map was particularly useful for linking key concepts across different domains, providing a holistic view of the material.
The Second Practice Test: A Confidence Booster
With my mind map and refined index, I took the second practice test. This test was pivotal as it not only reinforced my knowledge but also boosted my confidence. By scoring well on this practice test, I felt assured that I was ready to tackle the actual exam.
Exam Day: The Final Challenge
On exam day, I felt prepared and confident. The months of disciplined study, the comprehensive index, the practical labs, the practice tests, the collaborative study sessions, and the continuous reinforcement through audio recordings all culminated in a successful exam experience. Scoring 90 on the GIAC Certification in Public Cloud Security was a testament to the effectiveness of my preparation strategy.
What I Learned
Throughout my preparation, I learned several important lessons that are crucial for anyone working in cloud security:
1. Challenges of Single Cloud Providers: Relying on a single cloud provider can be challenging because each provider has unique vulnerabilities and security controls. Depending on the architecture, clients can leverage multiple providers to mitigate risks.
2. Importance of Configuration Management: Changing default configurations is essential because some cloud providers have default settings that include excessive privileges. Customizing these configurations is crucial for security.
3. Identity and Access Management: Securing identity and access management (IAM) is paramount. Properly managing IAM can prevent unauthorized access and potential breaches.
4. Encryption: Encrypting data is vital because encryption has become inexpensive and has minimal impact on performance. Ensuring that all data, whether in transit or at rest, is encrypted adds a crucial layer of security.
5. Serverless Environments: Assessing serverless environments for excessive permissions and persistent data is important. These environments can often be overlooked but require the same level of scrutiny as traditional servers.
6. The importance of using short-lived credentials in a multi-cloud environment: Avoid using long-term credentials whenever possible.
Key Takeaways For Exam Preparation
1. Focus on Understanding Technical Concepts: Understanding the technical concepts is paramount. Don't just memorize; strive to grasp the underlying principles and how they interconnect.
2. Know the Differences Between Cloud Providers: Understanding the key differences between the three major cloud providers (AWS, Azure, GCP) and how to mitigate their specific vulnerabilities is crucial.
3. Indexing is Important, But Not Everything: While creating an index is helpful, it should not overshadow your comprehension of the material. My personal advice is to index in a way that suits you but avoid overdoing it.
4. Collaborative Learning: Try to explain key concepts to others taking the course with you. This will help validate your understanding and reinforce your knowledge.
5. Leverage Audio Recordings: Utilize audio recordings to reinforce learning during activities like driving, walking, or working out. This helps to maximize study time effectively.
6. Understanding Terraform Code: It’s important to understand how to read Terraform code, a crucial part of the course. Focus on learning the main building blocks of Terraform code to enhance your comprehension and practical skills.
7. Understanding Over Memorization: Focus on truly understanding the concepts rather than rote memorization. This approach will help you apply your knowledge more effectively in real-world scenarios.
Conclusion
Preparing for the GIAC Certification in Public Cloud Security was a rigorous but rewarding process. Establishing a disciplined study routine, thoroughly understanding the material, participating in study groups, leveraging audio recordings, creating a detailed index, and consistently testing my knowledge were key factors in my success. I hope my experience can serve as a guide and inspiration for others embarking on their certification journey. Remember, with dedication and a structured approach, you too can achieve your certification goals.
Comments