A stack of SANS course books

GIAC Test Prep

Information Security is a field with lots of certifications. And lots of certification study methods. I’ve experienced everything from the person who knows all the memory devices and will ensure you know the material you need to know, to the “instructor” who could barely read off the vendor-provided slides.

However, GIAC is relatively unique in that a) their material is more tightly controlled – you can’t really walk into a book store and take your pick of study guides, the way you can with, say, Security+ or CISSP, and b) their exams are open book.

Now, anyone who has taken a number of exams knows that “open book” and “easy” are not remotely the same thing. But it does significantly change the strategy for how to prepare. Especially when, as is the case with GIAC, “open book” means “open basically any piece of paper you can carry that isn’t obviously test answers”. So you get to bring in all sorts of material in addition to the books.

This is really useful because you sometimes have 5-6 very thick books. And you need to be able to navigate those books fairly quickly. This is where the famous index comes in

I’m not here to duplicate prior work. Lesley Carhart has already written a pretty awesome guide. I strongly recommend you go read that post – I’ll wait.

So, what do I do different?

The first thing I do is write the course and book number on the edges. This means I can find what book I’m looking for in my stack of books without having to flip through them – I can just look at the edge and slide the right one out of the stack. This is especially useful with the GSE as you have all those books for three different courses, so being able to easily tell them apart matters.

Two stacks of SANS course books, with the course and book number (eg SEC 401.3, SEC 503.4) written on the top/bottom page edges in Sharpie. A different color was used for each course.

What I do next will depend very much on the course and how it is structured.

Is it a course with lots of definitions (like SEC 401)? Then I will probably do a bit more involved index than most others recommend. I’ll add a column for “notes” or “definitions”. This means I don’t have to refer to the books for every questions – sometimes the answer will be right there in my index. For courses like SEC 401, which has tons of definitions, or the GSE (multiple-choice part), it’s worth it. You have entirely too many questions to answer in too little time to look up everything.

Spreadsheet snippet. Columns include Course, Book, Page, Keyword, and Notes.

Note how I’ll take up the extra lines to cover my bases for how I might look up a phrase – there’s both “valuable data” and “data, valuable”.

For these tests with lots of definitions/terms/tools, I recommend choosing a highlighter color just for keywords, and using that color in the books. That way you don’t spend time during the exam trying to find where on the page your keyword is. This should be a different color from your “this was a really good point the instructor made in class!” color. You can even have one color for terms, one for tools, etc.

A page of a course book. A couple of keywords are highlighted.

So… what about some other types of tests?

Some courses, like SEC 503, don’t have a ton of terms. Or tools. They require you to conduct analysis. For these, an index is not terribly useful. As illustrated by the book’s built-in index entry for TCP.

A page from the book's index, showing the entry for Transmission Control Protocol (TCP). The entry is 7 lines long, with each line having at least 6 pages where the term can be found.

So, what do I do here? I’ll build a table of contents. This works great on subjects where one topic will go on for ten pages, because I won’t use up nearly as much space as an index, but I get to keep a sense of what order the material is in.

This matters because my brain is one that will remember that a particular fact is on the page opposite the page with that one image about the thing. And the thing was in the section on the tool.

And… that’s mostly it.

The one thing Lesley said that I’ll repeat: any other resources your instructor gave you? Cheat sheets, posters… USE THEM. I recommend tossing them in a binder, and either making a table of contents or tabbing out your binder. It may seem like overkill for a test, but that binder becomes your first reference when actually doing the job you studied and took the test for.

Best of luck on your testing endeavors!





Leave a Reply