Dear CertMag is a weekly feature that addresses common questions about certification and related IT issues. Have a question? Send an e-mail to editor (at) certmag (dot) com.
Dear CertMag: I’ve been working in IT security for several years. I have two certs from GIAC, the GISF and the GSEC. I recently whiffed on my first crack at the GPEN. Is there a test retake strategy that will help me pass on my next attempt? Up til now, I’ve always done pretty well with self-study materials like books and practice tests. What else should I try?
— Roberto, Dallas, Texas
The GIAC certifications — and associated training from SANS — are extremely well regarded, but in my experience can be quite tough! Moving from security concepts (the foundation of the GISF and GSEC) into a practical application area of security, such as the penetration testing that is covered by the GPEN, probably requires some areas of experience that you could spend some additional time in.
When people study for certifications, many times they forget that each of us has our own way of learning — and that when faced with new material that is not as comfortable with us, sometimes we have to engage our minds in different ways to “get it,” and retain that information.
The first step here is probably to make your test retake a priority. Establish a date for your test retake and put aside the money to schedule the test. Book the time off at work, and make any other arrangements that you can make short of actually registering for the test. Having a hard date often changes the way that we look at preparing for long-term goals like certification. The date should be far enough out that you can spend quality time preparing for the certification, but not so far out that you lose the urgency of the looming deadline. Give yourself at least a month. Beyond that, you know how much time you can devote to preparation, and should customize the retest window to meet your needs.
Books and practice tests are a good place to start, but only will cover one of the many ways that your mind can engage the information that you need for the GIAC Certified Penetration Tester. I strongly recommend that you find two or three different ways to study and prepare for your next exam. (My assumption in putting this together is that you may not have the funds for the SANS courses on penetration testing, as these can be quite expensive. They are, however, generally quite well regarded in terms of providing the information and experience you will need.)
Do you have the ability to work with tools like metasploit and other covered toolkits? To stretch the legs of those tools against a few servers with some default installs and basic content?
Could you join (or do you already belong to) communities that discuss penetration testing methodologies and experiences? Sharing the experience that you do have, and getting community reaction to it, can be very effective as a test preparation method. The mind absorbs most from teaching other people things, with studies indicating as high as 90 percent efficiency at retaining information which is retaught!
If you do not have the ability to engage substantively in certification or infosec communities, are there local user groups, or potentially low-cost videos on the subject that you might be interested in? Much of what is out there in the security space is vendor specific, but with the right exposure and reading, you could gain some concept reinforcement from seeing what several different vendors have in their toolkit training videos and the like.
Finally — and most importantly — work with professionals in the area. These can be colleagues at the office, or someone contacted through a mentorship program. Conversations on shared interests in security can help you “stretch your mental legs” and make connections you might miss otherwise.
Any one of these strategies can be helpful, in addition to what you are already doing. Taking the time to tackle any (or all) of them could be the helping hand that gets you a passing score on your test retake.