GIAC GPCS/SANS 510 – GIAC Public Cloud Security

With full-time employment in the Security domain, I have always tried to keep learning and wherever possible with either self-funded or employer-funded, have tried to supplement my learning with certifications. I feel whenever I subscribe for the certification and the exam is scheduled, a sense of disciplined is developed to safeguard the amount invested in the certification program.

With the organizations moving and heavily investing in cloud workloads, it is imperative to learn more about Cloud. I had started my Cloud journey in the year 2018 with basic learning. I attempted MTA 98 369 Cloud Fundamentals which has retired now. With other courses from Udemy and Linkedin Learning in 2018, I decided to prepare and write CCSK. I took approx. 3 months to prepare and successfully pass the certification exam on May 1,2019. Approx 2 years passed quickly while adjusting with fears of Covid and Work From Home mode.
My current employer SAP Labs India ignited to restart the certification journey by sponsoring SANS SEC 510.

• I initiated the process in second week of October, 2021. After signing up for the course, received an email to create the account on SANS using employer’s email address. I selected on-demand mode where course access was granted for 120 days [8th Feb UTC Midnight to be exact].
• After completing sign up process, confirmed course is listed as part of Ondemand course. The course hard copy books were delivered on the shipping addresses submittted while completing the sign up process. The overall process was very very smooth with UPS tracking system. The book was delivered with well packed cartoon box without any damage. The shipment took approx 7 days to reach Bangalore[India].
• The detailed syllabus could be referred here. A summarized view is written below.
  • Exam Information
    • 2 hours
    • 75 Questions
    • 64% Minimum Passing Score
    • Open Book(Only Paper, No Electronic)
  • Booklets
    • Cloud Credential Management
    • Cloud Virtual Networks
    • Cloud Encryption, Storage and Logging
    • Serverless Platforms
    • Cross-Account and Cross-Cloud Assessment
• The course is described as SEC510: Public Cloud Security: AWS, Azure, and GCP is an in-depth analysis of the security of managed services for the Big 3 cloud providers: Amazon Web Services, Azure, and Google Cloud Platform. Students will leave the course confident that they have the knowledge they need when adopting services and Platform as a Service (PaaS) offerings in each cloud. Students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy patches, and validate the remediation. The course takes you through different technical deep dives using automated approach and talks about leveraging Terraform and tools like Prowler, Scott Suite, Pacu, PowerZure, InSpec etc.

• I started with first book and the associated video lectures. Video lectures are pre-recorder and provide ability to play the video at the speed you like. Brandon delivered the lecture and he was quite effective in delivering and organizing the content. With approx 4 months in hand, I wasted initial 2 months with excuses and with December knocking at the door, I had not completed single lecture or topic from video and book respectively. I sat down and made plan to take one lecture every day.
  • Cloud Credential Management – 5 lectures
  • Cloud Virtual Networks – 4 lectures
  • Cloud Encryption, Storage and Logging – 4 lectures
  • Serverless Platforms – 4 lectures
  • Cross-Account and Cross-Cloud Assessment – 5 lectures.
  • Total 22 lectures ranging from 15 minutes to 78 minutes. With this plan, I was focussing to complete the couse by end of the December and write 1 practice test and revise accordingly.
• Unfortunately, Log4j bubble hit on the December,10 weekend and planning collapsed 🙁 I was seeing days passing on my calendar without getting back on the track and like this December was gone. Now I had just 30 days in my hand and pressure was mounting on me. I decided to sit down calmly and develop new strategy. My primaryf focus was to atleast go through the content once before it expires and atleast pass the certification exam.
  • 64% is minimum passing marks. Total 75 questions were available. Considering, it to be linear wieghtage, I decide to make my exam passing strategy more efficient 🙂
    • 48 for passing + 10% to support some wrong but marked with overconfidence questions. GIAC platform doesn’t provide ability to look back and adjust the answers.
    • Decided to atleast strongly built knowledge in 3 domains and 2 domains with focus on leveraging index and notes.
• With each passing days, I was inching closer but something other used to come from office or personal space which was derailing whole track but was using weekend to catch up.
• I was trying to keep my index as short notebook which can help me refresh my concept. I kept below format for my notes.

• One pdf for each of the book and following same pattern. Sorted Keyword column with A-Z. I did not merge all 5 books into one index because I felt when I will see the question on the screen, I will be able to identify which book it belong and then can look up easily but frankly speaking, it failed multiple times during exam when I encountered overlapping topics spread across multiple books.
• Initially I booked my exam through Pearson VUE onsite facility for 4th Feb, 2021 but rescheduled to 5th of Feb 2021. I was saying to the mind to book on 7th as I was still having time till 8th UTC midnight but I decided to write on 5th Feb, 2021.
• I attempted first Practice test on 28th Jan and passed with the score of 69%. I attempted exam without consulting my index or books and wanted to test my understanding. Few of them were well thought guess. I completed all 75 questions in 28 minutes but was disappointed as I did miserably bad in almost all sections. I decided to put serious efforts in revisiting the concepts as I was able to pass but stil I was not satisfied with my learning. Unfortunately the last moment preparation took hit as fall sick with cold amid ongoing Covid 3rd wave in India[psychological impact on mind] and had to take off from office also.

• I took rest for few days was better by 2nd of Feb. I went easy with office works and revised all concepts and reattempted all quizzes from the video lectures on 2nd and 3rd of Feb. I revisited my notes and took a print out. I decided to write the last available practice test on 3rd of Feb and utilize 4th of Feb to do last moment preparation. With help of book and index, was able to register another pass but improved score of 76%. I did see, I took approx one hour and was able to atleast score average in all domains.

• I just read few topics here and there and tried to go through Video lectures on 2x speed.
• The final day here and the exam was scheduled early in the day. Took cab but unexpectedly found traffic making me reach at exact time. Exam facility center representative was quite helpful and patiently explained me why I should have come earlier than exam time. With initial verifications and registering signatures, I was allowed to sit for the exam.
• The exam was bit tough than practice exam and I struggled few places. ~45 questions, I was able to answer with my learnings and was confident that will pass but took a lot for me to fine tune my index+book search methodologies. For one of the question, I had to literally search 3 books’ index but was not able to find it. So it realized, I have done mistake in creating my notes. 7 questions, I marked to Skip for which I took roughly last 30 minutes to search and but only one question, I was able to find convicngly. For remaining 6 question, I went ahead with educated guess. After 1 hr 43 minutes, I found that I have passed the exam with 89%. It was a happy moment. Quickly raised my hands and completed by final formalities and left the test center.

Overall, It took 4 weeks to complete the course. Each day, I used to put 60-90 minutes early in the morning and 30 minutes before going to bed to revise. Quizzes provided in the video helped me. I kept reattempting them. With each attempt, I used to at least 2-3/20 new questions, hence able to test myself with them. Followed descriptive indexing method where the last column captured the summary from the page of the book. The practice test helped to understand the level but there was a well-felt gap with the exam questions. Be prepared to put effort to understand Terraform and CLI basic commands. Create cheatsheet or index Terraform concepts for quickly referring. I would recommend not skipping the labs. I did skip when it started incurring cost as my study was spread across 4 months. I would recommend completing the course, deploying the environment with the script, and then going through the labs if you are going to spread the course over 15-20 days.

Expensive course for almost every one of us but worth a try, if your employer is nice and can sponsor the course. The course taught me well about some hidden misconfiguration and hardening approaches. Few of the scenarios are very generic and could be found in CIS benchmarks but the course is designed to compare AWS, Azure, and GCP on the same parameters. Hence it gives good visibility of concerns and fixes which could mitigate or remediate the configurations or vulnerabilities. The good part is the course provides an automated approach to create a lab environment and destroy the whole setup with provided script. Wherever Terraform does not provide support, native CSP CLI commands are discussed.

If would like to discuss more on this, please feel free to drop me a message on Linkedin or Twitter