Review: GISF (GIAC Information Security Fundamentals)
My ‘first’ course in the SANS Technology Institute Bachelors in Applied Cyber Security degree was a combination of a few different courses. The main one being SEC301: Introduction to Cyber Security, partnered with SEC403: Secrets to Successful Cybersecurity Presentation, and SEC402: Cybersecurity Writing. I say ‘first’ because I guess technically I’ve already done four classes via my undergraduate certificate, but that isn’t important. As far as this review goes I will be focusing on SEC301.
Like my previous reviews I will refer to the entire course as ‘GISF’ to save typing (and your time), and break down the materials, exam, and my opinions. I’d like to emphasize that last part, ‘my opinions’ means that other students probably have different views (good or bad) on the course and I encourage people to ask around!
The Materials Covered
GISF is a 5-day SANS course aimed at people with very little information security experience, hence being a 300 level course. It is broken down into five sections: Security Foundation, Computer Function and Networking, Intro to Cryptography, and Cyber Security Technologies (part 1 and 2). So let’s talk about all those.
“Security Foundation” is what you would expect. It is a very high-level view of what security means in the context of IT. It covers some of those topics technical people rarely enjoy (but still need to understand) like risk management, policy, and business continuity. There is very little technology discussed and feels much more like a risk and compliance introduction. Most of the material reminded me of the first half of CompTIA Security+ covering business-minded aspects of security. I think it was a necessary evil to cover these topics, mostly for people brand new to security, but having some experience already it was extremely tedious.
When it comes to “Computer Function and Networking” think about CompTIA Network+ and you’ve basically got an understanding of what this section covers. There is a lot of explanation of TCP/UDP, HTTP(S), IP, and the OSI model. It also covers much of the common networking hardware employed on the market today. It was easy enough to listen to in the background, but nothing special. Still, a good intro to networking for someone with zero knowledge.
“Intro to Cryptography” was probably my favorite section. I actually enjoyed this a lot. There wasn’t necessarily any new information to me, standard stuff like hashing, asymmetric/symmetric encryption, PKI, etc. but I always love getting a refresher in these topics. It’s very important to at least understand cryptography for any cybersecurity role, so I welcomed hearing about these topics yet again. For someone with no experience it would be a fantastic first step, Keith (the instructor) did a great job breaking these topics down.
“Cyber Security Technologies Part 1 and 2” were the meat of the course. These discussed topics like network security, malware, browser security, system security, IoT, and wireless. Still lower-level information but a phenomenal first step into understanding cybersecurity. I would put this on par with updated CompTIA Security+ information.
All five sections came with hands-on labs that students can complete along with the instructor. These ranged from setting up firewall rules, to basic analysis of attacks. The labs in SEC301 are what push it up above other entry-level certifications on the sole reason of gaining at least some practical exposure. I didn’t have any technical issues with the labs and was generally happy, albeit a little bored with some of the lengthy explanations over pretty basic tasks.
The Instructor and Exam
The instructor, Keith Palmgren, was great. He has created a good entry-level course and it was clear he keeps it well updated. I also like some of the one-off pieces of information he would throw into the lessons. He had some really interesting stories of random cybersecurity events over the years (breaches and field pioneers type deal) and that was always fun to listen to. The course was just shy of 30 hours long and I think he did a great job keeping me at least content throughout it!
The exam is a timed, proctored, multiple choice exam that did a good job of covering all the information in the course. I will say that some questions were not phrased well. Confusing scenarios, or definitions made me second-guess my answers constantly. Some even felt like ‘best answer’ type questions, and I absolutely hate that. There were no practical portions of the exam and that’s always disappointing, especially with modern capabilities of exams — just look at the fully practical exams employed by Offensive Security, eLearnSecurity, and Security Blue Team. I’d love to see GIAC incorporate practical questions in every one of their exams, but alas, this hasn’t come to pass just yet. I scored just shy of a 90% on the exam which I was happy with. I know for a fact it was mostly the business-focused questions I kept missing. I am a super technical guy, so asking me about risk management and business continuity melts my brain — this is definitely something I need to work on.
I’d say that this course feels most tailored to professionals the absolute zero experience. I could imagine a manager who just got thrown onto a Cybersecurity team taking this course to better understand his/her team better, without actually needing hands-on-keyboard skills. I don’t think I’d recommend this course to technical people as you’d probably get the same amount of knowledge through CompTIA Security+ and then just move onto bigger and better certifications, although you’d miss out on some interesting labs. But, for what it is I think it does a good job for a 300-level course.
I can happily say this is the last sub-500 level course in my bachelors program and I am so excited for what is to come! Next up is SEC573: Automating Information Security with Python (GPYC)!!