It has been more than 11 years since I moved from IT system and network administration to cybersecurity. In that time, I collected 24 GIAC certifications including the coveted GSE. I also picked up a few other well-respected certifications in my journey from cyber n00b to principal cybersecurity architect.
In this blog post, I provide my personal perspectives, filtered through my own biases, about how SANS and GIAC supported me along the road. Before I continue, I must say that the thoughts and opinions expressed in this blog post are mine and in no way reflect those of my current or previous employers.
So, how did I go from being a kid born and raised in then Czechoslovakia to holding one of the most elite cybersecurity certifications, the GIAC GSE, and the highest technical, non-managerial title of principal cybersecurity architect?
I credit my success to five core pillars.
The Five Pillars for Success
Pillar 1 – Passion
The passion for technology and desire to learn are a solid starting point, though not strictly required. From early childhood, there were signs that I always loved technology. I took apart my toys to see how they worked, used a HEX editor to “enhance” my saved game files, and used a disk edit tool to figure out how a hard drive works (resulting in a complete data loss of my mom’s work laptop).
Due to my passion, I see continuous education and research as a relaxing and fun project, rather than a chore. Your skills and experience grow faster when you have passion for your work.
Having a solid foundation and understanding how the technology works helps so much with gaining fast proficiency in the cybersecurity world, too!
Pillar 2 – Education
Continuous education has been key to my success and quick advancement in my cybersecurity career. As a form of independent learning, I built a home lab consisting of a few virtual machines running on my home computer to practice challenges firsthand. I also leveraged guided learning: I took dozens of cybersecurity courses and proved I retained the knowledge by taking certification exams.
Whether you choose to learn through independent or guided learning, don’t just check the box and count your Continuous Professional Education (CPE) credits. Use the experience to learn practical ideas you can use in your organization to make a meaningful improvement, elevate your cybersecurity game, and showcase your increasing cyber skills.
I found the SANS promise that each course will provide practical tools and techniques that I can immediately implement in my professional role spot on. When looking for security training, make sure the provider makes a similar promise.
Another critical point regarding continuous education – especially if you plan to take the GSE certification exam – there is no specific SANS course or GIAC certification to help you prepare. Instead, you should use the published exam objectives to come up with as many practical challenges as you can and practice them in your home lab. Dissect and analyze your activities through logs and packet captures. Once you understand how it works and what you did, try it again, but this time through a network pivot. Analyze the differences. All of this will help you take your cyber skillset to new heights and increase your chances of passing the GSE!
Pillar 3 – Mentorship
A good mentor is worth their weight in gold! When I moved from IT to cyber, I was fortunate to have a great mentor who challenged me to do more, provided guidance, and shared his rich history of experiences from his career in cyber. Back in 2013, as our mentorship developed, he enrolled me in SANS SEC401: Security Essentials which helped catapult my career.
If you have the opportunity to mentor somebody, be there for them. Pay it forward! After all, the more well-rounded and skilled cybersecurity practitioners you have on your team, the more l33t your team will be. Reach outside of your organization to mentor others if you can. As I became a mentor to others, I can’t overstate how heartwarming it is when you see your mentees grow and achieve greatness!
Pillar 4 – Opportunity
You must always be ready when an opportunity knocks on your door. For me, that unexpected opportunity came when a coworker introduced me to the SANS Cybersecurity Work Study program. Always be ready and eager to go above and beyond, showcase your talent, and somebody who can make an impact in your life is likely to take notice. It worked for me!
If you always bring your A game, opportunities may present themselves that you might otherwise miss.
Pillar 5 – A Bit of Luck
While it would be wrong to discount my own talents, dedication, and hard work, I had the luck to be at the right place at the right time on a few occasions. But relying purely on luck alone won’t get you far. Still, as the Czech saying goes “Luck favors the prepared!”
Hands-on experience is critical and will come with time. Having attended several SANS courses helped me organize what I learned in a more coherent way. The labs and the SANS Cyber Ranges Capture the Flag challenges really helped me retain what I learned and amplified the experience.
SANS helped me succeed in my career. I had the solutions to address the challenges I faced and a never-ending supply of creative ideas to improve, optimize, and automate many of my work activities. Whether it was enhancing visibility into endpoints, better log collection and enrichment, or simplifying DFIR activities, many of my ideas were inspired by SANS course content.
It’s like a positive feedback loop: learn something new, implement it, gain more experience and knowledge, then ‘rinse and repeat.’
The Value of Certifications
There is debate about whether a certification is needed to make it in the cybersecurity field. I can tell you that I personally know many talented folks who I would be delighted to have on my team despite them not having a certification.
Alternatively, when a position is posted at my company, we look for certifications, as they help vouch for the people we do not personally know yet. In my opinion, certifications make it easier to get in the field and to grow faster. However, collecting certifications without on-the-job experience to prove your certifications skills is unlikely to lead to a principal role in cybersecurity. You must hone your skills through work experience! This is the gaining experience part of the positive feedback loop I mentioned earlier.
A personal certification story of mine illustrates my point. When applying for my current job, I was late to apply. Just as the position was about to be filled by another skilled cybersecurity professional, the talent acquisition team insisted I get a chance to interview as well, due to my resume standing out from the other candidates. My resume of course included previous experience and accomplishments, but it also detailed my seven GIAC and a few other certifications. The hiring manager recognized my abilities and requested a second job opening created for me. Remember pillars #2, #4 and #5?
The Path to GSE
I started on my path towards the GSE in early 2019. I decided to go for it because I enjoy continuous education and challenging myself.
In 2019, I received a gentle push by GIAC exam developer, Jeff Lake, to take the GSE certification exam. (This was about two years earlier than I had anticipated going after the GSE. Remember pillars #4 and #5?) GIAC began making changes to its certifications and sought beta testers for the new entrance exam format. Due to my scoring 94% cumulatively across my GIAC certifications to date, I made a great candidate. I was not sure I was ready, but I could not let this opportunity slip by! If you see an opportunity, take it!
I studied diligently for the dreaded live, two-day, hands-on GSE lab. Then, about a week before the exam, the COVID pandemic shut everything down. This caused a two-year delay in my GSE path, but I used that time to study and prepare. My home lab and the many SANS Capture the Flag challenges published every other month during the COVID times helped immensely. I can’t thank SANS and the Counter Hack Team enough for that!
Once GIAC released the new GSE format, I again had the opportunity to be a beta tester. I was relieved to also find that I would no longer have to travel to take the exam. I thought I was well-prepared, but the purely hands-on challenges were full of curve balls and required applying knowledge well outside of the question prompt. It felt like every hands-on challenge I came across in my professional life came in handy! Oh, and did I mention the brutal timer? Nine and a half minutes to solve a practical challenge may sound like plenty of time… but those curveballs eat into it. Time awareness and management during the GSE exams are vital. Bottom line - I love the new format. Hats off to the exam development team!
This seems like the right spot to mention an observation I hope will help future GSE candidates. It is natural to want to know as much as possible about the exam to help you prepare. It is important to understand though that the ‘E’ in GSE stands for “Expert.” An expert can and must be able to address issues in an unfamiliar environment and produce results. The GSE tests this ability to address the unknown. Do not expect GSE practice exams to ever be available. And understand that the SANS course content along with the regular GIAC certification are not enough on their own to assure passing the GSE. Prepare for the GSE through gaining real-world experience and practicing the exam objectives in a home lab. If you are actively seeking more information on those exams or feel like you don’t have enough information about the exam objectives to know how to prepare, you are probably not ready yet. And that’s okay! Patience, young Jedi.
It is also important to be aware that asking other GSEs to share information about the exam undermines the exam’s integrity and is against GIAC’s strict Non-Disclosure Agreement. Nobody likes to fail. But this is an expert-level challenge. Several of the current GSE holders have failed, sometimes more than once! It’s okay if you’re not ready for an expert-level exam… yet. Keep at it! Gain experience, practice, go above and beyond, and you will be ready in due time. If you fail the first time, learn from it. You know which domains were difficult, so focus on those next time. Another good tip is to focus on the general concepts instead of a specific question, as you may not see it next time.
After I received my GSE, a childhood friend mentioned “I was always the expert, but now I have a certificate to prove it to those who don’t know me.” That is a great point, and highlights that while certifications are not strictly required, they helped me significantly along the way. However, they are not in any way a substitute for delivering awesome results on the job.
In summary, I firmly believe that my hard work, on the job experience and results, along with the GSE certification provided all the justification needed for my employer to promote me to the newly created role of Principal Cybersecurity Architect.
I wish all you all good luck on your own cybersecurity journey.