I’ve been busy over the last month or so and have completed the GIAC SEC401 training course and the associated GSEC exam. Really pleased to say I passed with a 93% score.

SEC401 covers a lot of ground — defence in depth, access control, cryptography, network security, incident handling, and cloud security fundamentals. It’s one of those courses where you come out the other end with a much more structured understanding of how all the pieces fit together. Some of it was revision of things I already knew from the infrastructure side, but having the security lens on it made a real difference.

The exam itself was fairly difficult. Some of the questions were particularly tricky — the kind where there seems to be more than one right answer depending on how you interpret the wording. Having a well-organised index was absolutely essential. If you’re planning to sit it, spend serious time on your index; it’ll make or break your exam day.

The 93% score means I should be invited into the GIAC Advisory Board, which is a nice bonus.

I’m now working through the HackTheBox Penetration Tester learning path alongside all of this. The hands-on practice is a brilliant complement to the more theoretical SANS material.