![[GPENResults.png]] # Overview I recently passed the **GIAC Penetration Tester (GPEN)** Certification exam and I wanted to share my experience and provide some insight and additional tips to anyone interested in obtaining this certification. I utilized the on-demand training from SANS which came with access to their lab environment for the entirety of the time allotted to obtain the certification. Overall, although the cost of the SANS training and the certification exam is a bit alarming, if you can get your employer to cover the cost or reimburse you, I would absolutely recommend it for anyone interested in dipping their toe into offensive pentesting. For those who have either work experience or a good amount of practical experience, this course will likely cover a good amount of information that you are already familiar with. This course took me about 2 1/2 half months of on-and-off studying to complete and another couple of weeks to build my index and finally take the exam. I ended up passing with a 98% on the exam. ### My Experience I am currently employed as a Cybersecurity Analyst and have been in the field for a little under 5 years. I have no work experience as a Penetration Tester however I do spend a good amount of my free time practicing CTFs on platforms like TryHackMe and HackTheBox. # Tips For industry professionals who already have multiple certifications, most of this advice will be self-explanatory and you will likely already have study methods which work for you but for everyone else here are a few things that worked for me: 1. Take detailed notes on that which you are completely unfamiliar with. This course covers a massive amount of information and it is extremely important that you understand those topics that you have less experience with or little knowledge of. For me, this was definitely anything related to Azure. 2. Create a clean snapshot of your Slingshot Linux & Windows 10 VM before starting. You will likely be going through the labs a minimum of 2 times so having a clean snapshot to revert to each time you run through them will prevent any changes or files that were leftover from your previous practice. 3. Take the practice test provided to you as if you were taking the actual exam. I believe this helped me a ton, as I did this with both exams, the first without an index, and the second with an index. I got an 89% on the first practice test and a 90% on the second. I rented out a study room at my local library and tried to simulate being in a testing room to the best of my ability. 4. Use Voltaire to build your index. I have seen others recommend creating an index manually but Voltaire really is the best resource available for index building. I was able to build mine over the course of a week and half and had no issues whatsoever. # Conclusion GIAC tests being open-book mean that the answers to the questions are **ALWAYS** in the book, even if they aren't explicitly stated. Take as much time as you need to study and use what study methods work for you, good luck! ## Links: https://www.sans.org/cyber-security-courses/enterprise-penetration-testing/ https://www.giac.org/certifications/penetration-tester-gpen/ https://training.opensecurity.com/