I took my GPEN certification exam on Thursday and I passed. I was rather nervous to be honest about the exam considering two of my fellow co-workers struggled with it. I waited until the very last day to take the exam and I’m glad I did. Luckily I scored a 91%. Even though it was open book, it was a doozy of an exam. I had my notes, index, and the texts to work from…and it was still a challenge. TBH – I’m really proud of my index (no I won’t share it with you). It looks like a unicorn threw-up on a notebook, but it had just about everything I needed. I’m also excited because I scored high enough to be in the advisory council and to possibly be a SANS mentor! I’m very humbled and honored!
Just a little tip thought: I won’t go into specifics, but I would advise anyone taking the exam to brush up specifically on the netcat switches and really learn scapy backwards and forwards. Not only will it help you with the exam, but I’ve found myself using both tool in my day to day roles a lot now.
So…what’s the first thing I do now that I don’t have a certification deadline looming over me? Go pick out another cert to tackle. My wife tells me that I’m goal driven. I need a goal to strive for if I want to be productive. At this point I’m strongly considering either the CCSP from (ISC)2 or one of the Amazon certifications. I need to skill-up on cloud a little bit before I go after the OSCP. So let me know. What do you think? What certification should I go after next?
One last thing….
Dearest people outside of the realm of InfoSec,
Someone mentions the word ‘Penetration’ in proper context, and you folks lose your damn minds. Get your heads out of the gutter. Thanks.