Post cover image
Photo by Jakub Żerdzicki on Unsplash

June 2, 2026

I Passed GSEC at 92% but I’m Not Sure I Learned Much

An honest review of what the GIAC Security Essentials exam actually tests and what it doesn’t.

NathByte

6 min read

Two weeks ago I passed the SANS GIAC Security Essentials (GSEC) exam at 92%. I can't honestly say I learned much. What I learned is how to build an index, and how to read questions twice. So this isn't a how-to-pass post — but it is an honest answer to the question I get asked most: is GSEC worth it? It depends on what you think you're paying for.

I did the On Demand course… I played the videos at twice the speed, I skimmed pages to get the keywords out and add them to my index. I used AI to give me proper, short definitions or examples of terms I didn't understand.

What GSEC Actually Tests (and What It Doesn't)

Here's what the website says about the exam:

Exam Format: 1 proctored exam 106 questions Time limit of 4 hours Minimum passing score of 72%

The GSEC® certification exam is prepared, administered, and scored by GIAC as a standardized assessment, objectively measuring each candidate's knowledge and hands-on cybersecurity skills against a validated, industry-recognized standard.

Like most GIAC exams, this one is also open book. But 6 textbooks and 2 workbooks plus your own index are not easy to navigate in only 4 hours. But if you have a decent index, you can pass this exam easily. 106 questions of which the majority are multiple choice (lower scored) and about 10% are CyberLive questions (higher scored, Virtual Machine questions).

Four hours equals 240 minutes, say 2 minutes per multiple choice question (approx 180min or 3 hours roughly) and then 5 to 6 minutes for the remaining questions.

GSEC, to me, tests your recall-under-time-pressure and information retrieval, not depth of understanding. The exam doesn't test whether you can actually do security, it tests whether you can find the right answer in your materials quickly. Even though this certification is highly regarded, it is entry level. To me, it doesn't prove you know what you're talking about or doing. It does prove you can (re)search) and have a basic understanding of cybersecurity terms, frameworks and attacks.

My Honest GSEC Review — The Skills I Gained

Indexing. To be fair it taught me how to read quickly, skim information off a page and the best way to index / refer to it so I understood what it meant. I was already pretty good at that though, and I do have a few other certifications under my belt around the basics in cybersecurity.

So if you're totally new to this, it may seem overwhelming and confusing. It may be harder because there is a lot of terminology in cybersecurity that you may have never heard of before. If you're a complete newbie I think this course and the books are definitely able to teach you the basics. And you will proof to yourself you have that foundation of knowledge to build on. Because without that foundation, you wouldn't even understand 80% of the questions on the exam.

What GSEC Didn't Give Me

It didn't give me anything more than basic knowledge and a fluency working with terminals and commands and syntax across different OS. Which, don't get me wrong, is super important as a starting point.

But would I now be able to recognize a live attack and stop it or contain it? No.

Would it help me with pentesting? Slightly. You get to know the frameworks, attack vectors, common attacks etcetera. But to me most of it is theoretical.

It's something worth considering before you start this course and exam.

Is GSEC Worth It? (My Take)

It really depends on your needs or goals with this one.

As proof that you know your basics in cybersecurity, yes!

If you want a structured intro to security domains, yes.

As a nice addition to your resume or LinkedIn profile, yes.

As credential for HR filters and salary bands, yes.

As an upskill opportunity if you already know the basics, no.

If you want to actually learn to do security work, no, not on its own.

If you're paying out of pocket without employer support → consider carefully (it's a 8,780 USD course + 999 USD exam)

How I Passed GSEC at 92% — The Index Was Everything

I scored high. But that's all due to my index. I indexed all 6 books plus workbooks in probably 10 days. I have done zero of the labs in the workbooks. There was about 20 labs, most multi steps / tasks. But all basic stuff.

A lot of terms came back in multiple books, so I made sure that next to each term, I had a short description, sometimes a definition. And I had a column with either examples or linked terms before I added a colum with book and page number.

This worked wonders for me and it might for you, but you should try and find the best way to index that works for your brain, do some research on how others have done it or just do your own thing if you have a pretty good idea on what works for you.

Again, if you are totally new, do NOT skip labs. Syntax and terminals are something you need to get used to… something that needs to become a second nature. I did index the work books as well but very differently. That index was more stating a problem and ways to solve it. For example: "Derive key from this file" or "Encrypt this document" or "Parse these files" with then the command that you could use, and the pages in the book in case you needed a bit more help with adjusting command parameters.

So all in all, I spent 2 weeks preparing for the GSEC. I did the test exam to help me refine my index a bit. Printed it, scheduled my proctored exam and done.

Sounds easy but when I say 2 weeks I do mean it was 2 weeks of a fulltime job, not an hour or 2 in the evening.

Who Should Take GSEC

1. Career-changers needing the credential for HR filters.

If you're moving into security from another IT role (sysadmin, network admin, helpdesk) and your CV needs a security credential to get past HR keyword filters, GSEC carries weight. SANS has genuine industry reputation, and "GSEC certified" on a CV is taken seriously by hiring managers who know what it is. The cert is doing recognition work, not skill work — but recognition work matters when you're trying to get the interview.

2. People with employer or scholarship funding.

At 999 USD for the exam alone and 8780 USD for the full SEC401 course, the math changes dramatically if you're not paying out of pocket. If your employer is funding it, your government is funding it, or you've got a scholarship (WiCyS, SANS Cyber Workforce Academy, etc.), the value-per-dollar question doesn't apply to you the same way. Take it, get the credential, move on.

3. Anyone targeting government, defense, or compliance-heavy roles.

GSEC is DoD 8570-approved, which means it's directly required for many U.S. defense and government contractor positions. If that's your target sector, this isn't a choice — the cert is the entry ticket. Same applies to certain compliance and audit roles where "SANS-certified" appears in the job posting.

Who Shouldn't Take GSEC

1. Anyone hoping to learn practical, hands-on offensive or defensive skills.

GSEC is breadth, not depth. You'll get exposed to five domains of security at the foundational level in networking, defense-in-depth, cryptography, Windows/Linux security, incident response basics. But you won't do much of any of them. If you want to actually break things, fix things, or run things in production, you'll learn more from a year of CTFs, TryHackMe paths, or hands-on labs at a fraction of the cost.

2. People who already hold CompTIA Security+ and are paying out of pocket.

Security+ and GSEC overlap heavily at the foundational level. If you already have Sec+, you're spending a lot of money for what's largely a more expensive version of what you already prove. Unless an employer specifically demands GSEC, the money is better spent on a more advanced or specialised cert (GCIH, OSCP, depending on direction) where you'd actually gain new ground.

3. Bug bounty hunters, red teamers, or anyone pursuing deeply technical specialisation.

If your career path is specialisation — bug hunting, pentesting, malware analysis, reverse engineering — GSEC is the wrong instrument. The relevant certs for those tracks (OSCP, OSWE, GREM, GXPN) test what you can actually do, not what you can find in an index. Spend the money there. GSEC won't hurt you on a CV in those tracks, but it won't help you do the work either.

Final Thoughts: GSEC Is a Signal, Not a Skill

Here's what I came away with after 92%: GSEC tells employers I can study, retrieve information under pressure, and finish what I start. That's not nothing, those are still real signals, and hiring managers read them correctly.

But it doesn't tell anyone, including me, that I can actually do security work. That comes from somewhere else. From CTFs, real systems, bug bounty, hands-on practice, breaking things and fixing them. GSEC isn't designed to deliver that, and expecting it to, is where most of the disappointment with this cert comes from.

So is GSEC worth it? Yes, if you understand what you're buying: a respected credential that opens doors, signals seriousness to employers, and gets you past HR filters in security hiring. No, if you're expecting it to make you a security practitioner on its own.

Take it for what it is. Use it for what it does. Build the actual skill elsewhere.