Hello World. This is my blog detailing my preparation for the GFACT and the GSEC certifications. I am currently in the final year of my graduate program in cybersecurity. Over last few months, I completed two of the three GIAC's beginner-level certifications, GFACT and GSEC. I am writing this to share what worked for me and what I wish I'd known going in.

How I got the certs for free!!

I got access to the certs and the SANS courses through WiCyS organization. WiCyS partners with SANS to conduct two CTF competitions annually, and provides scholarships for the GFACT, GSEC and GCIH certs and the courses to the top 65 on the leaderboard (numbers may vary). I performed well in the CTFs, and eventually got access to the SEC275 course in December 2025.

GFACT Exam

GFACT (GIAC Foundational Cybersecurity Technologies) is GIAC's entry-level certification. It is a proctored, 75 question exam of 2 hours. You need to score a minimum of 71% to pass, so answer around 54 questions correctly and you're good. The exam is open-book (like every other GIAC exam), and you can take the exam from home or from a testing center.

This exam is for anyone looking to start into cybersecurity and get a lay of the land. This exam compares closely to the Security+ certification (although GFACT is not DoD compliant).

The course covers a good amount of foundational knowledge around different IT concepts like Linux and Windows fundamentals, Computer Hardware and Virtualization, Networking, Operating Systems, the Web, Scripting languages (Python and SQL), and gets a little practical around security concepts like digital forensics, offensive security, assembly and a few more. You can find the detailed Exam Objectives here.

Preparation

Everyone's supposed to take their first ever GIAC exam from the testing center compulsorily, and after that you can attempt any other exam from your home. So I went to the testing center for this one 🥲.

I am very active in cybersecurity, playing CTFs here and there, completing modules and labs on platforms like HackTheBox and TryHackMe, and building projects to practice coding and security skills. Given that, I didn't need a long prep window for this cert. Your prep window will vary heavily depending on how much hands-on time you've already put into cybersecurity.

I didn't build an index for this exam. I just used the one provided in the books, which was fairly detailed (surprising, since the GSEC books don't have any proper index pages. more on that later). I used only the books to study, and skimmed through most of the topics since they were already familiar to me. The only thing that took some time was assembly, since it had been a whole year since I'd been hands-on with it.

Here's how my practice tests went,

• First test (before starting the course, blind, no books): 93%
• Second test (night before the exam, with books and mental index): 89%
• Third test (morning of the exam): 87%

By the time of the third practice test, I was confident that I'd pass.

Exam Day!!

I booked the exam for January 30th 12:30 PM. I completed the exam within 1 hour, juggling between the three books for most of the question. Cross-checking never hurts. I got my score right after finishing the exam, and I was happy with it.

• Actual exam score: 96% 🎉🎉

The testing center experience was good. They had a sizable desk to lay out the three books in front of me which was very convenient (more on this later).

Tips and Takeaways

The questions align very closely with the coursebook content. Only a handful require you to apply a concept (that would be some code snippets and assembly and Linux and Windows CLI questions). The SANS course books for the GFACT exam are exhaustive, you do not really require any other resource, apart from some youtube videos and articles for only the things that you do not understand from the books.

I would only suggest making indexes for this exam if you have trouble browsing the books under exam pressure. If you read the books properly (or watch the course videos, anything works), you won't feel much difficulty finding answers during the exam. I'd just recommend making a mental note of what topic is in what book, and that's it.

Take the practice tests in a simulated exam setting, using only your books, and you'll get good practice for the real exam. One warning about practice tests though, and this was more true for me on GSEC than GFACT, the practice tests tend to be easier than the real exam, and questions don't repeat at all. So do not rely on the practice test marks that much and prepare thoroughly.

GSEC Exam

GSEC (GIAC Security Essentials) is GIAC's flagship practitioner-level certification. It is again a proctored, but a 106 questions long exam which runs for a whooping 4 hours. The questions are 96 MCQ-based and 10 live VM-based practical ones at the end where you run commands! The minimum passing score is 72%, and questions vary in weightage (the CyberLive hands-on questions are worth more). The exam is open-book. This cert is mapped to the SEC401 course.

GSEC is more focused towards SOC and security engineering domains. The complete Exam Objectives can be found here.

Preparation

I got the access to the SEC 401 course in mid-March, but I was not able to get started on the course right away due to my midterm project. I began studying at the end of March. I gave my first practice test blind as usual, and scored 83%. The practice tests are easier than the actual exam, so getting an 83% on the test could mean a near passing score in the actual exam. So I geared up to study properly.

Preparing for the GSEC exam took a while, and this is because there were so many concepts that required revision or were new to me. The hands-on labs though were almost all familiar to me, apart from the iOS forensics part.

I had two resources to study from, the course books (8 of them!!) and the SANS OnDemand course videos. I started studying with the course videos but after first topic, switched to the books because,

1. I am more comfortable reading from books and the exam would only allow books and indexes so it would be easy reading from books and making indexes on the go.
2. I found that the video content and the explanations were already in the books anyway.

Following this, I studied for around two weeks from the books, making indexes along the way and doing the accompanying lab right after each topic was complete. I'd say the labs are very useful and strengthen your understanding of the topic significantly. This is especially important since the questions in the GSEC exam are tricky and largely inferred, so you'll need a solid understanding of each topic to answer them.

I also didn't make a sticky-note index for this exam. I tried that and found that I'd need a lot of sticky notes, and then finding an answer would become tiring. Instead, I shifted to making a Word doc of indexes for each book, detailing topics and sub-topics from each section, and marking page numbers as I went. I carried the printouts of these indexes along with the books into the exam.

After completing the course and the labs, I attempted the remaining two practice tests, one the day before the exam and the last one on the day of the exam, with my indexes and the books handy.

Here's how my practice tests went:

• First test (before starting the course, blind, no books): 83%
• Second test (day before the exam, with indexes and books): 83%
• Third test (morning of the exam, with indexes and books): 86%

Even with these slightly low scores, I sat in the exam hpoing for the best. I could say one of the reasons for these scores could that I hurried through the two tests and did not cross-reference the books for the questions I thought I already knew. I wouldn't recommend doing this, although I understand that a 4-hour exam makes people impatient.

Exam Day!!

I scheduled the exam for 12:00 PM on April 15th. I scheduled the online proctored exam this time (comfort pro max). The proctoring experience was very good, I scanned the room with my camera for any unwanted foreign objects 😁. I began my exam around 12:30 PM, and was done with the exam by 3:15 PM. I would say that juggling through the 8 books does take up a considerable amount of time. I used another chair to keep all my books and kept my indexes handy.

I was very thorough this time. I cross referenced every question, skipped some which felt would take a lot of time to find for later, and took a little break to stop from constantly staring at the screen for long hours.

• Actual exam: 90%

I scored 90% in this exam. I was satisfied with the score, though it could have been better.

One thing worth noting. For CyberLive questions that ask you to produce output, there can be ambiguity about the expected format (like a single value or full content or summary). When in doubt, follow exactly what the workbook or lab examples show.

After completing the exam, I played DOOM: Eternal for the rest of the day to chill out a bit. The four hours of constant wondering did stress me out a bit.

Tips and Takeaways

For CyberLive questions, the workbook and lab access are everything. The CyberLive questions map almost directly to workbook concepts and commands, so practicing from the labs is more than sufficient, you don't need outside resources for this part.

What I would recommend though is to create a cheatsheet of all the workbook commands (which are not so many). This would save your time skipping through the workbooks. I did not do that in GSEC, but I will definitely use it for the upcoming GCIH exam.

Use the books or course videos to thoroughly understand each topic. Get the gist of the topic, make notes or indexes wherever you feel the need. The SANS course materials are pretty much exhaustive. I personally make a note of every new topic I encounter, since writing things down in my own words helps me understand them better. I also sometimes use AI to summarize a topic and then write it down in my own words in my notes.

For additional practice, TryHackMe's modules can help. Rooms for tcpdump and Windows PowerShell reinforced my GSEC topics well. Note that most of these rooms will require a premium membership.

During the exam, remember that figuring out which book to open for a certain question is half the exam done. Some questions can be misleading, and you might get confused between two or more topics for the same question. Skip questions that feel like they'll take too long to look up and come back to them with the time saved from easier ones.

I would also recommend utilising the break time and taking small breaks to shift focus for a while.

Final Thoughts

GFACT feels like a walkthrough of IT and security fundamentals. It is useful if you want a formal credential to mark your "foundations" phase, but less useful if you already have hands-on experience.

GSEC is a challenging exam, especially with the amount of topics covered for what's technically an entry-level cert. But it's definitely achievable. Keep your indexes sharp, practice the topics till you understand them thoroughly and you'll ace the exam.

I forgot to post my badges, so here they are

GFACT — https://www.credly.com/badges/cec2161d-5490-477b-8074-175c390fff92/linked_in_profile

GSEC — https://www.credly.com/badges/cec2161d-5490-477b-8074-175c390fff92/linked_in_profile

What's Next

There is GCIH to look forward to, but that cohort will start in June (or July). In the meantime, I have HackTheBox's CDSA exam to attempt, since I am going through the course right now.

If you enjoyed reading this and want to connect and chat more, you can reach out on LinkedIn or Discord (dakshn). I'd' be more than happy to talk!!