Passed the GCTI

I know I haven’t posted much lately. Been busy, don’t have the time to research the cool things I want to, or read the books I want to.

I did recently pass the SANS For578 / GIAC GCTI exam back in June.

So that is a thing. First SANS Class taken, first GIAC exam passed. I’d share the embedded link, but it gives too much personal information away. So all that is here is the picture. 








I’m hoping to take the OSINT and Python classes in the not too distant future.

4 thoughts on “Passed the GCTI

  1. Kate


    Can you describe the test at all? Nothing that would violate any SANS rules or whatever. But is the workbook tested on? How technical are the exam questions?

    1. Chris J Post author

      Hi Kate, sorry for the delay in response.

      Reviewing and tabbing the workbook after the test gave me a few Aha moments. More of a case of cementing what I thought I knew, clarified a few things to. Don’t know if it would have helped before the test, but has made me better after the test.

      I used a modified method of Lesley Carhart’s “Better GIAC Testing with Pancakes”

      I didn’t think the test was any more technical than the class from what I can remember.

  2. lukas

    Hi Chris. I know it’s a few years gone after you passed your exam howecver I have a question regarding GCTI. Would you recommend the training session or is it possible to pass the exam without it, based on books, materials etc. you can buy (whetever – online or so). Can you recommend books/materials if so?

    1. Chris J Post author

      If you have a large background in CTI, know the kill chain, diamond model, and breaking both with controls, really good at Yara, and good at sharing you might have a chance.

      A good starting place would be Intelligence Lead Incident Response. It is written by two of the people that teach the class. I don’t think it would be good enough to get through on its own.


Leave a Reply

Your email address will not be published. Required fields are marked *