Two years ago, I was in the middle of a career change from commerce to cybersecurity. It was during this busy time that I was accepted into the WiCyS Security Training Scholarship. Six months later, I successfully passed three GIAC certifications, all while managing a full-time job and part-time postgraduate studies. It required a serious commitment to time management, but I want to show that it is absolutely achievable. This post is for anyone considering the program and wondering if they can handle it, or whoever wants to know some tips for taking GIAC exams.

SANS Training via Women in CyberSecurity (WiCyS)

For those new to the industry, SANS Institute courses are known for their exceptional quality, but they are also very expensive. The WiCyS Security Training Scholarship makes this world-class training accessible. Knowing the effort required, I knew I couldn’t pass up the chance.

I strongly recommend this program to any women looking to pivot into a security career. Even if you’re not eligible for WiCyS, the study approach and exam strategies I share below apply broadly to anyone preparing for GIAC certifications.

Tabbed SANS book

My tabbed GSEC book, ready for the open-book exam.

Timeline and Results

As part of the WiCyS/SANS program structure, participants are expected to complete multiple certifications within a tight timeline. This demanding schedule is one of the reasons the program requires a strong commitment before acceptance.

Here’s the path I followed:

  • 2023-01-10: GIAC Foundational Cybersecurity Technologies (GFACT) – 97%
  • 2023-04-04: GIAC Security Essentials (GSEC) – 99%
  • 2023-07-16: GIAC Certified Incident Handler (GCIH) – 95%

To give you an idea of what the official GIAC results look like, here’s a snapshot from my certification account:

GIAC certification results

My GIAC certification results from the official GIAC portal.

This progression offered a well-rounded curriculum, covering everything from foundational concepts to hands-on incident handling. More importantly, it gave me the confidence and credibility that were essential in landing my first cybersecurity role.

Strategy for the Exams

GIAC exams are open-book, but that doesn’t make them easy. Success depends on your preparation and how quickly you can find information under pressure. Here is the system that worked for me.

1. Actively Study the Material

First, I went through all the course books and took detailed notes. For any sections where I struggled to focus, I would switch to watching the on-demand videos. The key is to be an active engagement. Don’t just read passively—focus on connecting concepts and seeing how they apply in practice.

2. Build a Comprehensive Index

Everyone in the SANS community stresses the importance of making an index, and they are right. It is your most critical tool. Instead of using Excel of Voltaire, I chose to use LaTeX to build mine because I was bored of using spreadsheets, and LaTeX produces a very clean, well-organized document that is easy to use during an exam.

If you are interested in LaTeX template, you can find it on GitHub: https://github.com/ancailliau/sans-indexes

However, I found that I used the Table of Contents even more than my detailed index. Before I could find a specific term, I needed to know the general area where it lived. Understanding the high-level structure of the course and how all the topics related to each other was my secret weapon to understanding the material quickly and finding what I needed during the exam.

3. How to Handle the Struggle

I struggled a lot with the timeline. I almost always missed the personal deadlines I set for myself. The most important lesson was to be flexible and update your study plan accordingly. If I didn’t have time to finish watching all the videos, I would at least skim the textbook. I learned to skip optional exercises, even if they sounded interesting, just to stay on track.

My other tip is to find a personal hook to keep you motivated. For me, that hook was the index itself. My goal was to create a beautiful and thorough index while learning some basic LaTeX syntax. This side-project made the study process more engaging and kept me going when my motivation was low.

GIAC Index Example

An example of my LaTeX index for the SEC504 course.

Why SANS Training is Worth It

The value of the SANS courses became clear once I started my job. Concepts that were theoretical suddenly became practical tools.

For example, technologies like wmic, Group Policy, and Active Directory are used everywhere in corporate environments. I had no real experience with them before, but the SANS courses gave me the confidence to understand and work with them, especially through the hands-on labs in the provided Virtual Machines (VMs).

More importantly, the concept of “Defense in Depth” gave me a high-level mental framework for my work. It helps me structure all the different security tools I see every day. I can now ask: Which layer is this tool protecting? Is it the device, the system, or the application? This structured way of thinking, which was a core part of the SANS courses, is something I use all the time.

Conclusion

My time in the WiCyS Security Training Program was one of the most challenging and rewarding periods of my career transition. It required a lot of hard work and flexibility, but the knowledge I gained and the opportunities that followed were career-changing.

If you are looking to break into cybersecurity, I cannot recommend this program enough. The path is demanding, but it is absolutely possible. I am proof of that. Good luck!