I just passed (89%) the GPEN exam and I wanted to detail my experience so that others may benefit.

Just to give you some background, I have been working in security for about 12 years. I have experience in Vulnerability Assessments, Web Application Security testing and Penetration testing. 

My journey to the GPEN certification started last year when I studied for the CEH and ECSA exams. A lot of the material is the same although the CEH/ECSA exams themselves require more memorization. I did not take the SANS 560 course or have a copy of the material.

Last month, I purchased a SANS practice test to help gauge my study progress. I wanted to see how I was doing before I paid out the $900 for the exam. I figured losing a $100 was not that drastic. I passed the first exam with an 84% and had to use the full four hours. I was happy with my progress.

I then purchased the exam, scheduled it for two weeks out and started tightening up on my skills. I also worked on my indexing of material.

What I used.

I have taken a couple of other SANS courses such as Command Line Kung Fu and PCI which did contain relevant material and hands on exercises. I wrote both STAR exams for those courses which gave me some experience with the SANS exam format.  I also completed the CEH, ECSA exams last year as mentioned.

I read books such as Professional Penetration Testing, Live Hacking, Google hacking, the NMAP guide and many others.

I have a lab configured at home with VMware workstation and windows and Linux clients.

I also work with some of the tools which helped immensely.

The Exam

I brought a backpack full of material to the exam. I indexed everything. Actually going through the two practice exams (87% and 95%) helped me focus on the material I needed with me.

I found the exam to be similar to the practice tests but harder. The practice exams only scraped the surface for the different topics and the real exam dug into the finer details. Fortunately for me, I took the queue from the practice exam to actually do the digging.

Overall I enjoyed the experience as it allowed me practice with tools that I don’t get to use all the time.

I hope this helps.
 
Cheers,
Norbert Griffin
CISSP, CISA, GPEN, CEH, ECSA, LPT, MCSE

First of all congragulations.

The experience was pretty comprehensive and useful. Thank you so much. And also welcome on-board EH-Net. I see this is your first post.

Sweet.  Way to go ngriffin

Thanks for the feedback, and congrats!

The GPEN is definitely on my radar, after I complete: 1.) OSCP and 2.) eCPPT (eLearn's cert)

So it's nice to get some solid feedback from folks who've 'been there, done that.'

Again, congrats!

Welcome to the community and congrats!

I agree 100% with your assessment that the practice exams are a little bit easier than the actual exam. I thought the same thing when I did the GPEN. Did you take an ECSA/LPT course from any of the EC-Council master instructors? I felt that most of the material in GPEN was quite similar to that of ECSA/LPT.

BillV

ngriffin, I followed the same path as you for my GSEC certification last winter: bought a practice exam, put all my notes and materials together and took the test.

Since I pay everything from my own pocket, it also made sense to me...

I will be looking at GPEN in fall!