Just to give you some background, I have been working in security for about 12 years. I have experience in Vulnerability Assessments, Web Application Security testing and Penetration testing.
My journey to the GPEN certification started last year when I studied for the CEH and ECSA exams. A lot of the material is the same although the CEH/ECSA exams themselves require more memorization. I did not take the SANS 560 course or have a copy of the material.
Last month, I purchased a SANS practice test to help gauge my study progress. I wanted to see how I was doing before I paid out the $900 for the exam. I figured losing a $100 was not that drastic. I passed the first exam with an 84% and had to use the full four hours. I was happy with my progress.
I then purchased the exam, scheduled it for two weeks out and started tightening up on my skills. I also worked on my indexing of material.
What I used.
I have taken a couple of other SANS courses such as Command Line Kung Fu and PCI which did contain relevant material and hands on exercises. I wrote both STAR exams for those courses which gave me some experience with the SANS exam format. I also completed the CEH, ECSA exams last year as mentioned.
I read books such as Professional Penetration Testing, Live Hacking, Google hacking, the NMAP guide and many others.
I have a lab configured at home with VMware workstation and windows and Linux clients.
I also work with some of the tools which helped immensely.
I brought a backpack full of material to the exam. I indexed everything. Actually going through the two practice exams (87% and 95%) helped me focus on the material I needed with me.
I found the exam to be similar to the practice tests but harder. The practice exams only scraped the surface for the different topics and the real exam dug into the finer details. Fortunately for me, I took the queue from the practice exam to actually do the digging.
Overall I enjoyed the experience as it allowed me practice with tools that I don’t get to use all the time.
I hope this helps.
CISSP, CISA, GPEN, CEH, ECSA, LPT, MCSE