Doing a SANS Gold Paper
Few months back in December 2021, I completed SANS’ GCIH (GIAC Certified Incident Handler) certification after taking the SANS 504: Hacker Tools, Techniques, and Incident Handling training.
Subsequently, decided to try out the Gold Certification that comes associated with GCIH and applied for it. Unlike SANS training and certifications which is very structured and systematic, Gold Paper is more “open-ended”. Even though there are guidelines, the onus is on the individuals to ensure it is done in a right manner so that your efforts are not wasted. Thus, this write-up is to document my trials and tribulations which could be useful for anyone who wants to take up the Gold Paper option.
Before Applying to Gold
Visit their website (https://www.giac.org/gold-overview/) and take note of all the guidelines stated there. This included a Gold Paper on Gold Paper (Yes, someone did a Gold Paper titled, “A Project Management Approach to Writing a GIAC Gold Paper”!!) detailing the process. The schedule guideline and report sample template with all the font and referencing details are important too. All these really helps to facilitate the journey.
When you apply to “Go Gold”, you are supposed to submit the paper’s title and the abstract which have to be approved before you can pay the fees and start on your paper. This is the hardest part for me, because you are supposed to come up with the research topic yourself!
There is no list or anything for you to choose the topic. The Gold Paper have to be between 20–30 pages so you have to come up with something which is of quality, unique (duh, if you can find the answer by Googling then no point doing I guess) and something you can write technically for 20–30 pages.
I did email the SANS support for help and they shared a very old spreadsheet (like from 2013) showing some topic suggestions to give you an idea but that’s about it.
As I did reasonably well for GCIH, I was inside the Advisory Board which is a sort of email thread thingy where those on the board can share/ask technical queries/answers etc. So I used that to probe the experts there for some ideas and indeed some gave useful suggestions. Using that I came up with a topic and abstract and submitted it.
SANS should maintain an active list if possible where its students/lecturers/advisory board members could submit topic suggestions. Think will be easier for those which want to try the Gold Paper but has no clue what topics to choose.
Anyways, mine got approved and I was assigned an advisor. The clock starts ticking, and I have 6 months to finish and submit the paper.
Doing the Gold Paper
Now, this period really tests your motivation and discipline. Why? Because unlike certifications where there is a dateline so you study and prepare for it this is like blindfolding you and leaving you in a forest. You have to figure out the way yourself.
There will be weeks where you will procrastinate, especially when you face with technical problems and is stuck. The key is to make use of the advisor (I made the mistake of not doing so, thus my slower progress) as much as possible. Best is to ping them for advise as usually the advisors are quite experienced and may guide you along (of course provided you know what are you doing). There is always a danger where you are going in circles so have a checklist and ensure you don’t fall into the trap.
Also take note that you have to submit the paper within 6 months which includes the acceptance from your advisor before it is being sent to the reviewers (you can extend your dateline for 3 months by paying few hundred dollars for a one-time extension only). So to be on the safe side, always submit to your advisor within 5 months. Like in my case, I changed the title and the approach after discussing with my advisor as what I did, didn't quite gel with the initial title.
So that’s when I realized, that after you started the paper you CAN still change the title and abstract to better reflect your work, as long as not off-topic I guess.
After submitting the Gold Paper
After the to-and-fro with your advisor and he/she is satisfied, it will be uploaded for grading by multiple reviewers. The grading rubric can be found at https://www.giac.org/gold-overview/.
Around 1–2 weeks later, I received the following email:
The reviewers also suggested few changes, like for mine is some spacing and spelling corrections. And subsequently, you have to submit the final copy for them to upload into their reading room to earn your Gold certification.
In Summary:
- Pre-research is very important. You have to be clear on the problem statement and what you are really trying to prove in the paper. Something I could have done but didn’t is to send the topic and abstract maybe to the SANS trainers as they usually leave their email during the SANS training and ask for their feedback too. The clearer you are on what you are supposed to do and it is not unfeasible technically, the easier it will be for you.
- Go through all the guidelines stated in their website and make use of them from the start. Like the reports template etc. I started using Microsoft Word then switched to Google Docs midway thus wasted time on changing the font etc. Best is to start working from their given template itself.
- Pick the brains of your advisors as much as possible. Not sure how the advisors are allocated but assume they have the street creds to be your advisors so update them as much as possible (I updated monthly) on your progress and get their feedback so that your paper will be of a substantial quality.
Hope this writeup helps anyone interested in take the Gold Certification.
All the Best!!
