My Experiences with the GSLC Certification Exam
Last week I did something that I do not usually do any more–I took a certification exam, the exam for SANS GIAC Security Leadership Certification (GSLC). I had to not only take this exam, but also obtain a high score to continue in my role as SANS instructor for this course. I’d like to share some of my impressions with you.
First, SANS offers the advantage of allowing certification candidates to schedule the date and location of the exams they must take. This is extremely advantageous to examinees, as it allows them to take an exam when they are ready to do so–but with a few constraints, too. For example, those who sign up for the GSLC exam when they enroll in the GSLC course have four months from the time they took the course to take the exam. I really do not like mass exams that must be taken only on certain dates and times and at limited locations–especially as I grow older. So I very much appreciated being allowed to schedule the exam on the date of my choice.
At the same time, I found the testing conditions to be a bit strange. I showed up at a testing center in Fremont, California, showed two pieces of identification, answered some questions, surrendered my cell phone, and was seated in a room that looked like a bullpen. I had four hours to take 150 questions. Several other people were already there. Presumably, they were taking some kind of exam, e.g., perhaps even a SANS certification exam, and, fortunately, talking was forbidden. Mounted in the ceiling were many video cameras that taped everything everyone did. No eating and drinking were allowed, and the fact that I had to take the test over lunch (10 a.m. – 2 p.m.) resulting in my being really hungry and thirst as the testing progressed. But I could understand why these measures were in place–SANS is doing everything it could reasonably do to keep people from cheating, and for that I take my hat off to SANS.
The testing was computer-controlled. Once I entered an answer, there was no going back. I was allowed to skip questions about which I was not immediately sure of the answer, but then I ran into a wall–I was allowed to skip only five questions. Frankly, I would rather have taken a paper and pencil test, one that allowed me to skip any number of questions and then go back to them if I so chose. But there was also an unfamiliarity factor that influenced my perception of the exam. The only other tests I have ever taken have been paper and pencil tests. Still, unfamiliarity aside, the process of taking the GSLC was nevertheless quite manageable and reasonable.
Almost without exception every test item was written clearly, something that I very much appreciated. Honestly, I do not think that I have ever taken any kind of test that had such a high proportion of well-written items. I knew many answers right away. The fact that I have taught the GSLC course so many times was highly advantageous, yet some questions forced me to think really hard.
Something else that made an impression on me is that I found out my score the minute I completed the test. There is something about instant feedback that I very much like. Normally, a person who takes a certification test does not learn about the results until two or more months afterwards–something that I consider a major flaw in the testing process.
The bottom line here is that they say you cannot teach old dogs new tricks. I am an old dog–a grisly, battle-scarred veteran of the information security arena. I am even one of those older generation individuals who eschew Facebook and Twitter. Yet when all was said and done, I must admit that what was initially a rather strange experience turned out to make sense and to not be so strange after all. Perhaps old dogs can learn new tricks after all. And, oh by the way, the fact that I got a good score (remember–I very frequently teach the GSLC course, so if I hadn’t, sometime would have been seriously wrong with me!) may also have had something to do with my final perceptions.