GSEC Security Essentials Certification All-In-One Exam Guide by Ric Messier

Built around the GIAC GSEC certification test, this book provides a wide look at multiple, computer security domains with the goal of providing a workable understanding of each domain.

Chapter 1 starts us off with a general look about computer security, and identifies a collection of types of security threats. As a short chapter it serves it's purpose well as a gateway into the subject matter and lays the barest of foundations which to build upon in subsequent chapters. While half of this chapter is about SANS, and the GSEC certificate, it is less self-servicing and more about what to expect from the exam.

The next few chapters dives into a cursory look at the IT Ops foundational knowledge. Covering topics such as networking fundamentals with the obligatory introduction to the OSI model and History of TCP/IP; network design and the various transmission mediums; Unix/Linux, Windows; and even cloud computing as a cursory examination of Software-as-a-Service, Platform-as-a-Service, et. al. One good thing that this book does (and needs more of) is a cursory look at various attack vectors through the different chapters. Providing examples about security concerns really brings together the dryer, foundational material covered to the desired end goal of understanding more about computer security.

The middle of the book is mostly focused around higher level security concerns, such as policies, incident response, rick management, and vulnerability control, and log management. The chapter diving deeper into different categories of malware was a useful read as an introduction to the an ontological understanding of malware.

The end of the book provides a haunting feeling of added material after the first publish. Bolting on miscellaneous topics after the fact as they are included in the evolving GSEC examination. These final chapters cover wireless technologies, and IoT and embedded devices.

In the end, the book provided a good basis for the GSEC, but there was defiantly something missing where the wording of the review questions and sample exams were wholly different then the actual exam. While this book provided a good resource for learning the underlying information and theories, it provides a poor resource for preparing the reader for the exam and their specific style of test questions, and question types.