SANS GIAC GMON Personal Experience and Practicality

5 min readSep 27, 2022

Table of Contents:

  1. Preface/Why GMON
  2. Personal
  3. Practical Implementation
  4. Debrief

Preface/Why GMON

I always like to turn to this site DoD Approved 8570 Baseline Certifications — DoD Cyber Exchange whenever someone needs help finding out what their next cert should be in Cyber Security. It provides such a great guide for where to go next as not only does it open up DoD jobs but more than not, the private sector will also be looking for these.

Photo by Ian Schneider on Unsplash

GMON was not listed on the site, but it was a requirement for my current position before I was allowed to take a different course as it was covered by my company. It is certainly worth taking as it serves on a similar scope to CompTIA Sec+, just you might want to choose CompTIA+ at the moment since GMON isn’t listed on there and it is extraordinarily cheaper.

TIP: CompTIA Security+ is incredibly cheaper and is DoD 8575 approved. Do whatever you will with that information.


Alright, my personal experience and learned lessons from having had taken the course, two practice tests, and final exam.

The course itself was a week long, with 8–10 hour days to include labs. This really felt like death by power point, but the pacing was really good as we were able to cover ALL the material and were able to ask any question we might have had at anytime. My class was virtual BUT the instructor did such an amazing job at keeping up with chat so he didn’t miss your question too far into the lecture so as to answer it while talking about the subject you had the question on. The instructor was also extremely knowledgeable and would often continue the answer leading into other items not quite mentioned in the course.

Photo by Ralston Smith on Unsplash

TIP: Do your Index before or after the course because it is better to be involved and 100% alert during the course than trying to write/type every little thing. Take notes, but not enough as to keep you from being fully engaged. I did half and half and realized I learned more during the half I was laser focused on active listening.

I will say that the thing I overestimated the most was the amount of time the practice tests took to include updating the index. It is very substantial especially when trying to juggle a healthy work life balance as it eats up all your free time daily.

I personally had to push back my exam a total of 3x ending at 6weeks because of how unprepared I was to actually complete all the tasks I needed for the exam.

TIP: For the exam, take your time on double checking answers as you should be able to save time on questions you know by heart in order to add that time to questions you will have to lookup/doublecheck. You should know your limits after the 1st two practice tests.

TIP: You are able to reschedule the exam as long as you give 24 hour notice.

All in all the completion of this course and exam will depend on the amount of time you put into it.

Practical Implementation

So this is where it gets real divisive.

The course covers SOCs, network security and monitoring, and endpoint security architecture, automation, and continuous monitoring.

Although they push technologies that aren’t relevant to everyone, it is still just enough to be like “oh, this is how that works” and keep going with another one. The mindset to have going into this course is to learn about different technologies to get familiarity and experience is the way to go.

Photo by Alex Knight on Unsplash

Now the course honestly was as more like a broad overview on the daily base life/knowledge of an entry level analyst. As found here GIAC Continuous Monitoring Certification | Cybersecurity Certification I listed out the areas it covers:

  • Account & Privilege Monitoring & Authentication
  • Attack Techniques
  • Configuration Monitoring
  • Cyber Defense Principles
  • Device Monitoring
  • Discovery and Vulnerability Scanning
  • Exploit Methodology and Analysis
  • HIDS/HIPS/Endpoint Firewalls
  • Network Data Encryption
  • Network Security Monitoring Tools
  • Patching & Secure Baseline Configurations
  • Perimeter Protection Devices
  • Proxies & SIEM
  • Security Architecture Overview
  • Software Inventories & Whitelisting
  • Threat Informed Defense

Each one of these sections offers a rich explanation into the overall scope of each. Not necessarily a deep dive, but just enough to be familiar and know what you are doing AND where to find the answers.

It also helps provide what the mindset and goals of a SOC analyst should be, which is in my opinion, is the most important thing you can learn and implement. Not going into further details about this because everyone is different BUUUT, there definitely should be some yearning to explore and learn more within the network. And that is just something you can’t teach, you can’t teach passion.

Photo by Cullan Smith on Unsplash

The most incredible thing I got out of this course was just the confidence of being able to say “yeah I did that, and I know my sh*t”. It gust is a good feeling that helps you escape the imposter syndrome a little more.


Feel free to reach out to me if you have any questions or want to make a request for a future article. If you read this far thanks for reading and hope it helped out in someway by sharing my personal experience with SANS GIAC GMON.




Experienced Cyber Security/Intelligence Analyst with a demonstrated history of working in the US Military and IT industry.