Passing the GPEN certification from our pentester’s perspective

At the Security Factory, we constantly challenge each other. Thanks to this inspiring environment, we keep pushing ourselves to seek our limits through continuous learning. Regularly, we are given opportunities to go for certifications. That way, we ensure we are up to speed with the latest offensive security tactics and techniques and thus guarantee our work’s quality.

On 20 May 2022, thanks to the Security Factory, I was given access to the (OnDemand) course “SANS SEC560: Enterprise Penetration Testing” and had the opportunity to take the corresponding exam to obtain the certificate “GIAC Penetration Tester (GPEN certification)”. In three months, I had to absorb all the course knowledge and prepare for and pass the exam. I followed the SANS SEC560 course via the OnDemand platform. In these lessons, the instructor did not only dryly teach the subject matter but also shared his experiences and real-life applicable tips and tricks regarding the topics.

The five theory books are divided into the respective chapters:

  • SEC560.1: Comprehensive Pen Test Planning, Scoping, and Recon
  • SEC560.2: In-Depth Scanning and Initial Access
  • SEC560.3: Assumed Breach, Post-Exploitation, and Passwords
  • SEC560.4: Lateral Movement and Command and Control (C2)
  • SEC560.5: Domain Domination and Azure Annihilation

Each chapter has some hands-on labs. Some of these labs can be solved locally in the virtual machines provided by SANS (one Linux Slingshot VM and one Windows 10 VM), some through VPN. The solutions are given via a walkthrough by Tim Medin on the OnDemand platform. As is repeatedly mentioned in many videos, you can (and you should!) reach out to the Subject Matter Experts (SME) via chat or mail if you have questions. In my experience, they will answer your question within one day.

I chose to take my exam In-Person, as I wanted to have the full experience. Seventy-five theory questions and seven hands-on labs later, I submitted my exam. A few moments later, I was prompted with the result: I passed! I felt so satisfied!

That satisfying feeling was enriched two days after passing the exam when I received an email from GIAC stating the following: “Congratulations! You’re invited to join the GIAC Advisory Board. This invitation is being extended to you because of your high score achievement on the GPEN exam”. I felt honored, to say at least! This “high score achievement” confirms that I am located in an environment where I can develop my abilities to their maximum. My colleagues encouraged and supported me in achieving the GPEN certification, and I could always reach out to them when needed.

Passing the GPEN certification
Want to know more about this topic?
Contact us at