Part of what has kept me busy over the last couple of weeks has been my studying for the SANS GCIH. I knew about the various methods of re-certifying, but opted to just retake the test. The books/media were shipped to me and I got busy with studying, especially the updates.
I really liked what was added to the course. The material is current and relevant to what we as incident responders are seeing. I had my books from my original certification and I quickly transferred my notes and highlighted what was new. And, I transferred all of my stickies and flags from the old books to the new books. That sentence should be bold, flashing, and scrolling. I feel that knowing where the material is in the books is one of the key factors to helping you pass and not waste time. The exam is challenging, even with open books, and it is easy to use up the time. Knowing where specific topics are in the books only helps your chance of getting a better grade.
I didn't do it this time, but I will the next time. I'll copy the table of contents to the front of the books so that I don't have to open them, I'll know exactly where to turn to. But, it helps that I knew the material in the first place. And, I'm passionate about incident response and forensics. It makes learning, or remembering, the information that much easier.
I've been toying with the idea of doing/submitting a Gold paper this time. However, I really don't have an idea of what to research/write about. Feel free to leave suggestions in the comments.