Finally got my GCIH results back last week and I passed! I wanted to write up something real because most of what I found online was either too vague or clearly written by someone who hadn't actually taken the exam. Quick background: I work in a SOC doing tier 2 analyst stuff, about 3 years in, and my manager basically told me to get certified or lose out on the senior role opening up in Q3.
I studied for about 10 weeks total, probably 8-12 hours a week depending on what was going on at work. The hardest part for me was the incident handling lifecycle — not memorizing it, but understanding how SANS expects you to apply it in scenario questions. I'd read the GCIH study guide cover to cover twice and still felt shaky until I started drilling practice questions. Honestly the GCIH practice test sets I found here were the closest thing to the real exam format I came across.
Anyone else prepping right now? Happy to answer questions about specific domains or timing strategy. The exam's 2 hours for 75 questions which sounds like plenty of time but some of those scenario questions are brutal.