My GCPN Certification Journey

Hello, I am Virendra Pawar, founder of Sudarshana Labs, and a passionate penetration testing, bug bounty hunting, and security research, I have always been interested in pursuing certificates to up-skill myself and gain a valuable credential. After earning my OSCP, OSWE, and OSEP certifications, I found myself at a crossroads. Despite my passion for offensive security, I realized that I was not feeling to pursue OSED, primarily because of binary exploitation.

At Sudarshana Labs, we push the boundaries of cybersecurity, offering cutting-edge services to businesses seeking reliable security for their cloud environments. Sharing my personal journey in this blog goes beyond my certification; it aims to assist fellow cybersecurity enthusiasts and demonstrate how certifications like GCPN can significantly shape your cloud security expertise.

The SANS 588 Course Breakdown

I got access to the SANS 588 course in mid-November 2025 and started going through it by December. The course material was a solid mix of theory and hands-on labs, focusing on AWS, Azure cloud platforms, but topics can be easily applied to all other cloud providers.

• Book 1: Architecture, Discovery, and Recon at Scale - Introduction to course, difference between SaaS, PaaS, and IaaS, Cloud Pentest vs. Traditional Pentest.
• Book 2: Attacking Identity Systems - Talks about AWS IAM, Entra ID, Microsoft Graph, credential-based attacks.
• Book 3: Attacking Cloud Services - Actually brewing starts here by walking through AWS, Azure Compute and Serverless resources, exploit tools introduction and usages.
• Book 4: Vulnerabilities in Cloud Native Applications - IaaC and source-code related security risks like SSRF, SQLi and so on.
• Book 5: Infrastructure Attacks and Red Teaming - Containers, Docker, K8s, and examples.

Each chapter included a quiz at the end, which was a good way to gauge how well one understood the material. I would not like to go through any specific content of each book to prevent any potential violation.

Indexing for the Exam

This was my first SANS exam, so I was not sure what to expect. I quickly learned that a solid index is essential to navigate through the material efficiently. I created an index with:

• Topic Name
• Book Number
• Page Number
• Description

While the index method with descriptions seemed promising, I found it more of a hassle during the exam than it was worth. Instead, I opted for a simpler approach, using only the basic columns (Topic, Book Number, Page Number). I discovered that indexing accurate keywords from each page proved to be the most effective method.

Some people prefer to index each book, while I found it easier to keep everything in one place and refer to a single book. This approach is helpful because there are repetitions of topics across books, and having a single point of truth simplifies the process. The indexing process really helped me during the exam. Here are some photos of my actual index to show how I organized it.

Using MS Excel in Landscape orientation with only three columns, redirecting to book to read accurate information.

Sorted keywords in A-Z order for easy lookups. Picture from Excel.

This index must be in hard copy for the exam day. I have it printed on an A4 sheet, with a font size of 12, font name “Aptos Narrow (Body)”, in landscape orientation, narrow margins, and spiral binding. It is a single-sided print of 136 pages.

The left side of the index is sorted, while the right side is in the order I wrote it. The left side index is obvious for searching keywords in alphabetical order, while the right side index can help me quickly find other keywords on the same page, saving me time during exams especially if I do not want to go to the book and open that page.

Practice Tests and Final Preparation

The preparation took me around two months, during which I went through the course videos, completed all the quizzes, and refined my index. Before the exam, I did two practice tests.

• First practice test: 87% score in 1 hour 50 minutes

• Second practice test: 87% score in 1 hour 35 minutes

Both practice tests provided a good indication of the exam’s difficulty level. Based on online feedback, the practice tests were very close to the actual exam’s difficulty.

The Exam Day: February 17, 2026

The day of the exam was nerve-wracking. I arrived at the exam centre at 10:15 am, only to realize I had only one government-issued ID instead of the required two. Thankfully, my friend who had driven me there returned to retrieve my second ID, allowing me to complete the pre-exam checks by 10:50 am.

When I finally began the exam, the first ten questions were the most challenging, but once I overcame them, the rest became manageable. I had learned to prioritize easier questions first, so I skipped around seven questions and returned to them at the end. Although those seven questions consumed a significant amount of time, I managed to complete them.

I finished the exam in 1 hour 40 minutes, which gave me a little bit of time to review my answers.

The Result: A 93% Score

When I saw my score, I was thrilled to find that I had scored 93% and successfully passed my first SANS exam. It was a huge relief and a rewarding experience, knowing all the hard work had paid off.

Digital Badge Link: https://www.credly.com/badges/f87377f1-2733-4f24-a929-887bac75767c

Final Tips for GCPN Aspirants

1. Start Indexing Early: Begin creating your index as soon as possible. Focus on key terms and phrases from each page, keeping it simple and uncluttered.
2. Practice Tests are Your Friend: Taking practice tests helps you get a feel for the exam format and timing, and they also identify areas where you need more focus. I read somewhere that it’s possible to buy practice tests, so it’s better to be sure than to be sorry before the real exam.
3. Give Yourself Time: The SANS 588 course is comprehensive, so allocate at least two or three months to thoroughly review the material and practice.
4. Understand the Exam Structure: The GCPN exam consists of 75 questions that you must answer within 120 minutes. While it’s important to keep track of time, avoid rushing as I had loosed 2-3 questions due to this during my practice test. Carefully read each question.

In Conclusion

The GCPN certification was a challenging yet rewarding journey that enhanced my expertise in cloud penetration testing and strengthened the services we offer at Sudarshana Labs. It’s one of the best investments I have made for both personal growth and professional credibility. If you are considering pursuing it, my advice is simple: stay focused, practice consistently, and adapt your study methods as needed.

At Sudarshana, we view continuous security testing as a necessity rather than an option. Our approach combines AI-powered automation with the expertise of seasoned security professionals, filling the gaps where automation alone falls short. This ensures organizations receive thorough, real-world coverage instead of surface-level checks.

Through our services in Penetration Testing, Attack Surface Management, Red Teaming, and Defensive Security, we help organizations identify risks, prioritize critical issues, and strengthen resilience against evolving threats.

If you are interested in learning more about our offerings, please get in touch with us today.

#GCPN #GIAC #CloudPenetrationTesting #CloudSecurity #PenetrationTesting #OffensiveSecurity #CybersecurityCertification #SANS588 #CloudSecurityTesting #PenTest #Cybersecurity #IAM #AWS #Azure #Kubernetes #SecurityResearch #RedTeam #SecurityTesting #CloudNativeSecurity #GCPNCertification #SecurityProfessionals