SANS

[tibbs66]

Hi, I'm wondering if anyone has opinions on SANS 504. This is the scenario: I've graduated with a degree in computer forensics along with the CCE certification and am wanting to take a class in security that may help me to secure a job in the security/forensics field. I'd prefer not to have to take the Security Essentials 401 class first since I am paying out of pocket and can only afford one class at the moment. So I would like to take a class that is more in depth instead of all around. I do have networking knowledge through a Certificate of Completion in Networking that I did years ago. I was told by several people that it may be best to start out in the security field and then move into forensics unless I decide I like security and decide to stay in it. I have had several informational meetings with head security officers from organizations such as hospitals, colleges, and a few financial companies in my community and have been told that these two classes would be the most beneficial to me regarding first time employment. I'm just wondering if either of these classes would be too difficult for me since I really don't have formal experience within the security field....just security to my own and my friends computers.
Thanks...

[tibbs66]

Sorry, I forgot to mention that I'd like opinions on the SANS 503 class also. What class would be best for a newbie to take and not feel overwhelmed?

[hell_razor]

503 would not be very good for a newbie at all.  The 504 course is a relatively tame starter course, but I would strongly recomment 401 as your first course, especially if you are new to security.  Let's try, though, not to make this another "my certification can beat up your certification" type of feud guys.

[idr0p]

It looks like you have enough background to go through the GCIH (504) no problem. I think that will capture your interest as it deals with sec and forensics alike. I say go for it. you should do fine.

[pseud0]

As long as you understand what the GCIH is, and what it is not, and you are still interested then it's probably worthwhile to pick up.  I always thought the "incident handler" title was a bit misleading as it implies there is a heavy forensic/IR component to the course.  The course is actually more on showing you the attacker side of the equation with some lighter details on prevention and response.  (no dc3dd vs dcfldd discussion here)  It would probably fit the need of moving a forensicator into the security mindset as it at least attempts to make the connection between the attack/prevent/respond aspects of the work.  In short, it isn't deep enough in security to make you a l33t h@x0r, but it'll give you enough to understand what goes on in that world.  It won't add much to your existing forensic skill set, but it'll give you more of an insight into how forensics is related to, but not the same as, incident response.