SANS Cyber Guardian on a budget

Viewing 4 reply threads
  • Author
    • #8617

      Background. I love SANS. Great Instructors, great content. Love this industry, very fun and challenging. I mostly do malware analysis.

      I’m looking to expand my skills a bit. I found the SANS cyber Guardian program. Basically its a series of courses that gives you a well rounded set of skills in security and then you either focus on Red Team or Blue Team skills sets.

      The problem. SANS is expensive. I don’t believe I will be able to get my work to pay for every course. So I came up with SANS Cyber Guardian on a Budget. I’m basically coming up with other courses/certifications that would get me about the same skill set without the expensive SANS classes. For example

      SANS Cyber Guardian Baseline Skills

      GPEN = OSCP from Offensive Security
      GCFA = The Hacker Academy Forensics modules (no certification)
      GCIH = ?? No equivalent found
      GCIA = The Practice of Network Security Monitoring by Richard Bejtlich. No equivalent certification found.

      Red Team Skills
      GWAPT = ELearnSecurity eWPT
      GAWN = OWSP from Offensive Security / Security Tube Certification?
      GXPN = OSCE from Offensive Security. (Not exactly but the closest I could find).

      Blue Team Skills
      GCFW = ?? No equivalent found
      GCWN = ?? No equivalent found
      GCUX = ?? No equivalent found

      I plan to begin this in 2014. I’m curious if anyone out there can fill in the holes that I have. Are they any other courses/books/certifications that could replace the expensive SANS courses? There doesn’t seem to be a lot of other courses out there for the Blue Team skills. Is there a reason for that?

      Any help would be appreciated.

    • #53662

      That’s a killing part.

      Normally you find a book or two for other certification and those help you to self study to pass the exam (some others have videos, exams simulator, etc.) But GAC not, only focus in SANS institute and kill you with the prices..

      Yep, they have respect of the community but still kill you with those prices.

      Including challenge the exam you need $999 .

    • #53663

      I totally agree with impelse. $999 for an exam + about $50 for shipping your certificate, that’s really expensive.

      Also, it’s an extra $400 every 4 years. But I guess that’s more or less the same as paying $100 per year to keep my CISSP… :-

      In average, it costs me about $500/year just to keep my certifications… 😛 But, they really opened some doors that would have been closed otherwise.

      It’s tough!!

    • #53664

      You probably have already, but don’t forget to check out the SANS work study program. All of my SANS courses have been paid for out of pocket and there’s no way I could have done it without that program.

      Feel free to hit me up with any questions you have.

      Good luck,


    • #53665

      You left the GSE off your list of requirements, which is the cornerstone of the program. Also, in order to take that, you’ll need GSEC (unless you sub both GCUX and GCWN).

      I’ve challenged every SANS certification I have, with the exception of one that I got for free for participating in a study. The nice thing about SANS/GIAC is that they’re vendor neutral/open-source whenever possible, so a lot of the information is usually already floating around somewhere. I go through the two practices you get with a challenge, and I make note of every tool, technique, etc. that is mentioned anywhere. I combine this list with the day-by-day breakdown of the corresponding course, and then create an outline in Word for each topic. Then I research.

      I include help output, man pages, examples, workflows, etc. I usually end up with about 400+ pages for each exam. I also include anything related I come across while doing research and think might be applicable. For example, if I think a NIST document is relevant, I read through that and include it in the printout I bring in with me. The thing about doing all this work is that you learn the materially REALLY well. I often only end up referring to it a few times throughout the exam, and my lowest score so far is 85%.

      I wouldn’t try to match up other courses because they’re just not going to fit well. For example, the OffSec courses (as much as I love [hate] them), just don’t map to GPEN and GXPN. I haven’t done the Hacker Academy Forensics module. While it will probably help some, I doubt it will prepare you for the exam.

      Here are a few recommendations off the top of my head:
      GSEC – Network Security Bible
      GPEN – I didn’t prepare for this one since I do pen testing full time; I think I even gifted my practice exams. I’d probably go with the usual suspects of Hacking Exposed, Gray Hat Hacking, Penetration Tester’s Open Source Toolkit, the Metasploit book, etc.
      GCFA – File System Forensic Analysis, and 3-4 of the new Syngress Forensic books
      GCIH – Real Digital Forensics (probably brought this to GCFA as well), NIST 800-61 – Look at the course page, only one day is incident handling and the rest are hacker techniques. You should be in good shape if you have GPEN under control and have a good handle on the six steps.
      GCIA – Multiple Bejtlich books, The TCP/IP Guide, the official Snort manual
      GWAPT – WAHH2, Hacking Exposed Web Apps (3rd, I think), tons of OWASP material
      GAWN – Haven’t done this one, but the resources you listed will fall ridiculously short. The Hacking Exposed Wireless book will probably be the best single resource, but you’ll probably have to research a lot of items (RFID, Zigbee, Bluetooth, etc.) to be fully prepared. This is a very broad course.
      GXPN – Did the course for this one
      GCFW – In addition to the GCIA material (lots of overlap — a solid grasp on TCP/IP will go far with both of these), just spend time with pfSense, iptables, etc. and take notes for anything new on the practice exams

      I haven’t done either GCWN or GCUX, but again, just do research. You’ll probably be able to cobble together what you need from blogs, Technet, etc. You may not find dedicated books on this subject, but security may make up 25-30% of a general book on Windows or *nix.

      Also, they’ll ship your cert for free, but it’s the wood plaque that you have to pay for (which used to be free as well). Maybe it’s different/more expensive because you’re in Canada.

      The nice thing about the GSE is that one written exam every four years will renew all your GIAC certs. I’m not ambitious; I’m lazy and cheap 😉

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?