November 26, 2013 at 6:48 pm #8617jrdotyParticipant
Background. I love SANS. Great Instructors, great content. Love this industry, very fun and challenging. I mostly do malware analysis.
I’m looking to expand my skills a bit. I found the SANS cyber Guardian program. Basically its a series of courses that gives you a well rounded set of skills in security and then you either focus on Red Team or Blue Team skills sets.
The problem. SANS is expensive. I don’t believe I will be able to get my work to pay for every course. So I came up with SANS Cyber Guardian on a Budget. I’m basically coming up with other courses/certifications that would get me about the same skill set without the expensive SANS classes. For example
SANS Cyber Guardian Baseline Skills
GPEN = OSCP from Offensive Security
GCFA = The Hacker Academy Forensics modules (no certification)
GCIH = ?? No equivalent found
GCIA = The Practice of Network Security Monitoring by Richard Bejtlich. No equivalent certification found.
Red Team Skills
GWAPT = ELearnSecurity eWPT
GAWN = OWSP from Offensive Security / Security Tube Certification?
GXPN = OSCE from Offensive Security. (Not exactly but the closest I could find).
Blue Team Skills
GCFW = ?? No equivalent found
GCWN = ?? No equivalent found
GCUX = ?? No equivalent found
I plan to begin this in 2014. I’m curious if anyone out there can fill in the holes that I have. Are they any other courses/books/certifications that could replace the expensive SANS courses? There doesn’t seem to be a lot of other courses out there for the Blue Team skills. Is there a reason for that?
Any help would be appreciated.
November 27, 2013 at 5:23 pm #53662impelseParticipant
That’s a killing part.
Normally you find a book or two for other certification and those help you to self study to pass the exam (some others have videos, exams simulator, etc.) But GAC not, only focus in SANS institute and kill you with the prices..
Yep, they have respect of the community but still kill you with those prices.
Including challenge the exam you need $999 .
November 27, 2013 at 10:48 pm #53663caissydParticipant
I totally agree with impelse. $999 for an exam + about $50 for shipping your certificate, that’s really expensive.
Also, it’s an extra $400 every 4 years. But I guess that’s more or less the same as paying $100 per year to keep my CISSP… :-
In average, it costs me about $500/year just to keep my certifications… 😛 But, they really opened some doors that would have been closed otherwise.
November 28, 2013 at 12:19 am #53664azmattParticipant
You probably have already, but don’t forget to check out the SANS work study program. All of my SANS courses have been paid for out of pocket and there’s no way I could have done it without that program.
Feel free to hit me up with any questions you have.
December 1, 2013 at 2:05 am #53665dynamikParticipant
You left the GSE off your list of requirements, which is the cornerstone of the program. Also, in order to take that, you’ll need GSEC (unless you sub both GCUX and GCWN).
I’ve challenged every SANS certification I have, with the exception of one that I got for free for participating in a study. The nice thing about SANS/GIAC is that they’re vendor neutral/open-source whenever possible, so a lot of the information is usually already floating around somewhere. I go through the two practices you get with a challenge, and I make note of every tool, technique, etc. that is mentioned anywhere. I combine this list with the day-by-day breakdown of the corresponding course, and then create an outline in Word for each topic. Then I research.
I include help output, man pages, examples, workflows, etc. I usually end up with about 400+ pages for each exam. I also include anything related I come across while doing research and think might be applicable. For example, if I think a NIST document is relevant, I read through that and include it in the printout I bring in with me. The thing about doing all this work is that you learn the materially REALLY well. I often only end up referring to it a few times throughout the exam, and my lowest score so far is 85%.
I wouldn’t try to match up other courses because they’re just not going to fit well. For example, the OffSec courses (as much as I love [hate] them), just don’t map to GPEN and GXPN. I haven’t done the Hacker Academy Forensics module. While it will probably help some, I doubt it will prepare you for the exam.
Here are a few recommendations off the top of my head:
GSEC – Network Security Bible
GPEN – I didn’t prepare for this one since I do pen testing full time; I think I even gifted my practice exams. I’d probably go with the usual suspects of Hacking Exposed, Gray Hat Hacking, Penetration Tester’s Open Source Toolkit, the Metasploit book, etc.
GCFA – File System Forensic Analysis, and 3-4 of the new Syngress Forensic books
GCIH – Real Digital Forensics (probably brought this to GCFA as well), NIST 800-61 – Look at the course page, only one day is incident handling and the rest are hacker techniques. You should be in good shape if you have GPEN under control and have a good handle on the six steps.
GCIA – Multiple Bejtlich books, The TCP/IP Guide, the official Snort manual
GWAPT – WAHH2, Hacking Exposed Web Apps (3rd, I think), tons of OWASP material
GAWN – Haven’t done this one, but the resources you listed will fall ridiculously short. The Hacking Exposed Wireless book will probably be the best single resource, but you’ll probably have to research a lot of items (RFID, Zigbee, Bluetooth, etc.) to be fully prepared. This is a very broad course.
GXPN – Did the course for this one
GCFW – In addition to the GCIA material (lots of overlap — a solid grasp on TCP/IP will go far with both of these), just spend time with pfSense, iptables, etc. and take notes for anything new on the practice exams
I haven’t done either GCWN or GCUX, but again, just do research. You’ll probably be able to cobble together what you need from blogs, Technet, etc. You may not find dedicated books on this subject, but security may make up 25-30% of a general book on Windows or *nix.
Also, they’ll ship your cert for free, but it’s the wood plaque that you have to pay for (which used to be free as well). Maybe it’s different/more expensive because you’re in Canada.
The nice thing about the GSE is that one written exam every four years will renew all your GIAC certs. I’m not ambitious; I’m lazy and cheap 😉
You must be logged in to reply to this topic.