October 15, 2010 at 12:00 am #5687
I have been saving couple of bucks this year to spend on training. So decided i should look into Incident handling( which i have no experience ). Browsed sans course curriculum website, seems similar to a pen testing course. So I’m not sure that whether i should go for this course specially when I’m spending around 4k myself. Members over you have previously done this course could advise me ” what exactly i would get out of the course” I’m really interested in incident handling.
Are there any better courses courses for incident handling ???( I’m looking to get good knowledge don’t care about the value of certification )
Should I be look into sans 408 ?? or ECIH
October 15, 2010 at 12:58 am #35787Dark_KnightParticipant
Is this your first security cert? What is your background like?
October 15, 2010 at 1:19 am #35788
Hello Dark Knight thanks for replying.
No this is not my 1st security cert and i have previously taken courses with sans.
well I’m have been working in security operations/auditing for a while.
October 16, 2010 at 6:42 pm #35789dynamikParticipant
This course includes a lot of hacking concepts because you need to know how common attacks (at an extreme minimum) are performed in order to properly respond to them. The course is definitely taught from a defensive / reactive perspective, which I believe is what you’re looking for. On the other hand, the GPEN focuses on the offensive aspects of penetration testing / ethical hacking.
October 17, 2010 at 1:48 am #35790
Thanks for the info dymanik. I’m definitely don’t want overlap as i would be planning for OSCP or similar kind of course in future as well i have ECSA/LPT.
I would believe GCIH is about how to counter the incidents using various tools & tricks along with methodologies ??
October 17, 2010 at 2:50 am #35791COm_BOYParticipant
At this point I have started thinking that enrolling for courses like that is a wastage of money , maybe I am wrong . These days we have blogs , and every one starts a blog in someway to let you know several stuff , there are free online tutorials to help you get into action , there are free resources ( even from companies like google ), there are cheap used books on amazon . One can take help from those if he is skilled enough on google and learn a lot of things . As far as crossover query is concerned I would say 4K is too much , maybe I am wrong depending on that factor how much other people earn .
Check out the following links out
October 17, 2010 at 3:15 am #35792What90Participant
I really like the SANS IH course as it’s a great introduction to the incident handler process and from what you’re saying, I’d think this is a good starting point.
More advanced or very focus IH courses are from US CERT http://www.cert.org/ or one I’d love to take is Richard Bejtlich’s course http://www.blackhat.com/html/bh-ad-10/training/bh-ad-10-training_ts.html
If you have the time, energy, resources and luck to find everything you need and then can make sense of it online, then go for it. There’s a lot of very poor information out there on the web, so paying for training that has been peer reviewed and raved about mean you get an excellent education in a very short time space. Money outlays from courses can be a problem, but as long as it’s invested wisely, it pays for itself in the long run and over the course of your career.
I really enjoyed the back track course, but even with the 60 day labs, I was under a lot of time pressure. Given the option of having six days in a class room with like-minded people over sitting at home for a month with a million real world distractions, I’d opted for the classroom. 🙂
October 17, 2010 at 4:30 am #35793
I would say from my experience. I have taken courses for EC council and other security certs but nothing came close to sans quality inspite being expensive i always was happy with quality and the style of teaching (though they will never come down on prices )
I have checked Cert.org courses they don’t seem technical as GCIH. ECIH ( i wasn’t satisfied with ecsa/lpt course which i took in past )
- You must be logged in to reply to this topic.