I attended SANS 560 recently (May 2010).
Before enrolling I noticed the NOTE below about the course, saying that it is a pretty technical one. I have never had a chance to go to any SANS course before, so I really can't tell how it compares to others.
I have to say that I had problems keeping up with the course
, not because I’m not technical enough, but because of the speed of it - lots of material, the instructor didn't stop talking one second, and my brain works in a particular way that goes against that, when I find something that interest me, I want to fully understand it before I move on.
Just to give you an example, when the instructor talked about Pen Testing methodologies, I was familiar with one he mentioned, but not with the others, so I wanted to read the descriptions in the text book, by the time I finished, the instructor was well into the next section of the course. Basically I was playing catch up sometimes. But that is just me.
If you are asking which course to go to, I say 560, because I understand that it covers most of the material in 504 (overlap). These courses are very expensive, so there is no point attending 504 now, and later on 560, which will be mostly a repetition. Of course, if your employer is paying for the training, I guess it is a different scenario.
Just to give you some info about me, I work in Network Security and use some of these tools on a daily basis, but some were new to me. I’m very strong in Windows, weaker in Unix. I have a few certifications as well. The most technical course I have taken was "Oracle University" PL/SQL for Oracle 8, back in 1999, and I really got some grey hairs because of it, it was very difficult for me at the time. In comparison, SANS 560 was a very satisfying course.
As you can see, “technical course” or a “challenging course” depends on your own technical skills and where you are in your career.
IMPORTANT NOTE: SANS Security 560 is one of the most technically rigorous courses offered by the SANS Institute. Attendees are expected to have a working knowledge of TCP/IP, cryptographic routines such as DES, AES, and MD5, and the Windows and Linux command lines before they step into class. Although SANS Security 401 (Security Essentials) and then next SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling) are not pre-requisites for 560, these courses cover the groundwork that all 560 attendees are expected to know. While 560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course.
SOURCE: http://www.sans.org/security-training/n ... ng-937-mid