my first reaction to what is missing from pen-test courses would be 'me
' can't get myself the time or resources needed to take all the courses I want
On a more serious note, it could be useful to have a module (or at least reference other sources of information) based around presenting security information to 'business' people. One thing that I always struggle with is managing to explain the latest and greatest exploit or attack vector to non-security people, most attempts result in 'that's interesting...' followed by their desire to be somewhere else.
I don't think it matters how well a penetration test or technical audit is performed technically if those in power and controlling the purse strings can't understand the risks then the right action is not going to get taken.
I can't speak for all pen-test courses (I have seen OSCP and CEH courseware material) but this isn't something that I've seen in any depth (or at all). Although from reading through some the SANs offerings this may be something that is present in their courses.
Overall I like the aspects of the course as you describe them in your blog posting, especially keep the courseware updated in line with the experiences and findings of an actual pen-test team on the front-lines.
Only issue I can see is I'm not sure how you'll be able to both keep the material upto date (you mention quarterly updates) and at the same time keep the taught material consistent between different instructors and classes (another goal you describe). To me that seems like a too frequent update cycle to keep that tight control over.
Hope you have some success, if you manage to produce a course as you describe it'll definitely be added to my training wishlist.
<minor edits for grammar/clarity, I shouldn't be posting to forums at midnight at the tail end of a 16hr+ shift