.

SANS Workstudy, a day by day breakdown =)

<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Thu Feb 05, 2009 8:28 am

SANS Workstudy, a day by day breakdown =)

Hey Guys,

i just wanted to post my breakdown of the SANS workstudy program. My track was for the GSEC but the workload is  similar for all classes. the link to apply:

http://www.sans.org/training/volunteer.php

Cost: $700
Duration: 7 days
Hours: 7am-9pm avg
Included: Class, test, online training

5 out of 5 Stars

Another day dawns, and I'm back home with my family after a rigorous week in Vegas for SANS Security Essentials.

I have to say it was one of the most fun infosec experiences I have had.

Beers with Ed Skoudis, riding a segway 15mph down the hallways of the Rio with Mike Poor, and 6 days of sponging up GSEC material with James Tarala. Not to mention a great camaraderie with fellow facilitators Ray and George.

Sunday - Day one was setup. Boxes and boxes of books unpacked, conference material sorted, and attendees registered, etc. Most of the heavy lifting was done this day, as well as scrambling to keep attendees as happy as possible. That’s one thing that I didn't expect was the actual level of service SANS offers their students. It’s amazing. They really go out of their way to make the high cost of the conference worth it. And it is. This day set the tone for the actual hours of work, 6am-9:30pm on average if you facilitated the SANS@Night lectures which of course I didn’t want to miss!

Monday - Day two was the first day of class. Getting students to be where they should be, handouts, basic teachers aide stuff. Day two is where you also see an abnormalities with equipment or courseware, you end up ferrying books and such back and forth/ GSEC day one is Network Fundamentals for Information Security; everything from topology, to switching, routing, VoIP architecture, packet analysis, IPV6, IPSEC, and physical security. Having been in IT but never a high powered consultant, getting James’ input in all the areas was an eye opener. Not to mention I sat next to 4 FBI cybercrime investigators and behind two DOD agents, which was cool and intimidating at the same time. Lucky for me they were all really nice individuals.


Tuesday – Day two was the first of the really cool SANS@Night events and the daytime was all about Defense in Depth. Topics included Viruses/Malicious code, Security Policy, Access Control, Incident Handling, Information Warfare, and Web App Security. As mentioned the night event was Rob Lee’s talk, “The State of the Hack: The Chinese Threat.” This talk was straight scary. Rob went over three cases he had worked on with advanced persistent threats. These were highly capable attackers, well funded, and persistent. Security measures for all these companies were in place, firewalls, IDS, proxies, host auditing, AV, etc. The main tool of choice for the attackers? Spear phising, vulnerable webapps, SQL injection, and browser attacks. Once in they dropped some lightweight but heavy payload malware, creating channels in plain sight but so entrenched in the network they could not be easily removed. An older version of the presentation can be viewed here: http://www.certconf.org/presentations/2008/files/C4.pdf


Wednesday – Day three was more depth in IS technologies, including attack strategies, Firewalls, honeypots, Vuln Scanning, IDS, IPS, and Risk Management. Another SANS@night gem was Kevin Johnson’s Wep app pen testing talk. He covered BeEF, Clickjacking, XSS, CSRF, et al. It was an excellent presentation. I wish he had posted it online, because honestly it was Alices’ long trip down the rabbit hole. I’d take the blue pill next time if I didn’t love this stuff.


Thursday - Day four was secure communications, two modules of crypto, stego, wireless sec, and Opsec. Crypto and linux sec are pretty much my weaknesses right now, so this day really identified the SANS ‘drinking from a fire hose’ motto for me. The best part of the day? Ed Skoudis’ Night presentation, “Secrets of Americas Top Pen Testers”. I blogged about it the day it I saw it. If you haven’t checked out the slides or seen his other series “Pentesting Perfect Storm” I would highly recommend you check them out. Plus Core came in and opened up the bar! Pizza and beer for all ;)


Friday – Day five was all about Windows sec. More Windows active directory than I ever wanted to know about… well not quite, but close. No one ever told me most application whitelisting server software was just pretty front ends over AD! Should’ve guessed.


Saturday- Day six was Linux security. At this point my brain was about full. Like a sponge that had absorbed too much, I was struggling to retain it all. Somehow I made it through, with a somewhat more advanced understanding of the wide world of the penguin.


Overall, it was amazing. If you read this far, you get a little treat. If you’re in the infosec space, IT space, hell even management space, go be a SANS facilitator. Classes normally are $4000 big ones (pluss $400 for the test and $400 for the online training), as a facilitator you pay $700. You get to meet most of the instructors; you get the online training, and a free GIAC test attempt. I networked with some great people, had some good times, and learned more than I expected.


Jason out ;)
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Feb 05, 2009 8:48 am

Re: SANS Workstudy, a day by day breakdown =)

Great writeup! Thanks.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Thu Feb 05, 2009 9:00 am

Re: SANS Workstudy, a day by day breakdown =)

Nice write

What conferrence did ya attend ?

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Thu Feb 05, 2009 9:18 am

Re: SANS Workstudy, a day by day breakdown =)

I did Security West Las vegas =)
<<

doodleface

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jan 12, 2009 6:26 pm

Post Thu Feb 05, 2009 10:22 am

Re: SANS Workstudy, a day by day breakdown =)

I just wanted to throw in that the facilitator program prefers if you stay a day before your part of the conference starts and 2 days after. You can work it out with the coordinators if you have an earlier flight or if schedule just can't permit you being at the conference that long.

You stay the extra days to help setup and breakdown the bookstore and the conference itself as part of the volunteer deal you are doing. Still plenty worth it.

Overall if you are going to a 6 or 7 day conference you will be staying there for 8 to 10 days depending if you take a couple one day courses before and after your main 6 day course.

By the way, the cost of the conference to you as a facilitator does not change of you take just one class or 3, I usually take 3 classes, more bang for your buck and you meet more instructors that way.
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Thu Feb 05, 2009 11:37 am

Re: SANS Workstudy, a day by day breakdown =)

doodleface wrote:I just wanted to throw in that the facilitator program prefers if you stay a day before your part of the conference starts and 2 days after. You can work it out with the coordinators if you have an earlier flight or if schedule just can't permit you being at the conference that long.

You stay the extra days to help setup and breakdown the bookstore and the conference itself as part of the volunteer deal you are doing. Still plenty worth it.

Overall if you are going to a 6 or 7 day conference you will be staying there for 8 to 10 days depending if you take a couple one day courses before and after your main 6 day course.

By the way, the cost of the conference to you as a facilitator does not change of you take just one class or 3, I usually take 3 classes, more bang for your buck and you meet more instructors that way.


Well.. It really depends on which conference you go to. The 10-15 class ones are small enough to assign one facilitator to day 1-6 in each class and an extra one to stay on the other days. So not EVERY facilitator must stay, usually just the one that wants to take the 1 day extra classes.

The 15-30 class conferences are much more work, but really bring out the best keynote and SANS@night speakers. Along with getting to swap classes with other facilitators as a perk.

The one day STAR classes are awesome though, no reason to miss them if you can afford the time off. Cutting edge hacking techniques, Metasploit for Pentesters, and now the new Developing Exploits one are REALLY good classes.

TIP: Share a room if you can, it'll save you even more!
<<

doodleface

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jan 12, 2009 6:26 pm

Post Thu Feb 05, 2009 11:47 am

Re: SANS Workstudy, a day by day breakdown =)

Totally agree with you Jhaddix. Very good point.
CISSP, OSCP, C|EH, E|CSA, C|HFI, GXPN, GWAPT, GCIH, GISP, GSEC, MCITP:EA, CCNA, FCT, FCNSP, JNCIA, JNCIA-FWV, MCSE Security, A+, Net+, Server+, Security+
<<

sethmisenar

Newbie
Newbie

Posts: 24

Joined: Fri Feb 06, 2009 7:39 pm

Location: Jackson, MS, USA

Post Fri Feb 06, 2009 8:02 pm

Re: SANS Workstudy, a day by day breakdown =)

Jason,

Full Disclosure: I teach for SANS on a monthly basis, and also serve in backend support for SANS OnDemand...

Great write up of the work study program.  Very glad to hear that you found it to be so valuable.

I've been an instructor at various levels for SANS since 2006, and I have to say that it all started for me with the work study program.  The connections I made through the work study program still serve me well in career both within SANS and outside. 

It still amazes me when I teach at some of the smaller Community SANS events and don't have anyone serving as a facilitator.  If someone is at all interested in SANS training and networking for their career then the work study program cannot be topped.

Great idea about splitting a room to lower costs if you aren't local to the conference.  Reminds me of one of my fellow volunteers at a SANS Toronto conference...  He had just graduated college, was working an entry level IT job in city government (if I remember correctly).  He wanted to specialize in Security and was too low on the totem poll for his org to spring for SANS training.  He saved his considerable ;) earnings for almost six months to afford the (then) $500 volunteer fee, convinced a friend to take a road trip to Toronto, and stayed in hostel for, I think, $17/day and stuffed whatever leftover cookies there were in his backpack for sustenance.  I do recall that he borrowed a cable lock and wrapped it around his waist at night to forego having to pay extra for a locker.

That is ambition.  I can only imagine that he is doing extremely well for himself now ,if that is the amount of effort he would go to in order to break into security...

Hope you don't mind my trip down volunteer lane... ;)

--Seth Misenar
GSE, CASP, CISSP, GSEC, GCIA, GCIH, GPEN, GCWN, GCFA, MCSE
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Fri Feb 06, 2009 8:34 pm

Re: SANS Workstudy, a day by day breakdown =)

Hey Seth,

I really, REALLY, dont mind at all. This is in fact very similar to my story. I work in a regular IT job and am a low man on the totem pole.

It has been my ambition to break into security for years but, with the economy like it is, competition is fierce and keeping  a steady job is important.

In fact i just had my first child and i could just barely scrape up the money for this trip, luckily I have a LOVELY significant other that supports me and MADE me go, knowing how much it meant to me.

I met a few other people there who were out of pocket and they are the heart and soul of IT.

The other thing i didn't really expand on is the networking. They really encourage networking with your conference mates there. I met admins of over 300,000 hosts, FBI Cybercrime Agents, University, Power and Electric, and other various security people. I came back with a stack of business cards all with people who actually have emailed me about numerous things, and i have no doubt that i will continue those relationships.

You have a 1to1 relationship with your class teacher too. No matter how big or small your class is, they give you their email and encourage you to ask them questions, forever! Some even giveout their phone numbers :P SANS instructors only get payed by how excellent they are, their student reviews actually determine their pay scale. They love to help others and it shows.

Anyways, thanks for the reply Seth, as much as i would like to keep the 'tater' experience all to myself, i think others deserve to reap the benefits. Be ready to work though!

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software