.

SANS course question \ recommendation

<<

VashTS

User avatar

Newbie
Newbie

Posts: 15

Joined: Sun Nov 25, 2007 8:30 am

Post Tue May 10, 2011 8:59 am

SANS course question \ recommendation

My boss has mentioned that we have some funds available for training and since I'm the most security minded one of our group asked if I'd be interested in some more training in that area. He has taken some SANS classes in the past and said I should look into it.  I received the E-mail for the Security 401 course and while it looks good, I'm worried it might be a bit too broad or I'd go in already knowing a lot of if not most of the stuff in the course.

If anyone has taken these types of courses, how in depth do they go into these concepts? Is there much or any hands on? If anyone has any recommendations on other courses to look at, I'd love to hear that as well.
2K3 MCSE, A+, Security+, SSCP, CCNA, CCNA Security
Next on the list:
No idea..
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue May 10, 2011 11:12 am

Re: SANS course question \ recommendation

Are you interested in any specific area? What is your job role right now?
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 10, 2011 11:35 am

Re: SANS course question \ recommendation

VashTS wrote:I'd be interested in some more training in that area.

I received the E-mail for the Security 401 course and while it looks good, I'm worried it might be a bit too broad or I'd go in already knowing a lot of if not most of the stuff in the course.


Define "that area." 401 is not necessarily an "intro" course as in "Hey here is security for dummies." 401 is meant to introduce its students into a wide variety of areas they may not have been exposed to in the security arena.

Day 1 - Networking Concepts: routers, networks, interconnections, physical security, etc
Day 2 - Defense In-Depth: policies, planning, DRM, into to web app security, intro to biometrics, etc
Day 3 - Internet Security Technologies: Intrusion Detection/Prevention, Honeypots, assessments, etc.
Day 4 - Secure Communications: crypto, stego, messaging, opsec, etc.
Day 5 - Windows Security
Day 6 - Linux Security

That's enough to fill a lot of space however, you stated that it may too broad or you'd know much of it. With that said, let's assume you're fluid in all of the listed. Pick your poison. What is your objective. Do you want to defend, do you want to "offend" do you want to be a web application specialist, do you want to dig into forensics, etc., etc, etc. This is a question only you can answer as only you are aware of your capabilities. What I would advise is to begin by picking a poison (red pill/blue pill) and go from there.

What does your typical day consist of. E.g., would make no sense for you to take content on Linux if professionally your goal is to stay in a Windows world. Much like myself, I semi-halted CCIE studies because I primarily use Juniper now. Makes little sense for me to waste time. So... What is it you do during the average course of a week. Protect, compromise, response, forensics. Baseline a few of these topics and make a choice.

Because of your signature, I interpret there is a lot of Windows. Perhaps the GWCN would be suitable:

http://www.sans.org/security-training/s ... ows-77-mid
<<

VashTS

User avatar

Newbie
Newbie

Posts: 15

Joined: Sun Nov 25, 2007 8:30 am

Post Tue May 10, 2011 2:17 pm

Re: SANS course question \ recommendation

By "that area", he was talking generically about Security. Unfortunately the role hasn't really been defined since no one in management around here takes security seriously in the least and when I point things out I am normally told to stop being so paranoid or an alarmist or asked why I like to try to make things difficult for everyone. (I was told this most recently when they told me to make it so our wireless was open [and by open I mean no security at all] so people could use their iPads and I pushed back.) Since our company has recently had a big push towards taking our business to the web, that has changed a bit.

I guess my first impressions I got from looking at the course got me thinking it was for someone with no security or networking knowledge at all. I think seeing "Network Concepts" being listed as the first thing scared me off a bit.

My current job role here is fairly wide spread. I do a lot of Windows networking \ AD, VMWare, Cisco Routers, Switches, ASA. The only thing around here I don't touch at all is the SAN. I don't have an official job role with security, but it's been a small side role for me since I got here.
2K3 MCSE, A+, Security+, SSCP, CCNA, CCNA Security
Next on the list:
No idea..
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 10, 2011 2:23 pm

Re: SANS course question \ recommendation

In this case, I would go strictly with the 401 course which will open your knowledge base to more than just the technological side. I implore you go back to SANS' website and look at the day to day modules associated with the course. As for the content and speakers, it is always top notch.
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Wed May 11, 2011 6:52 am

Re: SANS course question \ recommendation

Hey VashTS,
You pretty much run into one of the most common themes in IT Security today. Mgmt doesn't care or is ignorant of the security threatscape. That ends up going back on us as security minded individuals to show them the risk in terms they understand. Business terms, lame powerpoints, green and red metrics .... but I digress.
So I would recommend taking something like GCIA or GCIH that would enable you to find active threats in your computing environment. That is something you can leverage right away and show them the threat in action. In my experience most of the courses showing you how to securely configure Win/Nix/IOS are an expensive way to learn what is already freely available online.
Also, I make a habit of bookmarking and/or printing to pdf all the big corporate hacks to highlight the real risk. Even though they may ignore you and write off your security concerns, they usually will pay attention to a NYTimes article showing a company had their email posted to wikileaks and ended up losing massive amounts of shareholder value.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon May 16, 2011 6:53 pm

Re: SANS course question \ recommendation

Sorry for the late reply. I've been somewhat occupied the past week.

SANS Sec 401 is a VERY good course, and as Sil pointed out no matter who is teaching it, you can be assured they are top notch.

I took the course as a "facilitator" with Dr. Eric Cole (the curriculum lead) about two years ago, and although I already had two other SANS course under my belt and a couple other security certs, I learned a lot! There were days (day 6 for me) where I really didn't get any new information, but that is more the exception than the rule.

By all means, though, if there is another course that better lines up with your  career direction/goals, go for it. That was how I got introduced to SANS. My first course was SEC 506 since I was a Unix/Linux Systems/Security Administrator at the time.

Here's Dr. Cole describing what the course is about and what you will get out of it:

http://www.youtube.com/watch?v=bpoep3Dskb0
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

VashTS

User avatar

Newbie
Newbie

Posts: 15

Joined: Sun Nov 25, 2007 8:30 am

Post Tue May 17, 2011 10:54 am

Re: SANS course question \ recommendation

Thanks to everyone for the replies. I have put in two requests for training this year. One for the SANS 401 and another for ASA. I'm doubting I'll get approved for both so I'll be forced to pick just one. I think at this point with all of this feedback, I'll end up going with the SANS course. Thanks!
2K3 MCSE, A+, Security+, SSCP, CCNA, CCNA Security
Next on the list:
No idea..

Return to Security

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software