First Sans Training August

albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
Looking for a recommendation on a Sans training coming to a city near me right around the corner. I have until June 25 to make a (discounted)purchase. It will be my first Sans training and I have the money to "invest" in my future. Not sure which road I want to take I know that could narrow down my search and help with advice I know I know. I look at it as a wine tasting, sometimes you go through a few glasses of wine to find one you like. I highly highly highly prefer to hear from individuals who have taken SANS training In the past. Its like taking advice on how to take out a transmission from someone who never changed one. Would like to mark the GSEC off the list because the 0900-1900 conflicts with my schedule. Thanks in advance.


  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    It would be helpful to know what subject area(s) interest you as well as your existing infosec experience (both work and hobby). There are several courses where on the first day will extended into the evening; it's normally a Linux CLI introductory session since the rest of the course will greatly depend on it.
    Hopefully-useful stuff I've written:
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I will go through some SANS training and give you an overview on it

    GCIA is the most valuable SANS training you can get among all. A few reasons
    1) GCIA is one of the most difficult to self study for (but possible), thus making the courses very valuable as you cannot find it elsewhere
    2) GCIA is a requirement is many SOCs among banking and financial sector
    3) Able to tech up to forensics field, which is valuable to many high end SOCs within fortune 500 banks and companies like FireEye
    * And SOC is the only department that requires the most headcount to run one, thus making it ideal you want to break in IT Security

    1) One of the most difficult course despite being a 5xx course, it is very close to CISSP in terms of standard
    2) Best if you know CEH or GCIH material well beforehand before even attempting this course

    1) Best foundation to all technical certifications
    2) Foundation to GPEN due to overlapping materials

    1) Capable to self study for, thanks to Counter Hack Reloaded, Hacking Expose and Incident Response and Computer Forensics books. And CEH as a foundation to GCIH.

    1) Best foundation to all compliance certifications and introduction to administration
    2) Serve as a good basic to CISSP due to overlapping areas
    3) Can be slightly difficult to self study for (possible but you had to cover a lot more than the material yourself), thus making the exam material valuable

    1) The heading in the certification may not be as outstanding as other GIAC certs.

    Going a hybrid study is the best if you had time!
    Hybrid - study using books written by industry leaders and official course materials
    1) Allow you to emulate how close is non-official books as compare to official course materials
    2) Try to pass with minimum aid of the course materials, if you can, you can continue to pass GIAC certs without them
    3) From experience, every 2 GIAC is as good as a single CISSP in terms of salary gain.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think the difficulty in SEC503 is very dependent on existing experience with networking and traffic analysis work. 503 is still to this date one of the most favorite courses I've taken from SANS, but at the same time I managed to get through the GCIA exam in less than an hour and fifty minutes (and I scored a 96 on the exam). I'm sure there were a few lucky guesses which I hit the mark on, but otherwise if your eyes are adjusted to seeing patterns based on previous knowledge of protocols and their behavior, it's not necessarily super-tough.

    That said, I've seen many network engineers who think they know networking and security, and then once they dive into packet traces they lock up. That's sort of revealing how much they're really comfortable with (just configuring the tools, or actually evaluating live traffic behavior and distinguishing between normal and abnormal).
    Hopefully-useful stuff I've written:
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    Making the purchase next week. I plan on taking the GCIH but the GCIA is getting a great deal of hits on job boards. I can't wait to attend training and I have not even bought it YET. I thought about self study. .but attending training will keep me away from said would not pay for the training. Just alot of false promises. Will keep you posted
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    I know it is a bit of part time English teachers on this forum who like to comment on incorrect grammar ;) Forgive me I am on my phone at work.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    SEC504 (I refrain from using the certification terms because I view the training separate from the certification process, plus SANS and GIAC are technically two different entities) will give you a good start in viewing the network as an attacker. It's not really a pentesting course, but it includes a red-team perspective which is invaluable. While 503 helps you in this regard as well, 504 is overall more practical as an introduction to the overall approach and mindset.

    SelfStudy or OnDemand is quite convenient and I've used it many times, but 504 includes a CTF on the last day of class where you work in teams. Collaborating your efforts with others to solve a problem in real-time is what makes the live-instruction option at the conference vastly different from doing the SelfStudy / OnDemand route at home.
    Hopefully-useful stuff I've written:
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    Thank you. I have one final question if you don't mind. Do you think the 503 or 504 would land me a job easier/quicker without 503/504 " past experience"..? I promise you that will be the one I pick! I GUARANTEE it. I am not looking for a job I have a job already but when this contract is up......I am leaving.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    In regards to getting job, without experience would put you in secondary consideration, only once all primary considerations are use up due to budget or headcount issue, then secondary consideration will come into discussion, ideally, you would want to push yourself to the top of secondary consideration by showing interest in IT Security through certs and passion so they will pick you when they run out of primary choice.

    On employers mind, they would pick a secondary consideration if they think it is possible to train them up, and if you show you had been through the self upgrading and thus give you a bump above other candidates.
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□

    Thanks You. With that being said between the 503 and 504 which training would you recommend ? Would give me the best "chance".
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Training wise I would recommend 504 over 503. 504 is very solid foundation to many of the technical path and even arguably a good technical certs to compliments with management certifications.

    In hiring manager eyes that had understand about GIAC courses,all GIAC course will probably weigh more than other certifications that does not require experience; however, GCIA weigh probably slightly a little higher, with GCIA being more in depth (going down to packet levels of all attacks and traffics) while GCIH is somewhat a technical overview, touch and goes on all attacks on how it works but never actually go beyond it; but GCIH still gives you an edge over other candidates who do not have an GIAC certs; while GCIA will give you a better shot at a SOC environment given so many SOC looking for it (but some never actually uses it)

    In HR eyes wise, GCIA would had a better weigh on job posting, since HR won't be able to tell the difference, but having GCIH, HR would probably line you up for interview as well.

    Tools wise, GCIA has better coverage, hands on wireshark and tcpdump are some of the tools that employers do look for, while GCIH is more valuable in incident handling, a job that is rarely seen, GCIH also can get you a crash course in linux, some tools like nessus and nmap, useful in your daily work but probably not something that hits the hiring manager eyes directly.

    Both GCIH and GCIA puts you in an advantage among other candidates, but on close comparison, GCIA weighs more in tools and resume coverage; but this also comes with the fact that GCIA is twice more tougher than GCIH, its best to understand roughly what is attack is about before even thinking about going to the packet level to analyse it.

    I would recommend GCIH given that its easier to pass, great foundation, and a useful crash course to everything you need to understanding about technical aspect of IT Security at a very basic level.

    I would recommend GCIA if you are very solid in your foundation and would want to give deeper into the packets layer, you get to enjoy the ripe of your hardwork once you pass, but you had to put in a lot more if you are not technically strong yet.
  • Khaos1911Khaos1911 Member Posts: 366
    Man, after completing Security+, SSCP, CEH, and now finishing up GSEC studies. I'm all "foundation'ed" out. After GSEC, I'm diving right into GCIA and then coming back for GCIH. The plan is to be done with all three GIAC's this year. Throw in CISSP next year and I think I'll be all done with certs (if not forever, atleast for awhile...Outside of renewing these, of course) Though I kinda want to take on GSE, but I'll finish out these certs before I even think about going down that rabbit hole.
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    Bought the 504
  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    Went through online. Then went outside and paid by phone. Asked for a email confirmation was told 24-48hrs from the training department.....what the @$%&? Ill have my stop watch out. I am excited about the training but sad about the 4695 bucks I am out oficon_sad.gif it will even out I guess. I will pay for the cert attempt before class is over.Time to sit at my desk and cry. .just playing
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,915 Mod
    SEC 504 is great. You'll love it.
  • chanakyajupudichanakyajupudi Member Posts: 712
    It is a good course. It will be worth it !
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]

  • albinotigeralbinotiger Member Posts: 31 ■■□□□□□□□□
    Thank You Thank You to all. I received my confirmation it made me smile in the email when it said once access to online material is granted no refunds will be given..that was smart. So the training is not until August will I get access to anything BEFORE August ##? Ok question #2 I wear a suit to work or at least the pants (summer time) not because I have to either. Can you wear jeans shorts or anything "comfortable" to training? On the form I had to put my shirt size...please please tell me I Don't have to wear a shirt they hand out.....
  • Khaos1911Khaos1911 Member Posts: 366
    Unless you're a facilitator, you can wear whatever you want. I'd advise for you to be as comfortable as possible. Those are some long days sitting in one spot.
Sign In or Register to comment.