New to Security Side - Taking GSEC401 next month

RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
Hello all,

I just recently got my foot in the door at a company working as a Security Analyst. This is a whole new world for me for the Security side of things and was just recently, as of last week told to sign up for the GSEC401 course locally as my company is paying for the class. I had no idea what it was so I did the research on it the past week. Seems a bit hectic as a new comer, and very expensive (luckily company is paying for it completely.)

My question to you people is this, how overwhelmingly is it going to be for someone like me to be completely new to the Security scene? Ive heard back and forth and some say I should take GSEC301 and some say just dive in and use your brain as a sponge and try and pick up security this way.

Can I get some thoughts on this from people who may have been in my boat and/or experience with this?

Much obliged!

Comments

  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    FYI-

    I have been surfing these forums for a while now. JDMurray seems to be the knowledge go to guru on mostly everything Ive seen. I just havent seen someone like me completely new to Security ask a question like this.
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    Welcome aboard. SEC301 is REALLY basic. You say you are new to security but what is your IT background?
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    -Associates in Computer Networking Systems attained back in 2010 and havent been able to put it to much in depth use.
    -Worked in data centers as lowest of the totem pole for the past 4 years. (Building servers, and maintaining basic customer support, and physical security)

    New to Security as in havent done anything with security to networking, ethical hacking, pen testing, OS Security, etc.
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    I don't think you'll get much out of SEC301. I'm gonna go out on a limb here and say that whoever told you to go for 301 has no idea what they were saying. Based on your profile you'll be best served by SEC401. Also, keep in mind the GSEC certification has some value while the GISF is basically not recognized anywhere.

    Make sure you look into the Work Study program. You work an event and get the class, OnDemand, and a cert attempt for $900. That's how I've done 3 SANS classes and recommend it to anyone who will listen.
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    Thanks Cyber for the info!

    Ive heard about this Work Study program they offer. Seems like a pretty legit deal. $900 though is a pretty steep cost to "maybe" get hired on as a Facilitator. Do you have to apply each time or is that a flat rate which could become unlimited to offers to become a Facilitator? (IE: I pay the $900, I get picked up, do I have to pay another $900 for the next event and so forth? Or does the $900 become a flat fee and unlimited ability to be a facilitator? If any of that makes sense.)

    Im now even more stoked to take this class after getting insight that a new comer to this industry will be alright doing SEC401.

    Besides downloading VMWare Workstation and installing Kali, what else do you suggest to do in preparation for the week long class that wasnt mentioned on the site?
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    Oh no, $900 for each class. I am doing a class in Chicago right now. If I want to go and do another class a facilitator in let's say Vegas coming up in October, I have to apply again to the program and if selected pay the $900 again. As much as I love SANS gotta say that EVERYTHING is expensive with them. Classes, exams, gold papers, you name it. Totally worth it though.

    Glad that you ask about prep. In every class I've taken there seems to be some people who it's obvious are over their head or didn't do anything to prepare. For example, in my SEC505 (securing Windows) some guys had no idea about cryptography, specifically PKI. That day we lost half of the class. When I did SEC504 (Incident Handling) we had a guy that was holding the whole class back. Couldn't even figure out who to get his MAC address. For real, not making this up. SANS does a great job of describing major areas to be covered so my suggestion is to go through those on their website and try to identify your weakest ones. For example, For some people taking SEC 401 their Achilles heel is Linux. Reviewing the basics before the class will definitely give you some advantage.
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    Ahh ok so you ONLY pay the $900 if chosen to be a facilitator for that specific class you apply for. Not you pay the money and hope you get chosen or the money is basically pocketed by SANS. Thanks for clarification. I think this is something my company would be willing to pay for.

    Is there anything within Kali you suggest that I install in preparation for 401? Or is all of that done on the first day? Yea Linux is definitely an Achilles heel for me. So Ill try and get some time in basic knowledge before the class starts on Linux fundamentals. I just hope that im not that "one guy" who holds the class up on something small that I probably should have researched before hand.

    So with me taking this boot camp, will it provide me with all books needed to study to take the certification a couple months after the fact? Should I take the other SEC (SEC504, SEC505, SEC501, etc) classes before taking the GSEC certification? Or will the boot camp and books be perfectly fine? (Probably a stupid question, Im assuming I wont need to take the other courses, but just checking.)
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    Correct. Apply, then wait. On the application you can put up to three courses you wish to be considered for, in order of preference. If you are accepted then you decide if it still makes sense for you and then sign up and pay the $900.

    In a perfect world you would have your environment ready before you get to the class. SANS sends you a zillion emails warning you about this but for some obscure reason people just don't listen. They say Win 7, and people show up with Win 8 and then are begging for an ISO. Since a lot of stuff on labs could be very disruptive I always wipe my laptop before and after the class. That way I avoid surprises.

    Absolutely no need to take any other class to attempt GSEC. The courses are designed to match the tests perfectly. If you attend the class, comprehend the material, and take a good index to the test (all printed material including books is allowed) you will definitely pass. It may be worth noting that most SANS courses are updated 3 times per year so it's in your best interest to take the test ASAP after you are done with the class.

    You are welcome to use whatever tools you wish. However, as of today the labs are done and tested with BT5. They will give you a VM with all the course files preloaded. If you go with Kali you'll need to load those files yourself from the DVDs you will get. All the lab instructions assume this SANS specific VM with BT5. See here or details: http://www.sans.org/media/security-training/sec401-laptop-installation-guide-v1.pdf. Just today I had a guy in my class with a weird setup that couldn't make the Metasploit lab work in Kali. Unless you dominate this stuff, i would stick to the SANS provided VM.

    With the work study program you get:
    - The live class
    - All books, DVDs, and handouts corresponding to the class
    - MP3 recording of a previous session of the same class
    - OnDemand version, i think it's 3 months access (if available for your course, some courses don't have OnDemand)
    - One attempt at the certification corresponding to your class (if available, not all classes have certs). I think you also get up to 90 days to take it.

    The best thing that you get out of this is something YFZblu mentioned the other day: the back channel access to SANS instructors, coordinators, etc. Getting to know these people and staying in touch with them is absolutely priceless.

    And don't worry about holding the class back. You are going for a course that makes sense for you. I don't think you'll have this problem at all.
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    Cyber,

    Thanks again for all the helpful information you have provided!

    When taking the actual GSEC401 class, do they provide you with all reading materials that will benefit you in taking the test? Or will there be material that I need to purchase outside the class to help further my experience and make taking the test that much easier?

    When I went to BT5, there is no loner a link to download it, rather it reverted back to Kali. If I need BT5 instead, I will download it, but will need a link to download from, preferably a reliable source. I like to make sure Im prepared for classes before the first day when it comes to lab exercises. So if you have a direct link for me based on the GSEC401 class, that would be much appreciated! :D
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    SANS will give you a DVD with BT5. They VM they have has all the script and exercise files added so even if you get a BT5 from the web it will be missing a lot of stuff. It's not available anywhere on their website. On the feedback I provided I touched on the fact that they should make the software available before the event to those who register. My DVD unit broke down and I was stuck copying stuff on someone elses computer to a USB stick.

    The tools they use are exactly the same on Kali and BT, mostly the more popular ones. They are still using BT because it what the course was built on and all the screenshots are based on. I am sure at some point the course authors will move on to Kali. I say don't over think it. If you want go ahead and play with Kali since again, tools are the same. Once you get the DVDs all you have to do it copy that stuff to you laptop and import the VM into VMware Player or Workstation.

    SANS courses are self-contained. Tests are designed based strictly on the course. All you'll need to pass the test is the class. Having said that, it's always smart to strengthen your weak areas with alternate resources. I never took 401 so can't comment on additional resources.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,079Admin Admin
  • 5ekurity5ekurity Posts: 346Member ■■□□□□□□□□
    RootBeard wrote: »
    When taking the actual GSEC401 class, do they provide you with all reading materials that will benefit you in taking the test? Or will there be material that I need to purchase outside the class to help further my experience and make taking the test that much easier?

    I just finished my studies for the GSEC, in which I did the OnDemand training. The class will provide you with everything you need for the exam; I felt very well prepared for the practice exam and sit for the actual exam on Tuesday.
  • docricedocrice Posts: 1,706Member
    Just to be clear on the distinction, there's no "GSEC401" training class - it's actually "SEC401" (Security 401). The GSEC is the GIAC certification which is based on the SANS SEC401 training course. "GSEC" and "401" tend to be referenced interchangeably, but there's a notable difference. SANS and GIAC are different (although related) organizations.

    As for 301, I don't know a single person who has taken it or gotten the corresponding GIAC cert. From a resume and personal marketing point of view, the GISF seems like a rather worthless cert as I've never seen it asked for in job postings. I'd guess that you would have to be extremely green to need to go through 301, otherwise the money is better spent on a used $5 Security+ review guide.

    401, on the other hand, is a very solid course that covers a very broad range while also having some depth. Even with a decade of IT experience at the time, 401 stretched my mental facilities quite a bit when I took it some years back. If I re-took the class again, I'm sure I'd pick up things I missed before.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • DrethylDrethyl Posts: 121Member
    I'm not sure if it's possible to attain with no experience in the technology field yet. But im finishing up my Bachelor's in March for Cyber Security and I'd like to go for a Security Analyst position as my first job out of college. I see a lot of positions open for Sec Analyst in the banking environment. The pay seems to be very good starting at around $70k+.
  • docricedocrice Posts: 1,706Member
    It's typically unlikely since being an analyst requires knowledge of how technical controls and business processes work together (and where a lot of security sacrifices happen and why). For this reason, experience working in the general IT side really helps put things into context.

    This area in the job market has a spotlight on it at the moment so hiring managers might be more willing to take in anyone they deem satisfactorily competent. We'll just have to see.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • DrethylDrethyl Posts: 121Member
    Docrice thanks for the insight. Yes lately i've seen a big influx of job postings on indeed and dice for analyst. Quite a few of them actually state 0-3 years experience. Where as most jobs state a year or two minimum for anything else in the security field.
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    JDMurray wrote: »

    JDMurray-

    Yes, yes I have indeed read through all of these. But I posted this in regards as to a fresh newbie in the Security world insight. I have Favorited these links a couple weeks ago and look at them alot and will review them once again after I take the class. Your insight and knowledge on these forums have been a huge help.

    Thanks for all your work!
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    5ekurity wrote: »
    I just finished my studies for the GSEC, in which I did the OnDemand training. The class will provide you with everything you need for the exam; I felt very well prepared for the practice exam and sit for the actual exam on Tuesday.

    5ekurity,

    Thanks for the input!!
  • RootBeardRootBeard Posts: 11Member ■□□□□□□□□□
    docrice wrote: »
    Just to be clear on the distinction, there's no "GSEC401" training class - it's actually "SEC401" (Security 401). The GSEC is the GIAC certification which is based on the SANS SEC401 training course. "GSEC" and "401" tend to be referenced interchangeably, but there's a notable difference. SANS and GIAC are different (although related) organizations.

    As for 301, I don't know a single person who has taken it or gotten the corresponding GIAC cert. From a resume and personal marketing point of view, the GISF seems like a rather worthless cert as I've never seen it asked for in job postings. I'd guess that you would have to be extremely green to need to go through 301, otherwise the money is better spent on a used $5 Security+ review guide.

    401, on the other hand, is a very solid course that covers a very broad range while also having some depth. Even with a decade of IT experience at the time, 401 stretched my mental facilities quite a bit when I took it some years back. If I re-took the class again, I'm sure I'd pick up things I missed before.

    Docrice,

    My apologies for the incorrect verbiage I posted. Thanks for educating me a bit on that part.

    Thats good to know that this is make some brain matter gush out of the ears as much knowledge as one can get from this class! Ready for the challenge.
Sign In or Register to comment.