Which SANs course to take?

wolf9081wolf9081 Member Posts: 61 ■■■□□□□□□□
I am currently enrolled in the SANs Cyber Immersion Academy and have the opportunity to take an elective course. I still do not know the route I want to take in the security realm so any advice would be helpful.

I already have GSEC (SEC401) and am currently taking SEC504 (GCIH).

My options are for the following courses:
1. FOR408
https://www.sans.org/course/windows-forensic-analysis
2. SEC501
https://www.sans.org/course/advanced-security-essentials-enterprise-defender
3. SEC503
https://www.sans.org/course/intrusion-detection-in-depth
4. SEC542
https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
5. SEC560
https://www.sans.org/course/network-penetration-testing-ethical-hacking

I am currently leaning towards SEC501, as it is more general and covers most of the areas of security or SEC 560 as I am interested in the Blue Team and possible Pen Tester roles.

Thank you in advance for your recommendations.

Comments

  • rampa1rampa1 Registered Users Posts: 1 ■□□□□□□□□□
    I currently hold GSEC, GCIA, GCED, GCFA. So I guess I have some context to answer this question.

    I would strongly advise against taking 501, though it appears to be holistic and gives you the "enterprise defender" title. It hardly adds any value over 401 and lacks in both context and depth. 503 would be a good follow up because packet analysis is a core skill. Also, I have heard great reviews about 560 as well. Let me know if you need more info.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    I would agree with rampa, where I work we have guys moving in to security that go to either 401 or 501 depending on their IT background, but never both due to their similarities. I'm currently taking 503 and I can say that it's a great course and very in-depth. IF you are going to be looking at traffic, working with IDS/IPS, etc. I would highly recommend it. If you're not going that in-depth and want to get a start in pentesting then go for SEC542.

    I haven't taken 504 but I did take 560. The guy next to me is currently taking 504 on-demand and it looks to me to be 560 light. I would be hesitant to take both when you can easily advance what you learned in 504 on your own. It covers a lot of the same basic concepts and tools, just from a different perspective. 542 however is much different and web applications are an entire area of study that would be worth spending the money to pursue, web apps are also supplemental to any pentest in addition to being its own field.

    If you have questions about 560 or 503 feel free to ask.
  • calliclescallicles Member Posts: 13 ■□□□□□□□□□
    I would agree with rampa and BlackBeret - 501 is a waste of time and SANS course; especially, with GSEC under your belt. I currently hold GCIA, GCIH, GWAPT. Depending on your career objectives and demands of your business (if any), should help dictate what you take next. If you are interested in learning packet level (deep level) analysis skills GCIA is best. Be warn, in my opinion, it is one the hardest SANS exams. GWAPT is good if you do pentesting or application security. For an introduction into pentesting I have heard GPEN is better. Good luck!
    Passed: GCIA, GWAPT, GCIH Goals: GCFE, GCFA
  • wolf9081wolf9081 Member Posts: 61 ■■■□□□□□□□
    Thanks for the recommendations. I think I am going to take GPEN SEC 560 as the follow up to GCIH.
  • mataimatai Member Posts: 232 ■■■□□□□□□□
    Are you taking SEC504 in Seattle right now? If so, I'm in your class.
    Current: CISM, CISA, CISSP, SSCP, GCIH, GCWN, C|EH, VCP5-DCV, VCP5-DT, CCNA Sec, CCNA R&S, CCENT, NPP, CASP, CSA+, Security+, Linux+, Network+, Project+, A+, ITIL v3 F, MCSA Server 2012 (70-410, 70-411, 74-409), 98-349, 98-361, 1D0-610, 1D0-541, 1D0-520
    In Progress: ​Not sure...
  • wolf9081wolf9081 Member Posts: 61 ■■■□□□□□□□
    No, I am taking SEC504 On Demand.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I've taken every one of those courses except 501, and based on my impression of it being relatively shallow, I'd say skip ahead and go to the other 500-series instead. To effective as a blue-teamer, you need to have an idea of offensive tactics and mindset. 542 and 560 will help instill an idea what's possible out there, although there's much more beyond that in real life.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.