About to pay for SANS FOR572: Advanced Network Forensics and Analysis

UnixGuy

Only few courses available in my city, so I thought that would be the best one for me....

I don't wanna travel...and I'm not being picked for work-study

https://www.sans.org/event/melbourne-2016

UnixGuy

Feel free to share you thoughts, experiences..etc. It's my SANS training...and I figured I need to start getting them so!

the_Grinch

I'm taking 511 right now and it is truly knowledge via firehose. Definitely worth it!

UnixGuy

@Grinch: sounds awesome mate! I thought it's time for me to step it up training wise, and if I wait for my employers it just won't happen. Looking forward to build and expand my packet analysis and forensic knowledge! I think I'll prepare with some wiresharsk kangfu in the next couple of months

UnixGuy

So I'm not quite sure I have the best technical background to tackle this course, but I have time to prepare.

What books do you recommend I do before taking this course? There is couple of months and I can do some reading/practice.

bsjj27

good luck

cgrimaldo

UnixGuy, did you ever pull the trigger on the purchase? I just passed the GCIA and this is next on my list. I'm interested to hear your gameplan on tackling this.

UnixGuy

cgrimaldo wrote: »

UnixGuy, did you ever pull the trigger on the purchase? I just passed the GCIA and this is next on my list. I'm interested to hear your gameplan on tackling this.

No I didnt

jamesleecoleman

I'm soo tempted to pay for my own SANS training and certification. I really would like to work in InfoSec.

the_Grinch

I just want to put it out there that SANS training isn't required to work in InfoSec. Does it help? Sure, but I got into InfoSec without any SANS training. Part of it is time and place, but the other side is a solid foundation that you can then turn around and articulate how to secure it. With your current certification list and some experience I don't doubt you could land an InfoSec position.

billDFW

of all the courses, which ones are the ones to get ? Self-funded and limited budget.

TranceSoulBrother

Based on your previous posts, quite a few for you before stepping into the SANS arena. I would advise the basic COMPTIA triad, then build up to CASP and at least study/pass CISSP (even if you don't have the required 5 years of INFOSEC experience, at least you would have the knowledge and the designation of Associate of ISC2). Later, with more experience under your belt, tackle the SANS course. $6000 / course is nothing to sneeze at if you will not benefit and comfortably pass the test.
I'm waiting a little more myself before pulling the trigger.

Danielm7

the_Grinch wrote: »

I just want to put it out there that SANS training isn't required to work in InfoSec. Does it help? Sure, but I got into InfoSec without any SANS training. Part of it is time and place, but the other side is a solid foundation that you can then turn around and articulate how to secure it. With your current certification list and some experience I don't doubt you could land an InfoSec position.

++ This is spot on.

JoJoCal19

Agree with TranceSoulBrother, get some experience and other certs under your belt before considering self-paying for SANS training. I'm now at a point where I will self pay some of the more advanced SANS courses. I'm looking to take the GPEN via Work Study or by challenging the exam but after that, I will probably just self-pay for GXPN, GWAPT and GREM.

TechGromit

jamesleecoleman wrote: »

I'm soo tempted to pay for my own SANS training and certification. I really would like to work in InfoSec.

If you paying for SANS on your own dime, I would at least try to get a work study. There have been people that never attended training and were picked. Just don't be picky about location and select a lot of courses.

jamesleecoleman

the_Grinch wrote: »

I just want to put it out there that SANS training isn't required to work in InfoSec. Does it help? Sure, but I got into InfoSec without any SANS training. Part of it is time and place, but the other side is a solid foundation that you can then turn around and articulate how to secure it. With your current certification list and some experience I don't doubt you could land an InfoSec position.

Thank you for the input. I'm looking for a solid foundation for InfoSec for sure but it's just that there are so many roads to get there. It's tough trying to get the experience and I'm totally working on learning new things which can help put me in the spot that I need to be in. I keep trying to ask people at work, who deal with security related things for tasks so I can learn but no one has anything. I'm gonna talk to someone in the security department soon to see if there will be any hands on technical stuff later. Right now it's just risk management and policies for the most part.

UnixGuy

@James: since you already registered for eLearnSecurity eCPPT ...if you study for that and finish you WILL learn a lot about InfoSec (not just pentesting), your networking background will improve and system knowledge as well. Keep doing what you're doing, knowledge will build up sooner than you think.

jamesleecoleman

Thanks UnixGuy. I keep telling myself to keep doing what I'm doing. eCPPT is way over my head at times. Gotta spend time on youtube for help.

UnixGuy

jamesleecoleman wrote: »

..eCPPT is way over my head at times....

and this is the best and fastest way to learn and grow.

LionelTeo

Reconnaissance and study your target. In this case its the SANS GNFA certification. Johnathan Ham is one of the instructor for this course and is an author of the book regarding network forensics. https://www.amazon.com/Network-Forensics-Tracking-Hackers-Cyberspace/dp/0132564718
Check the content page of the books and the SANS course, there is quite a good amount of similarties

idirum

I am new to this forum, and I absolutely agree with this post. The best and closest book you can find to GNFA. I am currently taking GNFA as well, I was blessed to work with a company that paid for my course. My day-to-day job is basically wearing couple of hats in the security world, from malware analysis, endpoint analysis to network forensics. My materials hasn't arrived yet, I've been going through the onDemand, since 07/08 (the day I got my access) and already knocked half of 572.1 . What I can tell you so far is that, it's going great, loving it and plethora of knowledge to be gained with all the information. Most of the things I have encountered thus far is something I already know, but you would stumble upon information that you never thought or knew from time to time, especially true for tools you might/might not know.

My goal is to tackle GCFA, GREM and GCIH.

idirum

idirum wrote: »

I am new to this forum, and I absolutely agree with this post. The best and closest book you can find to GNFA.

I was referring to LionelTeo's post regarding "Network Forensics Tracking Hackers Through Cyberspace". Sorry, wasn't able to edit my posted reply above.

secmonster

Thought this was a great course, real eye opener.

christians1

Did you ever complete the for572?

UnixGuy

I didn't pay nor take course.

justSomeGuy

Has anyone actually taken the 572 exam? I'm curious as to how much overlap with 503 there is in the course material.