Not a lot of posts about this here, so throwing in my two cents. Got the materials a few months ago, did ondemand, took the test. Don't have time to write a big thorough write-up, but I'll throw some info out there for people who may be interested in this in the future. I took the class because I'm a technical guy who wants to brush up on some auditing skills. And, yes, I passed.
- Going into the class I expected something along the lines of here's an auditing standard (e.g., NIST SP800 series) and here's how you'd audit an org based on it step by step. I didn't really get that.
- From what I can tell this may be one of SANS' older classes. Can't really say why, just got that feeling
- Not sure who the target audience is. It's a bit too technical for auditors who want to get into technical stuff. It doesn't really have enough "how to audit" for technical people who want to brush up on auditing skills.
- The auditing stuff is pretty 101 level. If you're an experienced auditor, don't expect this to help you brush up on your auditing skills.
- The technical stuff is pretty 101/201 level. If you're experienced with VM administration, Cisco administration, webmastering, Windows administration, or Unix administration, you'll ace each of these individual parts.
- The courseware tries to not get too in-depth with topics but at times gets very in-depth, esp. for people who aren't familiar with some concepts.
- I feel like a lot of the material was trying to teach you basics. For example, a whole lot of the pages in Book 5 (Unix/Linux) are just teaching you the basic Linux commands. Good to know, I guess, but it doesn't really get to why people are taking this class. The counterargument is that people need to know Unix basics in order to do a technical audit of Unix, but at 500-level class I really am not sure we can't assume people coming in are familiar with, say, grep.
- The practice tests were fairly straightforward and not too bad. The actual test was more complex and challenging with a lot of questions covering topics that were flat out NOT in the books (I have fairly comprehensive indexes). If I wasn't already familiar with a lot of the material from work I would have scored a lot closer to the pass/fail mark (70%). I assume the questions are perhaps holdovers from older book versions that had material removed from newer books.
- Overall I enjoyed the class and did fill in some knowledge gaps. I'm curious as to where this class lies with the class SEC566: Implementing and Auditing the Critical Security Controls - In-Depth (GCCC certification). With the Top 20 becoming more and more adopted as a popular baseline, I'm wondering if that class will slowly phase out this one. If you're thinking about this class, I may recommend you at least consider that other class.
Feel free to post or PM with any questions, oh future readers.
