GIAC Python Coder (GPYC)

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
I just saw this today and it's new. Just putting it out there.

Certification
https://www.giac.org/certification/python-coder-gpyc

Training
https://www.sans.org/course/python-for-pen-testers#results
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Security Weekly interviewed the author of the course. Sounds pretty good:

    Episode326 - Paul's Security Weekly
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Pay 5 grand for a 5 day course for someone to teach Python?? And the first 2 days are just going over the basics? PASS

    And a Python cert? I can't see me ever going for that. If I do something interesting with Python I will put in my resume, like I just used it recently in an app I created that is going to save my team a ton of time.

    Assuming they will make money off it and some companies will pay for it, which is all that matters icon_cool.gif
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I actually think at some point you will see a return on the investment, especially if you don't have a coding background via a degree. I know most security related job postings I am seeing ask for Python and a buddy of mine who does some consulting is desperate for a Python Developer. If I had the money I would do it, but sadly I do not and work will definitely not pay for it (I've tried). SecurityTube has a course so that is a lower cost option if you want to. I know since I have a six week break from school I am going to delve deep into Python since it will help with my current position and with some side work.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Yea, I just think it would be hard to retain that much programming information for someone new to programming in that short amount of time. And if you already know Python, it looks like only 2 of the 5 days are actually spent on learning advanced topics?

    That said, if company wanted me to learn more and was willing to pay for it, I definitely wouldn't turn it down!
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    This class is basically for lazy people like me who just wouldn't want to pick up python, somehow I need to sit down and learn through this one to actually pick up something. But then again, a python certification may just be taking it too far. After all its a language that had plenty of documentations online and possible to pick up by self study.

    The course contents seems similar to https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

    Guess I will stay by the book
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Lionel, actually if you look at the SANS course page for it, one of the materials you receive is the Violent Python book.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    Heads up on the some of the new SANS courses. If you don't have a strong python background, and you rely on the practice exams to gauge how well you are going to do on the exam, you will fail the real deal. Having a strong background, plus a good index will help. Note that the practice exams for the newer SANS courses (like GPYC) are not available to purchase separately, and are only available when you purchase the exam attempt.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Pay 5 grand for a 5 day course for someone to teach Python?? And the first 2 days are just going over the basics? PASS

    I concur, SANS is getting carried away, what's next SANS Open Heart Surgery certification? In 6, 10 hour days, SANS will teach the basics of performing heart surgery, two days are spent on surgery basics, two days on basic heart surgery, one day on advanced heart surgery techniques, and on the final day you'll work with a team of fellow students and try to perform a triple bypass on uninsured volunteers. (Please note medical malpractice insurance not included with course fee). Get your SANS GOHS Certification today (GAIC Open Heart Surgeon) and make up to 500k a year!
    Still searching for the corner in a round room.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    TechGromit wrote: »
    I concur, SANS is getting carried away, what's next SANS Open Heart Surgery certification? In 6, 10 hour days, SANS will teach the basics of performing heart surgery

    As someone who has earned GIAC certification, you know as well as anyone that simply attending the class is not the extent of SANS training. Months of hard work can go into reviewing SANS material after the course is over. The SANS course itself is just a nice jump start.

    I don't have a problem with the certification. Often times the corporations investing in SANS training for their employees want to see a certification path associated with the coursework. It helps with the politics of continuing to receive training budget if there is a tangible accomplishment associated with training.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    YFZblu wrote: »
    I don't have a problem with the certification. Often times the corporations investing in SANS training for their employees want to see a certification path associated with the coursework. It helps with the politics of continuing to receive training budget if there is a tangible accomplishment associated with training.

    I dunno about that. I facilitated SEC401 at SANS 2015 Orlando and Dr. Cole asked the class (of 88 students) who all was signed up for or planning on attempting the GSEC and I think like 15 people including me and the other facilitator raised our hands. I was honestly shocked as I thought most people would take the class to get the cert but it seems like employers only cared about the training and not the credential.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    YFZblu wrote: »
    As someone who has earned GIAC certification, you know as well as anyone that simply attending the class is not the extent of SANS training.

    I think you missed the point of my sarcasm. While I do agree that SANS training is some best in the security industry, even with all the post training studying, like SANS could possible teach a specialty that takes years of education and training to master in a six day course.
    JoJoCal19 wrote: »
    I dunno about that. I facilitated SEC401 at SANS 2015 Orlando and Dr. Cole asked the class (of 88 students) who all was signed up for or planning on attempting the GSEC and I think like 15 people including me and the other facilitator raised our hands. I was honestly shocked as I thought most people would take the class to get the cert but it seems like employers only cared about the training and not the credential.

    Unfortunately this is all too common, my co-worker took three SANS courses before I started in my position, SANS 401, 501 and 504, in addition people in the same position at twelve other sites, also took three course each. Out of 39 SANS courses they took, not one person obtained a certification. So the company spent 200k and not one certification was yielded from there investment. When I started, they made it mandatory that everyone had to hold at least one certification by the end of 2017, out of 26 people that took training last year, only two people obtained certifications so far (I was one of them). one that attempted the exam failed and another paid for the exam, but after failing the 1st practice test, never attempted the exam (it expired).
    Still searching for the corner in a round room.
  • clintoniaclintonia Member Posts: 41 ■■□□□□□□□□
    TechGromit wrote: »
    I think you missed the point of my sarcasm. While I do agree that SANS training is some best in the security industry, even with all the post training studying, like SANS could possible teach a specialty that takes years of education and training to master in a six day course.

    I think you may be reading more into what the class is offering. The class never promised to produce professionals who can code an entire app in Python. I pulled this right from the description on the page:
    Certified individuals can create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

    I don't think that would be too hard to teach in 5-6 days
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    TechGromit wrote: »
    I think you missed the point of my sarcasm.

    The sarcasm wasn't lost on me at all.
    TechGromit wrote: »
    While I do agree that SANS training is some best in the security industry, even with all the post training studying, like SANS could possible teach a specialty that takes years of education and training to master in a six day course.

    This makes no sense. SANS offers many bootcamp-style courses which involve advanced topics, which, on their own, could take years to master. Examples of this are the crash course on x86 assembly (FOR610), advanced memory forensics (FOR526), and most of the topics involved in their lone 700-level class related to Microsoft Windows exploitation development.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    Not that its actually used any more but does anyone remember what SANS used to stand for?

    Systems Administration Networking and Security. In many ways it seems that SANS is going back to their roots in not strictly being a security organization.

    As far as Python goes. Really? You need a class to teach yourself Python? (*Poe's Law alert!*) This is why I have a home lab/network and numerous physical devices at home to train, test and learn. I take it some people only use computers at work and thus hobbled by the lack of training assets in which to learn. A $40.00 book or close to 6,000 for someone to read a book to me. (*End Poe's Law Warning*)

    Searching Amazon yields:
    [h=2]1-16 of 75,372 results for "Python"[/h]You can go far with self-study. icon_thumright.gif
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I definitely endorse self-studying, but sometimes it is nice to have a structured environment from which to launch new learning. In my language studies I've often hit walls where waiting on a question to be answered via a forum or email lead to me moving on. So to have the chance to get, at least the common pitfalls/questions answered upfront, is really advantageous. Python is definitely a very easy language to learn and thus a five or six day introductory course will give you some considerable programming chops. Will it make you a programming guru? No. Will it get you off on the right foot and allow you to further your studies on your own? Most definitely. On the other side, passing a certification lets employers know you have some knowledge and to ascertain to what extent that knowledge goes.

    Not too long ago someone posted about the SecurityTube Python Scripting Expert. A little known certification, but that poster put in the effort and achieved the certification. After they got an interview and got a job in Python programming. Could the poster have gotten this position through self-study? Maybe, but they greatly increased the odds because now an employer is saying "well this cert looks interesting" and probably looked it up finding the person might fit the bill for what they are looking for.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • temuchintemuchin Member Posts: 21 ■□□□□□□□□□
    As someone who has the GPYC cert, this course is not worth the ~5k price tag.

    First few days is general python stuff. Last few days is pentesting specific. Building your own tools using python. You can play the pyWars game throughout the whole class to keep yourself occupied during periods of talks about different data types.

    Took the exam 1 week after the course and passed 89%. I wouldn't tell anybody I'm a python coder. However that's not the intent of the course. I am able to read and understand python scripts and make my own pentesting tools.
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    Here is a general python course for less than 400 bucks https://www.coursera.org/specializations/python
    add the violent python book for 15 bucks and you can take the savings on the SANS course to go on vacation.
    “I do not seek answers, but rather to understand the question.”
  • temuchintemuchin Member Posts: 21 ■□□□□□□□□□
    alias454 wrote: »
    Here is a general python course for less than 400 bucks https://www.coursera.org/specializations/python
    add the violent python book for 15 bucks and you can take the savings on the SANS course to go on vacation.

    That's free and it's a good course.
    https://developers.google.com/edu/python/

    I lied. I watched ^ those videos before taking the GPYC course. I just remembered.
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    Free is good but I think you end up with a certificate for taking the coursera course, if that is what someone is looking for.
    “I do not seek answers, but rather to understand the question.”
  • IvDoggIvDogg Member Posts: 8 ■□□□□□□□□□
    Hi All,

    Don't post on here much, but I took the course (SANS 573) this year and am going to take the cert in 2 weeks, only see 2 posts from people who've taken the course or cert, so my $0.02...

    It's a really good course, I've become a full-blown SANS course lover. I have a programming background, but I never really wrote programs for the purpose of pen-testing before. I was used to writing apps to query DBs for business applications. So I think it met the intent of teaching Python for Pen-testing. And Yes, day 1 & 2 is pretty basic for those who do have prior programming experience. One last good thing on the course, the labs in the course-ware are pretty good for those who are new to programming, and some are OK for those more advanced. I do like how all the labs help with pseudo code or comments in place of where something should go. I'm sure it would seem pretty lazy and turn people off if the labs just gave a one-liner to just figure something out. The course (like most SANS courses) also comes with a pre-configured VM with all the lab files, which makes it very convenient to practice everything in the class later on your own.

    If you have any specific questions, feel free to ask.

    For those who have never attended a SANS course, there's a lot to be gained from being there, the extra stuff that's not a part of the course itself, whether is the extra stuff in the evening (depending on the instructor) or the breakouts that may happen during the break (again, depending).

    Of course the price is terribly high for all SANS courses, but I don't really think SANS markets to those who are scraping up some cash to attend these courses/get the certs. Of the SANS courses I've taken there's only a few that come to mind that I'd consider paying out of pocket for (GCIA and GREM?). Seems like most people that pay the $6k for SANS training+certs are there on their employers' dime.

    -Ivan
Sign In or Register to comment.