Attending GCIH this week

zxbane · August 2016

Hey all,

I will be attending the SANS event in Virginia Beach this week and I will report back to this thread afterwards to provide insight on my experience with the course. I am also currently taking an Incident Response course in my DSU MSIA program so I am hoping this course will help with that as well.

cyberguypr · August 2016

Sweet! I'm wrapping up SEC550 in Chicago today.

NetworkNewb · August 2016

Nice! Best of luck

TechGromit · August 2016

cyberguypr wrote: »

Sweet! I'm wrapping up SEC550 in Chicago today.

Hmm,

No certification available for that. Was it worth taking? I can't say I'm an expert yet in GAIC courses, but so far I noticed a overlap of material. Where concepts covered in one course are covered in other courses. Did you learn anything new? Or was the material something you seen before from several other course you took? Personally, I would never spend that kind of money without a Certification carrot. I guess it's OK for a work study, where there's a promise from SANS they will give you another work study for something you do want to take.

cyberguypr · August 2016

As a defense guy this is absolutely amazing stuff. Lots of new stuff for me as well as the people in the class that I chatted with. Some tools are covered in other courses but with a completely different focus. Full review coming up after my brain can go back to normal. I don't pay for this stuff, my employer does, but there's definite value for those who want to up their security game and take their skill level up a notch.

the_Grinch · August 2016

I have to agree there is overlap and I know my SANS instructor (for GMON) pointed that out. But, as cyberguypr mentioned, the depth you go into on a particular topic is where the courses differ. One might argue that GMON is an incident response or defense course. While the skills and tools could be used for either of them, when it comes to depth, we covered the tools from the perspective of detection. Just like any tool, it can have multiple uses and it's the training/mission that dictates how it is used.

docrice · August 2016

I'd be most interested in a review on 550. A few years ago I took a Black Hat class on this exact thing (taught by John Strand actually) and it was only a 2-day course at the time.

TechGromit · August 2016

docrice wrote: »

I'd be most interested in a review on 550. A few years ago I took a Black Hat class on this exact thing (taught by John Strand actually) and it was only a 2-day course at the time.

I heard John Strand had to leave early, I wanted to meet him, but he gone before I had a chance to. My instructor said he stopped by the class I was taking, "Continuous Monitoring and Network Forensics" but I was focused on class, not who was coming and going in the doors behind me.

I'm a little surprised SANS didn't have a booth in the vendor area, what better place to advertise security training. I think SANS has the right idea, have smaller staining events all over the country different times of the year, instead of one massive training event a year. I'm happy I got to experience blackhat, but I have no desire to go back again.

BillHoo · August 2016

They'll cover a lot of material in a short amount of time.

If they stop to focus on something, or stomp their foot, or rap on the table - highlight it and make it a part of your "Must know" list.

Read all the books front to back. If you have a daytime job, set aside at least 2-3 days to read each book.

zxbane wrote: »

Hey all,

I will be attending the SANS event in Virginia Beach this week and I will report back to this thread afterwards to provide insight on my experience with the course. I am also currently taking an Incident Response course in my DSU MSIA program so I am hoping this course will help with that as well.

Attending GCIH this week

Comments