Which SANS course to take?

TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
We are getting ready for training and my manager has asked me to come up with my training requirements. I told him I already have certifications and currently working towards the eJPT. So i mentioned that I've never taken a SANS course and that i'd like to take a SANS course.

Looks like the below courses will be available in my area in 3 months. Based on my current certs and the fact that I'm working on eJPT which of the below will be a good one to take? Which one will complement what I currently have ? Or do you think I should go for the 301 or 401 course to start? Right now I'm working on infosec and compliance and will be working on our SIEM soon. I'm also involved in vulnerability remediation efforts. So on which one should i try my luck and see if it gets approved?

New FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques GREM

SEC301: Intro to Information Security GISF

SEC401: Security Essentials Bootcamp Style GSEC

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling GCIH

SEC560: Network Penetration Testing and Ethical Hacking GPEN

FOR408: Windows Forensic Analysis GCFE


  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    I'd rule out 301 (too basic) and 408 (doesn't align as well as the others with your duties). I've never taken a SANS training but here are my thoughts:

    401 if you want to reinforce CISSP materials and expand a little bit into some other areas
    504: if you want to learn more about incident response and SIEM
    560: If you want to dig deeper into pentesting
    Certs: CISSP, CISA, PMP
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    It all depends on what you'd like to do. The fact that you're working on the eJPT makes me think you're interested in pentesting so I'd suggest taking the GPEN. But since you're involved in the vulnerability remediation and SIEM I'd go with the GCIH.
  • KasorKasor Member Posts: 933 ■■■■□□□□□□
    If you never take any security or SANS type of training, then 301 do help. Especially to management that don't have IT/SEC background.
    Kill All Suffer T "o" ReBorn
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Depends on your experience & what you need to learn to best suit your job. 301 is EXTREMELY basic, like for a 20 year old with barely any IT experience looking to break into security. I'd honestly recommend security+ instead of 301 since it's a heck of a lot cheaper. 401 is OK but still pretty basic. if you're new to infosec that's a good start. 504 is a good follow-up to 401 or a replacement if you already know the basics of what 401 covers. 560 is even more technical than 504 but focuses only on an intro to pentesting, including a lot of methodology (not necessarily hands-on hacking). 408 is good but not as much direct work benefit as the others. we have a wipe and forget policy at my work, so forensics are nice, but they aren't going to tell us anything we don't already know - the box is hosed and we need to reimage it. plus, sometimes the less you know what they got the better ... icon_silent.gif
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Take the hard(er) ones.

    I'd say GCFE, GPEN, or GCIH. (in that order...but depends on your goals). I'd personally even rule our GPEN because you can just take eLearnSecurity eCPPT....I might even rule out GCIH, so maybe do the GCFE / GREM, but they're extremely technical and you do compliance so are you sure you want to add technical skills? GREM is very deep.

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 

  • HornswogglerHornswoggler Member Posts: 63 ■■□□□□□□□□
    New member but long time lurker. First off, GREAT choice in SANS training! If your employer covers it, SANS is the BEST!

    Since you have your CISSP, go straight for the 500-series courses. Anything less would probably feel too basic. I took SEC504/GCIH last year and SEC560/GPEN this spring and both were excellent courses and feed right into each other. Looking at the SANS roadmap, GCIH is the 500-level starting point for their technical tracks. Try to attend an event where John Strand is teaching.. you won't be disappointed!

    SANS training roadmap:
    2018: Linux+, eWPT/GWAPT
Sign In or Register to comment.