SANS 566 - GCCC - worth doing if security auditor?

scasc

Dear all,

Wanted to find out if 566 - GCCC - is worth obtaining? I have AUD 507 and my work revolves around risk/audits/controls/vulnerabilities etc so wanted to gather opinions on 566 to determine viability.

Please let me know.

Best wishes

temuchin

I just passed GCCC yesterday. Taking AUD507 starting Monday. If i had to pay for it it wouldn't be worth it to me. It's a good course for managers.

scasc

Thanks for the response, was it hands on? Looking to incorporate in my work and measure compliance to it. Also looking to produce metrics. With my background it seems like only Sans course suitable - risk/compliance/audit/controls etc

scasc

If anyone has either done this or knows about it please do let me know as I have the option of going for this with my company soon. Want to know if its hands on assessing controls and/or worthwhile doing in deducing your cyber posture from a SANS perspective.

Thanks in advance..

mactex

I have done SEC566 and have the GCCC. I would say the class is worthwhile ONLY if your organisation is actually planning on implementing the CSC using their model. If not; I would look at a different SANS class. Also; be aware that most of the CSC info is available for free at the CIS website.

scasc

Thanks for letting me know - issue is I don't see anything that is based around risk/auditing/controls etc. Have GSNA, thought I could add to this.

joeimp

I've taken ~10 SANS courses. Personally I felt that GCCC was the most relevant coursework with regards to how I do my job. What I mean is, definitive actions you have to take to do your job right as a security pro.

I would think that this is a good course to take in conjunction with the AUD course. You get a picture of what controls are supposed to be in place, and how to audit their efficacy.

scasc

Many thanks for sharing your experiences and responding. Was the 566 a hands on course to do?

Best regards