SANS 514 and others - Feedback

I'm thinking about taking 514 (including GIAC cert) and was looking for some feedback on what others think of it. I typically take more technical courses (just got 511 GMON cert and have taken 504), but was thinking of going in this direction for my next SANS course in early 2018 to try and round out the SANS training. Also, already have the CISSP. The 512 seemed a bit to introductory based on the description. Any feedback would be appreciated.

Also considering the following if I go technical:
FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
SEC505: Securing Windows and PowerShell Automation
SEC573: Automating Information Security with Python

Find more posts tagged with

Comments

636-555-3226

if you're the primary defender or in charge of the primary defenders in a predominantly based windows environment, SEC505: Securing Windows and PowerShell Automation is worth its weight in gold. probably one of the most useful classes you'll get from SANS from a blue side

TechGuru80

You really didn’t give us much detail about your role if you wanted additional recommendations. CISSP CBK is still the gold standard for managing InfoSec. The MGT517, Managing Security Operations sounds interesting but don’t know your role or future goals.

trueshrewkmc

FOR508 is very tool centric and very Windows centric. I took it as my first SANS class and as prep for FOR578. Learned about some interesting tools, but I learned very little about incident response and threat hunting. I'm a CISSP (self study) too and wish I'd gone straight to FOR578.

There are references in FOR508 to FOR408, but you don't have to take FOR408 first.

TechGuru80

trueshrewkmc wrote: »

FOR508 is very tool centric and very Windows centric. I took it as my first SANS class and as prep for FOR578. Learned about some interesting tools, but I learned very little about incident response and threat hunting. I'm a CISSP (self study) too and wish I'd gone straight to FOR578.

There are references in FOR508 to FOR408, but you don't have to take FOR408 first.

They renamed 408 to 500 now.