Gcti / sans for 578

in GIAC
For anyone who has taken SANS FOR 578, Cyber Threat Intelligence...
How tool centric is FOR 578? I just finished FOR 508 online, on-demand and it felt as if it were 75% tools, 25% or less concepts. There were 4 books (and a lab book --- book 5) for FOR 508. Tools seemed to make up almost all of 2 books, and 1/2 of the other 2 books.
I'm also thinking about taking the Carnegie Mellon SEI online training in threat intelligence because it's cheaper and may be less tool centric.
Are there any FOR 578 alumni who can provide a little feedback?
Thank you.
How tool centric is FOR 578? I just finished FOR 508 online, on-demand and it felt as if it were 75% tools, 25% or less concepts. There were 4 books (and a lab book --- book 5) for FOR 508. Tools seemed to make up almost all of 2 books, and 1/2 of the other 2 books.
I'm also thinking about taking the Carnegie Mellon SEI online training in threat intelligence because it's cheaper and may be less tool centric.
Are there any FOR 578 alumni who can provide a little feedback?
Thank you.
Comments
According to the SANS/GIAC US web site, the GCTI test won't be released until late December 2017. You'll be waiting a few weeks for feedback unless it comes out earlier in other parts of the world. [I'm trying to be less of an ugly American, but sometimes I forget.]
I have a voucher that I need to use before April 2018 and like yourself still waiting for the exams to be released.
I asked SANS about FOR578 and whether it was as tool-centric as FOR508. SANS said it's just a handful of tools in FOR578.
The course needs to mature more I believe as the topic itself is still a new trend. If you took 508 (or any other course that evolve around threat hunting really) then there's a lot of overlap really..
It goes into teaching from strategical level to technical tool based level. (The strategy and context building part was the eye opener really, the rest is everyday business for you if you Ever delt with CTI) ..
I believe the course could be compressed into two days course and it would be great that way! And I'd take it again even!
I'd say if that happens (becomes 2 days or 3) or at least waiting for another year for it to mature a bit then go for it (especially if you planning to integrate CTI as a serious part of your organization.
Best of luck!
Are you planning to sit for the exam ?
They both do, (508 has a chapter, and the whole course is about threat hunting "indirectly" .. i guess it depends what's your definition of Threat hunting
578 obviously covers it but the whole scope of it.. reading APT reports, extracting info, building your own..etc.
If your are taking it to the next level from both Offensive (GPEN) and Defensive (GCIH) i highly recommend you go 508, it will teach you how to catch movement/malicious activities OR avoiding being caught.
508 by far the best course I took!
I sure hope so, i got an email that the material changed from the time i took it.. i don't know how would that affect my chances in the exam
Please let me know what you think of it. All the best!
I finished the exam this morning and passed.
With materials that were thaught in Q3 '16.
I felt I was "missing" things with some of the questions ...
Anyway,
I kind of disagree with you about the coverage of the course material. (although that might be due to my third point and conclusion
If you're looking for material that shows you how to deal with intelligence and how to start of creating your own products in this realm, I sincerely believe that this course does offer you what you need.
If you look at it from the perspective of a semi-tech analyst that is not directly involved in the monitoring, incident handling or other CSOC related functions, but has to provide the context, the relationships with previous or other campaigns, providing the bigger picture in order to prioritize tasks, budget and even areas of interest, then again, I honestly believe this course provides what you need.
I'm currently taking the eLearnSecurity THP as well, and although there are overlaps (it would be weird if there weren't), the eLS is more practical-oriented and is thus more of interest for those involved in the tactical/operational but lacks the background of an incident handler or network analyst. I haven't done the 508, but these two may resemble.
cheerz