If you could pick a SANS course to take which one would you pick?

dizzy_kitty

It's been a quiet day at work so I've been listening to the CSA+ videos on Udemy and taking notes in between working on different tasks. My boss has been really supportive of my eagerness to develop my security skills. Today she stopped by and handed me a SANS Pen Test 2018 pamphlet and mentioned I may be interested in their training. I am incredibly, absolutely over the moon at her suggestion. I'm going to take a good look at what courses are available and what aligns to my goals but I'm curious...

If your company paid for a SANS 4-6 day course which one would you take? Why? Would you recommend a different organization to take a similar course with? I'm familiar with SANS reputation. I just have a lot of questions swirling around in my mind right now.

NetworkNewb

SEC555 or SEC511 as I think they would help me in my current position and could give me ideas where my company has areas to improve on.

But SEC503 and SEC505 looks interesting to me as personal choices as they would be more technical and think they would be more fun.

EANx

I'd suspect the answer will entirely depend on the experience of the answeree. Personally, I'd skip some of the easier courses (401, etc.) and get that info from other sources if you needed, and take something a little more advanced. My preference would be 560.

JoJoCal19

SEC504 would be a great all around course. Then SEC560 would be next.

UnixGuy

a bit more on the advanced side, but I strongly recommend SANS FOR 508

you will learn a lot about incident response, memory forensics, etc...stuff that are hard to learn elsewhere

I took three SANS courses before, and this stands out the most to me. For pentesting there are other training options other than SANS that have better money/value....GCIH is a bit too basic and you can read a book that has most of the topics...

What are your career goals?

gespenstern

FOR610 for a second time. In-depth if possible. Not really interested in any other offerings.

cyberguypr

OP, you need to decide where you are at, where you want to go, and how the company will benefit from your training. It really doesn't matter what we would do because we are not exactly where you are. If you want to start by telling us more about your current role and what interests you we can provide some recommendations.

E Double U

I would take whichever course is relevant to my job or whatever my manager strongly suggests.

When I was introduced to SANS I wanted to take SEC401, but the CISO strongly recommended SEC504 so I went in that direction. In my current role I decided to take SEC503 because we took over the NIDS plus I was interested in packet analysis after a few incidents. Now I'm leaning towards SEC560 after a redteam exercise we had earlier in the year.

SANS has so many offerings that I find interesting, but I do not have the time or money to take them all so I just focus on what's relevant to me at the moment.

Blucodex

I've been recommended 511 for my current role of SOC Analyst.

dizzy_kitty

cyberguypr wrote: »

OP, you need to decide where you are at, where you want to go, and how the company will benefit from your training. It really doesn't matter what we would do because we are not exactly where you are. If you want to start by telling us more about your current role and what interests you we can provide some recommendations.

I wasn't exactly looking for advice. This post was just out of mere curiosity and it was great to read what other users experienced or liked/disliked. I'm still going through the list of courses and thinking of which one I want to take.

Elegyx

I would break it down by what you actually want to do in the security field. There's certs for the offensive side (pen testing) or there's certs for the defensive side of the house. You can take every cert in the world but if you don't have a specific goal in mind, career wise, then it's a moot point.

Info_Sec_Wannabe

SEC560 for me as I've always wanted to do pen testing.

BlackBeret

SEC617 or SEC660 for me. 660 is where I'm at work wise, and having a single course to consolidate everything, refresh, and add some new techniques (ROP, DEP/ASLR bypass) would be nice.
617 has no comparable wireless course offered anywhere else that I can find, and as I move more in to IoT, ICS, and less common protocols, the more I find in the wireless spectrum. Being able to quickly identify what's producing what is nice. Being able to work with that data more effectively would be a time saver. WiFi isn't an issue. BT aggravates me which means I need to learn more. For other protocols I can break out the hackRF and fumble through capturing data and replaying it, maybe modifying things, but I want to learn more.

SteveLavoie

I would do them all, I love to be in training.... I have some change in my life coming soon in 2018, with that change, I expect to be able to afford 1 SANS course/year.