Whats is the real value provided by SANS?

Hi Everyone,
I had in the past OSCP, CEH and CHFI training, all of them with a price range between 1000 $ to 2000 $...
I think there are no trainings on the market give us an "expertise" just at the end of it, expertise comes with experience and practice.
In my opinion a very good training must teach the underlying concepts, only on top of it I can build my knowledge and my expertise.
So my question is: why a SANS training is almost 4k $ more expensive than others? Which is the reason behind it, what concepts do they provide than other don't do?
Thanks
G.

Find more posts tagged with

Comments

shochan

yeah, I have always wondered the same thing. It's like the Rolex version of certs.

NetworkNewb

The fact you get a chance to work directly with leaders in the industry as they help you learn and go through hands on labs is a pretty big plus. Just one of the reasons their live classes are much better than the "on-demand" option.

Not that their "on-demand" courses aren't good... but they are pretty expensive for video courses. Probably why I won't ever take one. Unless my employer is down for paying for it of course.

supasecuritybro

These are my two cents..

Being part of the work study program (discounted to $1100 is selected), I see where the value is. They do provide you access to people who are not only wrote the material, but live this stuff out with MANY years under their belt. The instructors are active in their respective fields and are an open book. Imagine having a mentor for a week. A lot of people do not take advantage of that part bc they do not want to seem like a groupie or that they do not want others to think they do not have it all figured out.

The 6K price tag is extremely high in my opinion, I think 5k is the highest it should have gotten, but that is bc they are trying to have my companies pay for it and also to reduce class size. They use to have a handful of events in the past now they are running like three at a time about three times a month. The demand is high.

Also what you do with the information makes all the difference with their courses. You can get by learning the book and having a good index (may not score really high) but you have to put in work to really learn it and prove that when you show up for the interviews.

SteveLavoie

The On-Demand is ridiculously expensive. They are the same price than the in-person training. Sure, I am saving on expense (hotel, meal, flight) if I am taking On-Demand, but you miss so much of the interaction with peers and trainer and that's where the value of SANS is.

garbo77

NetworkNewb wrote: »

The fact you get a chance to work directly with leaders in the industry as they help you learn and go through hands on labs is a pretty big plus. Just one of the reasons their live classes are much better than the "on-demand" option.

Not that their "on-demand" courses aren't good... but they are pretty expensive for video courses. Probably why I won't ever take one. Unless my employer is down for paying for it of course.

so basically the 4k dollars more is because they support you on labs (and actually it is a big value) but only with live training.
In terms of teaching underlying concepts it's not different from others.
Thanks
G.

NetworkNewb

Right, but its not just support... You get to interact and talk with other fellow peers at other organizations who are the same area as you. You get extra sessions at each night during the week from the instructors that go over other topics. Some courses have an end of the week competition between everyone. Definitely will get more out of the live training.

garbo77

NetworkNewb wrote: »

Right, but its not just support... You get to interact and talk with other fellow peers at other organizations who are the same area as you. You get extra sessions at each night during the week from the instructors that go over other topics. Some courses have an end of the week competition between everyone. Definitely will get more out of the live training.

I want to give definitely high value to the interactions with instructors, as any other live course compared to online.
Considering the cost of training, plus hotel, dinner, flights I don't think it's something for "private" person.
If I have to pay the same price for on-demand I will go for the all-access pass in eLearnSecurity.
G.

iBrokeIT

Their target market is F500 employers and the DoD, not individuals paying out of pocket. Keep that in mind, plenty of other vendors to fill the later.

Their primary training model is live instruction at regional conferences and they price their OnDemand bundle comparatively to support that model. Look how much it costs to take PwK live at BlackHat with OffSec, same ballpark as SANS training. Comparing CBT training to live training that get updated regularly is apples to oranges IMO.

NetworkNewb

garbo77 wrote: »

I don't think it's something for "private" person.

Definitely not

gespenstern

Agree, they are way overpriced. I'd give them a pass with their course prices if challenging the exam wasn't too high as well.

Another thing I don't like is their exams are open book. Kind of casts some doubt on how good the test checks candidate's skills.

But when the company pays and the course is interesting and there are no alternatives (like with GREM) -- I take it.

beads

I just view the courses as being part of their Master's program not standalone certs. Its in the end product (a Master's) that has value. The individual certs, not so much as few organizations really understand them as valuable.

Yes, I hold or have several retired SANS certifications stacked up in a rather heavy pile.

- b/eads

quogue66

I just wrote up some thoughts/notes for my management team regarding the value of SANS training over other training. I think the value of SANS training can be seen with their instructors, the material and the certifications. The instructors are all experts in their field that teach from real world experiences. They are not teaching out of a book. They are able answer any questions you may have and can give examples of how/when you would encounter a similar situation. The content is well laid out. They often provide you with a VM they built (SIFT) or one that is widely used in the field (REMnux). The certification requires you to read over and understand all the material from the class. I personally read all the books and do all the labs 3 times. I imagine most people do something similar. I prefer my team to go through this type of training/certification because I feel there is a better chance of retention. Unfortunately, as much as I value SANS training we may have to go another route because the prices are just too high. I even reached out to SANS to inquire about onsite training. I was surprised to find out if I host a SANS training event at my organization and all the students are employees from my company I do not save any money. They actually charge me 15% more. They said this is because they have a limited number of instructors and I would be taking one away from a big conference. If I had at least one person from another company I would not be charged the extra 15% and one of my employee's could attend the course at the facilitator rate.

636-555-3226

This is capitalism at work! SANS can charge whatever it wants. Sure there are a few certs out there similar to GSEC, GPEN, GWAPT, but the vast majority of SANS certs have literally zero competition in the training industry (by brand-name companies, at least). When you're literally the only company that trains people to do what they specifically need to do their job, and the consequences for a company of NOT having trained people who know what they need to get their job done is so catastrophic nowadays, you can charge whatever you want to. Considering they regularly have 100+ people attend sessions for their biggest certs (GCIH, GISSP, GSEC, etc) (do the $$$ profit math on those some day, btw), many people obviously feel the same way.

OnDemand is actually a good choice to keep costs down. All-in including flight, hotel, rental car, food, parking, etc for a lot of their venues, you can get really close to the $10k mark for just one security class. Yet they sell out all the time!

cyberguypr

quogue66 wrote: »

...The instructors are all experts in their field that teach from real world experiences. They are not teaching out of a book. They are able answer any questions you may have and can give examples of how/when you would encounter a similar situation...

Let me speak to this since i drink the SANS Kool-aid, although through Work Study only. I've been through too much training throughout my 20 years in IT where the instructor recites off the official book and can't answer anything ouside of that. As recent as a couple of weeks ago I went through a fairly expensive (almost SANS levle) official Cisco class where the instructor could not answer at least 80% of the questions that the group brought up. That is just plain demoralizing. It felt like 100% wsated time. This stuff would NEVER happen with SANS.

Also, I fail to see why On-Demand is virtually the same price as the live class. At this point you are commoditizing the course so logic tells you price should be lower. Oh well. When I requested a quote I was also surprised to know that the on-site option had the 15% premium added and it required a minimum of 25 students. One on-site class basically becomes a $165k expense.

Lesson learned: SANS has a money printing press and it's Adam Smith's invisible hand at its finest. Seems to be working great for them so zero need to change anything.

JDMurray

cyberguypr wrote: »

Also, I fail to see why On-Demand is virtually the same price as the live class. At this point you are commoditizing the course so logic tells you price should be lower.

There is no reason to offer on-demand training more inexpensively until sufficient numbers of attendees are no longer willing to attend the live training.

shochan

cyberguypr wrote: »

Let me speak to this since i drink the SANS Kool-aid, although through Work Study only. I've been through too much training throughout my 20 years in IT where the instructor recites off the official book and can't answer anything ouside of that. As recent as a couple of weeks ago I went through a fairly expensive (almost SANS levle) official Cisco class where the instructor could not answer at least 80% of the questions that the group brought up. That is just plain demoralizing. It felt like 100% wsated time. This stuff would NEVER happen with SANS.

Also, I fail to see why On-Demand is virtually the same price as the live class. At this point you are commoditizing the course so logic tells you price should be lower. Oh well. When I requested a quote I was also surprised to know that the on-site option had the 15% premium added and it required a minimum of 25 students. One on-site class basically becomes a $165k expense.

Lesson learned: SANS has a money printing press and it's Adam Smith's invisible hand at its finest. Seems to be working great for them so zero need to change anything.

Gimmie some of that KOOL AID mane! LOL

https://www.youtube.com/watch?v=nBeUGqeYsQg

UnixGuy

I remember spending 30 days at a vendor's training, doing all sorts of hands-on...for FREE, with expert instructors....the good old days

SANS has no competitor yet, when eLearnSecurity, Offensive Security, and other competitors step up their game,,,then maybe.

If your company pays for SANS...take it!

iBrokeIT

UnixGuy wrote: »

SANS has no competitor yet, when ...Offensive Security...

Not true, Offensive Security teaches 3 classes at Black Hat every year and they sell out within days. Look at PwK: https://www.blackhat.com/us-18/training/penetration-testing-with-kali-linux.html

$4400 for four days which is $1100 per day (which doesn't even include the course materials, lab or exam)... roughly in line with SANS.

UnixGuy

@iBrokeIT: sure, but SANS teaches everywhere in the world....companies outside the US rarely sponsor people to go BlackHat.

Sucks though, if they're going in par with SANS prices....eLearnSecurity have been releasing new certs lately..so hopefully they can compete.

Sure SANS is great at marketing (so is CISSP folks!), but if I can get the knowledge elsewhere cheaper and then rack up work experience I'll take it..

TechGromit

While SANS training is very good, the competition is beginning to catch up. The DoD Approved 8570 Baseline certifications were once almost entirely GIAC Certifications, with the exception of a few CompTIA's + and CISSP. Now more than half of the accepted certifications are not GIAC certs, Cisco, ISACA, EC-Council, all are on the accepted list. This indicates to me SANS doesn't hold the certification monopoly it once had. I'm sure these certs will filter down the the Fortune 500 companies as acceptable, if not desirable certifications as well. I believe in a few years SANS will have to adjust there pricing accordingly, I think there profit margins are wide enough they can easily reduce there prices $1,000+ and still made a good profit.

iBrokeIT

@UnixGuy The market rate for live Info Sec training with a reputable brand appears to be around the $1100 mark, not just SANS as I showed you. They also have BlackHat Asia but again, similar prices: https://www.blackhat.com/asia-18/training/schedule/#advanced-web-attacks-and-exploitation-9364

If you feel you can get the same or better ROI from a CBT vendor then great! I personally have bought three eLearnSecurity courses and hope they become more well known because they are an excellent value.

Just my observation:
SANS is primarily a live training company and everything else is a distant second to support that model. At each of three conferences I've attended in the last few years they mention that their yearly attendance keeps going up (along with their prices) due to the demand. Given that, why would they go after the low budget crowd with a cheaper OnDemand bundle that would significantly take away from their primary training model? Doesn't make sense from a business perspective and expecting any different from them would be setting yourself up for disappointment.

cshkuru

There is actually a business opportunity here. There is nothing magical about the SANS model. They Identify a need for a cerain set of skills and they develop training around it. The value is from the people who serve as the SMEs and Instructors. This is something that could be replicated and in my opinion improved upon. There is a company named TTI that does the same sort of thing for specialized electrical and mechanical engineering courses, https://ttiedu.com/course_list, but they go it one better, in my opinion, by offering their classes at a fixed location. That makes it possible to take a couple courses in a row if you need to. They also give a price break (or at least they used too if you were taking 2 or more classes in a row). If someone did something similar and offered on going lab access for 4 months or so after the class I think they would have a winning solution that could dethrone SANS.

Danielm7

There is some competition in the pen testing area as others mentioned, elearn, offsec, etc. For a lot of the blue team courses they teach I don't know of any/many vendor neutral courses for things like IR or forensics. Some vendor courses can be as much per day, but typically aren't as long, I can take a 3 day Cisco course for 3K, but when I got and put in a proposal for training 3K sounds a lot lower than almost 6K+, even though SANS might run twice as long and provide more value.

LonerVamp

With the in-person training, you get to network with fellow students in your class, other students nearby at the bar or NetWars, and access to instructors. Especially in security (and offense), no one knows half what we want to know, and being able to bounce something off peers with those skills/knowledge is a huge deal. Do you need SANS to do that? No, but it forces lots of like-minded people together. It's very collegiate-like, in that regard.

JDMurray

TechGromit wrote: »

The DoD Approved 8570 Baseline certifications were once almost entirely GIAC Certifications...

This is because GIAC was the certification organization most heavily involved in marketing their certs to the US DOD. GIAC had a lot of certs, so they initially dominated the 8570 list. The (ISC)2 was next with two certs and CompTIA followed with three. Microsoft and Cisco also tried, but the DOD rejected vendor-specific certs. Very late to the 8570 game, EC-Council was the real success story with the eventual acceptance of the C|EH being a financial boon to their organization. It took years and many revisions to build the DoDD 8570/8140 list to what it is today.