Looking for SANS recommendation

OmniMan

What class should I take? Work will sign me up for a SANS class. I have my security +, ITIL, ISACA CSX F, and CRISC. About 3-4 years information security experience.

cyberguypr

What do you do and where do you want to go. Let's start with that.

OmniMan

I am in a consulting role where I do a little bit of everything but soon I am starting exclusively with network appliance security. I want to get into management eventually but not positive what I want to do in the meantime. Blue team stuff sounds fun. I was thinking GSEC but also think it’s kind of a waste of this opportunity.

Randy_Randerson

OmniMan wrote: »

I am in a consulting role where I do a little bit of everything but soon I am starting exclusively with network appliance security. I want to get into management eventually but not positive what I want to do in the meantime. Blue team stuff sounds fun. I was thinking GSEC but also think it’s kind of a waste of this opportunity.

I wouldn't say it is a waste per say. But if you have Sec+, much of what is discussed is going to be regurgitated again.

SEC501 is a great "dab into everything" course. You will touch on things like IR, Forensics, Defense and a tiny little bit into Pen Testing.

But I would think SEC503 may be up your wheelhouse. https://www.sans.org/course/intrusion-detection-in-depth . Its cert will be much more recognized by many of your clients and the class is really in the weeds of how things work.

I would avoid things that are very specific to a field (e.g. Wireless Hacking, Memory Forensics, SIEM, ICS, etc) until you get a little wet behind your ears first. While the tests are open book, they are NOT easy regardless of what anyone will say. There is a reason the percentage needed to pass is so low: people do fail them.

NetworkNewb

OmniMan wrote: »

I want to get into management eventually but not positive what I want to do in the meantime.

With the cost of how much SANS courses are I think it would be hard to justify going to one if you don't want know what area you want to go into personally... But this site may help you: https://www.sans.org/curricula/

OmniMan

What about th GCIH 504? Would I be qualified to take that having the security + previously?

JoJoCal19

SEC504 (GCIH) is a great all around course, that really everybody should take. Especially if you want to go into Blue Teaming.

Jasiono

OmniMan wrote: »

What about th GCIH 504? Would I be qualified to take that having the security + previously?

Indeed. Technically there is no prequalification for it

NetworkNewb

OmniMan wrote: »

What about th GCIH 504? Would I be qualified to take that having the security + previously?

They literally teach you pretty much everything you need to know during the course. Not much prior knowledge needed. Only course I've taken so don't have anything to compare it against, but definitely thought it was pretty fun and interesting.

OmniMan

Did you pass the exam?

E Double U

SEC504 gets my vote!

Randy_Randerson

OmniMan wrote: »

What about th GCIH 504? Would I be qualified to take that having the security + previously?

Yes! I think that would be a good course too if you plan on going into anything SOC/Blue Team/Red Team/Investigations related. Really no experience is needed but having an idea of how protocols work and some other things will go a long way of understanding the material that much easier.

OmniMan

Thanks for all of your help guys. I’m going to do the GCIH!

OmniMan

Is there anything I can study in the meantime to prepare myself?

cyberguypr

You could start with NIST 800-61r2. I think Counter Hack Reloaded although old, would also be useful.

NetworkNewb

Looking over the course outline and brushing up on the topics listed.