Looking for SANS recommendation

OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
What class should I take? Work will sign me up for a SANS class. I have my security +, ITIL, ISACA CSX F, and CRISC. About 3-4 years information security experience.

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    What do you do and where do you want to go. Let's start with that.
  • OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
    I am in a consulting role where I do a little bit of everything but soon I am starting exclusively with network appliance security. I want to get into management eventually but not positive what I want to do in the meantime. Blue team stuff sounds fun. I was thinking GSEC but also think it’s kind of a waste of this opportunity.
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    OmniMan wrote: »
    I am in a consulting role where I do a little bit of everything but soon I am starting exclusively with network appliance security. I want to get into management eventually but not positive what I want to do in the meantime. Blue team stuff sounds fun. I was thinking GSEC but also think it’s kind of a waste of this opportunity.

    I wouldn't say it is a waste per say. But if you have Sec+, much of what is discussed is going to be regurgitated again.

    SEC501 is a great "dab into everything" course. You will touch on things like IR, Forensics, Defense and a tiny little bit into Pen Testing.

    But I would think SEC503 may be up your wheelhouse. https://www.sans.org/course/intrusion-detection-in-depth . Its cert will be much more recognized by many of your clients and the class is really in the weeds of how things work.

    I would avoid things that are very specific to a field (e.g. Wireless Hacking, Memory Forensics, SIEM, ICS, etc) until you get a little wet behind your ears first. While the tests are open book, they are NOT easy regardless of what anyone will say. There is a reason the percentage needed to pass is so low: people do fail them.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    OmniMan wrote: »
    I want to get into management eventually but not positive what I want to do in the meantime.

    With the cost of how much SANS courses are I think it would be hard to justify going to one if you don't want know what area you want to go into personally... But this site may help you: https://www.sans.org/curricula/
  • OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
    What about th GCIH 504? Would I be qualified to take that having the security + previously?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    SEC504 (GCIH) is a great all around course, that really everybody should take. Especially if you want to go into Blue Teaming.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    OmniMan wrote: »
    What about th GCIH 504? Would I be qualified to take that having the security + previously?


    Indeed. Technically there is no prequalification for it :)
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    OmniMan wrote: »
    What about th GCIH 504? Would I be qualified to take that having the security + previously?

    They literally teach you pretty much everything you need to know during the course. Not much prior knowledge needed. Only course I've taken so don't have anything to compare it against, but definitely thought it was pretty fun and interesting.
  • OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
    Did you pass the exam?
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    SEC504 gets my vote!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    OmniMan wrote: »
    What about th GCIH 504? Would I be qualified to take that having the security + previously?

    Yes! I think that would be a good course too if you plan on going into anything SOC/Blue Team/Red Team/Investigations related. Really no experience is needed but having an idea of how protocols work and some other things will go a long way of understanding the material that much easier.
  • OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
    Thanks for all of your help guys. I’m going to do the GCIH!
  • OmniManOmniMan Member Posts: 78 ■■■□□□□□□□
    Is there anything I can study in the meantime to prepare myself?
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    You could start with NIST 800-61r2. I think Counter Hack Reloaded although old, would also be useful.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Looking over the course outline and brushing up on the topics listed.
Sign In or Register to comment.