Free Practice Exams for SANS GLEG 523

I did and just recently passed the exam. Me, personally, I loved the class. Now, it is not technical at all and the class is instructed by a lawyer, from a lawyer perspective, which makes sense for the subjects. Ben Wright is very knowledgeable and entertaining in his class. I would say the hardest part for me was listening about contract law, just because I'm not very interested in the subject. With that said, as a "Threat Hunter" that has to deal with investigations and even engage red teams, this class was very helpful. I was able to bring back immediate value back to the meeting table when talking to legal counsel, drafting my statement of work, going over scope with red teamers, talking to GRC folks and answering questionnaires. My favorite part was probably rearranging how I conduct my emails, after all, they are a legal contract if both parties agree.

The subjects do overlap a little with CISSP and would benefit director level folks or privacy officers. The material is a little under technical legal coursework, so lawyers would not need to attend, but more for people who would interact with legal in some capacity.

I really enjoyed the class, I'm glad I went and got the cert and now I'm more privacy and legally security conscious than I was before.

Please feel free to ask questions as I went to the class 4 months ago.

Randy_Randerson

cyberguypr wrote: »

OP, did you take this class? Heard some bad feedback about it so I'm curious.

I've taken it as well. I don't get why people hate on it so much. I will say this, it is VERY US centric obviously. Outside of a little dabbing into GDPR, you are only going to get examples for the United States.

With that being said though. This is a great class for any IT professional that sees themselves either dealing with counsel (internal or external) or 3rd party vendors (software or hardware solutions). This at least gets you on a level playing field with those people when you understand why certain verbiage is used as opposed to more normal language. I found the most value in what constitutes good policies, especially with BYOD policies. Yes, it isn't a "sexy GPEN" style class. But if you need to deal with anything outside of just staring at the computer screen and providing an output to someone else, it is a very worthwhile course.

cyberguypr

Thanks, very valuable feedback. I had serious doubts given the source where I got the feedback so I'm glad to hear.

Randy_Randerson

cyberguypr wrote: »

Thanks, very valuable feedback. I had serious doubts given the source where I got the feedback so I'm glad to hear.

I would never steer anyone wrong with a class and am there to give honest feedback to what I think a class offers v. what they claim it will offer. No, this class is not for everyone, especially on this forum. But it never states to be that though either. It is directly geared towards professionals who either are decision makers or policy makers. I'm the latter, not the former. So it is very prudent for me to understand how to write Security policies at a level that legal will 1) understand and 2) be enforceable. Without that, I'm spinning my own wheels and wasting time.