Have you ever paid for a course out of pocket?

mjs1104

My old employer would pay for courses but not certifications, so I would pay for all my certifications and renewals out of pocket. New employer pays for both. I echo the sentiments of everyone else here, I'm currently taking GPEN OnDemand and it's probably not a class I would pay for out of pocket. It's a good course and Ed Skoudis is the man, but like others have said there is so much pen testing material out in the wild to consume it doesn't make a ton of sense for dropping your own money on this one.

Jon_Cisco

I pay for all of my personal development on my own. I have on occasionally asked my company to buy something I wanted to test out.

In my case IT is not my primary job function and most of the training I do is for my own benefit.

sb97

NetworkNewb wrote: »

Like if you won the lottery? That would be my tipping point for me on if I would pay for it out of pocket.

OK that made me laugh. An example for me, if I was seriously looking at a job that required more than just triage level malware analysis skills, I might take the 610 course for the GREM cert to get some reverse engineering experience. For another example, one of my colleagues is making the jump from Analyst to Automation engineer and he did self paid work study for one of the Python courses. He said he took a lot away from the course.

I already have it and my company paid for it but the For508 and GCFA cert are well worth paying for out of pocket IMO.

Edit: There are only a handful that I would consider paying out of pocket for. Certainly not anything like the GSEC, or the CISSP/Management course.

JoJoCal19

Like some above, there are only a few I'd pay for myself. SEC660, SEC760, SEC642, and FOR610 (maybe) would be the only ones. Definitely SEC760 if I ever wanted to go that deep with pentesting skills. I hear it's a ridiculous (in a good way) course.

thedudeabides

While I'd love to take a SANS course, no way I'd pay out of pocket unless I had 7 figures in the bank. Like someone else said, you'd get more for a lot less money with OSCP.

chrisone

SANS has great courses and its worth every penny. But let an employer pay for SANS entry to mid level courses. If you have your OSCP (PWK),OSCE (CTP), OSEE (AWE), and you want to further your studies. I would pay out of my own pocket for a SANS 660 or other advanced course.

Basically if I had to I would pay for the advanced stuff, can't let an employer hold back my progress based on what they can or can't do for me. Other than that, the entry-mid level studies I will self study or do other courses that are not $6000+

goodluck!

iota

johndoee wrote: »

eLearn Security is not blowing up the job boards. I respect the cert somewhat to the arena of cyber security training. But, nobody is asking for it really. Spending more money on eLearn Security would be the same as taking a Cyber Security/Hacking course offered through Linkedin...nobody is looking for it--

https://www.linkedin.com/learning/topics/it-security

If I were to pick I would say OSCP from Offensive Security. Honestly, that cert is getting more hits on job boards than any other O Security certification offered. But, the success rate is not high the first go around and it physically and mentally draining.

Other than that SANS training...

ELS is good. Same as Mile2.

People don't seem to take it as cert other than Cyber Security/Hacking course offered through Linkedin/PentesterAcademy.

I was even mocked at workplace why I ever wanted to take funny certs.

iota

quogue66 wrote: »

I paid for a few parts of SANS courses. I originally took the SEC401 course in 2008. I paid $1000 to challenge the exam in January 2016. Two months later I paid $900 to facilitate FOR408 (now FOR500). A few months after that I paid $629 to cover the exam cost of FOR508. My employer covered the cost of the course but not the exam. I took 5 GIAC exams in 11 months. A few interviewers asked me who paid for the courses. When I told them I paid for part they were very impressed. You don't see many people that pay for training or certs out of their own pocket. Whenever I interview someone that paid for anything out of their own pocket I am equally impressed. This is an added bonus if you think you'll be interviewing anytime in the near future.

Yes, when we can afford, we gotta invest in ourselves with our own money.

TechGuru80

thedudeabides wrote: »

Like someone else said, you'd get more for a lot less money with OSCP.

I am going to make an assumption here and say the people who claim this have not been through the PWK course. The PWK (OSCP) course teaches you the basic techniques but actually leaves a lot of things missing that you have to research. From a pure techniques perspective, there are a lot of books that will actually teach you significantly more about pen testing than this course will. The REAL benefit of PWK (OSCP), is the access to the lab and practicing exploiting then pivoting across networks...the actual research and techniques require a lot of additional research outside of the official course material.

At the end of the day certifications of value offer one or both of the following: knowledge/abilities you cannot find anywhere else, or a compilation of knowledge that would require significant research to acquire the same skillset.

The major benefit of SANS/GIAC is that the material is a compilation of the techniques and skills that matter in a professional setting. We all value time and money different, but there is no question that SANS/GIAC will get you more knowledgable in a much shorter time than other resources because of the compilation of information.

thedudeabides

TechGuru80 wrote: »

The major benefit of SANS/GIAC is that the material is a compilation of the techniques and skills that matter in a professional setting. We all value time and money different, but there is no question that SANS/GIAC will get you more knowledgable in a much shorter time than other resources because of the compilation of information.

I believe you in regards to those benefits of the SANS courses. But regardless, I think they're a completely inefficient use of money for an individual paying out of pocket. There are so many better things you can do to expand and improve yourself with $6000-$7000. And if that's more than 10% of your savings, you're definitely making a bad financial decision. I'm sure I'll get flack for saying that, but it's what I believe.

Info_Sec_Wannabe

I haven't paid a course out of pocket yet, but I think I will do that for eLS PTS soon.

TechGuru80 wrote: »

The major benefit of SANS/GIAC is that the material is a compilation of the techniques and skills that matter in a professional setting. We all value time and money different, but there is no question that SANS/GIAC will get you more knowledgable in a much shorter time than other resources because of the compilation of information.

I haven't taken any SANS course/class yet, but how does the on-Demand videos provide more value or supplement the books that come with the course? The reason I'm asking is I had colleagues who were enrolled in SEC542 and SEC560 recently and I plan to use and borrow those materials after I complete and pass eJPT, but was told that the on-Demand videos can only be accessed within 3 or 4 months upon starting the class.

TechGuru80

I am completely onboard with that way of thinking...the full cost is generally out of reach unless you are making probably $100,000+. The work study is pretty reasonable though at $1,500 or $3000 if you have to travel.

TechGuru80

Info_Sec_Wannabe wrote: »

I haven't paid a course out of pocket yet, but I think I will do that for eLS PTS soon.


I haven't taken any SANS course/class yet, but how does the on-Demand videos provide more value or supplement the books that come with the course? The reason I'm asking is I had colleagues who were enrolled in SEC542 and SEC560 recently and I plan to use and borrow those materials after I complete and pass eJPT, but was told that the on-Demand videos can only be accessed within 3 or 4 months upon starting the class.

The OnDemand is basically a recording of a live course. You get some of the same kind of extra experiences from the instructor without the distractions of a classroom. OnDemand is only available through SANS and they give you 4 months access...you cannot download the videos.

EANx

When I was first starting my career, I paid for a few Novell courses. More recently, last year, I paid for a security course.

I'm a fan of working every angle to get your employer to pay but when push-comes-to-shove, it's your career and you need to take charge of it. If they won't pay, your options are to educate yourself or embrace-the-suck.

cyberguypr

I've paid for 2 SANS work study, employer has paid for my other 4. I bought whatever the name of the web apps class is from ELS but completely lost interest and never went past 20% of the course so that was a total loss. I agree with EANx, let employer pay for stuff, but don't let that be an unbreakable rule. Sometimes you gotta carve your own path. I recently also paid for all my expenses to go speak at a security conference. Totally worth the expense for me within my career/professional plan.

MalwareMike

After taking 3 classes from SANS (all paid by my employer), I don't think I could pay 6k+ for their stuff out of my own pocket. I would probably go with ELS and then use other online resources (safari books/linkedin videos).

SteveLavoie

Well, I paid for many inexpensive classes, and study aids(Safari Books, Pluralsight..), over the year. Most of the time the ROI of the money invested is good. I am now at a point where I want to go SANS classes, I know my company won't pay 100% of this and I am considering to pay about 50% of the invoice myself. I will do it because I like to be in training, and I know the ROI will be good on the mid-term.

Randy_Randerson

SteveLavoie wrote: »

Well, I paid for many inexpensive classes, and study aids(Safari Books, Pluralsight..), over the year. Most of the time the ROI of the money invested is good. I am now at a point where I want to go SANS classes, I know my company won't pay 100% of this and I am considering to pay about 50% of the invoice myself. I will do it because I like to be in training, and I know the ROI will be good on the mid-term.

You bring up a very valid point that even I would like to address in the thread. Too many times I've seen people go to a SANS course completely unprepared. By that I mean someone who is doing SOC related things (log aggregation namely) and then went and took SEC560. Completely was not prepared for things like nmap, Linux in general lol, and overall had a good understanding of what they were seeing in TCPDUMP. This employee struggled hardcore in the class and ultimately couldn't pass the test because they couldn't grasp many of the concepts they were looking at.

My company just wasted $10k with travel costs for him to do that. It is why when I got there, I implemented a (Pass/Fail) concept on training. I needed them to take it seriously. So if they cannot show me they are at least prepared for the course -- they aren't going. If they want to take the class badly, we have books and other resources (namely Vulnhub) they can dabble in so they can get familiar with the concepts. There are more than enough YouTube vids out there. From there they can go. If they just go blind, my Pass/Fail is implemented. If they showed they tried -- I'll buy the retest for them. If they fail the practice tests, I'm more prepared to buy them the $150 new practice test than to watch them fail. But they have to say something!

tl;dr - Be ready to take the class and don't go blindly. You'll make your training managers really happy

scada

I think this is my biggest fear with SANS courses ..... Not passing after spending 6K.

MalwareMike

scada wrote: »

I think this is my biggest fear with SANS courses ..... Not passing after spending 6K.

Honestly if you read all the material a few times, make good notes, and a good index...it would be very hard to fail. The test are built to be passed if you have a good index.