What's to stop a 3rd party from offering SANS courses?

josephandre

SANS instructors and training are top notch, so I get the appeal of going to their events. But for the sake of argument, what's to stop other vendors from pitching bootcamps centered around the exams? Every other major organization has hundreds of providers teaching their material or some sort of prep for their exams, how come no one's doing it?

Obviously the cost of a challenge is prohibitive, and tacking the running rate of a bootcamp on top of it probably has you close to the cost anyway, but I'd say you could probably still shave a few grand off the cost of doing it through SANS

iBrokeIT

From the highlighted yellow text at the top of the page...

Nothing is stopping them: https://www.infosecinstitute.com/vendors/giac/

JDMurray

I, for one, welcome our new InfoSec Institute overlords!

cyberguypr

Ha, nice!

Nothing SANS/GIAC do is proprietary other than their method to the madness. AFAIK Infosec Institute is the first trying to take on the SANS beast. The jury is still out on the Infosec Institute offering. I would absolutely love to hear from someone who took their "GIAC" bootcamps and actually passed the exam, as I remain highly skeptic.

BlackBeret

Nothing is stopping them. As others have mentioned Infosec Institute recently started offering some classes. Tech Now in San Antonio has offered them for years, but it's rare that anyone signs up for it. There have been others, from commuity colleges with courses centered around GIAC exams, to random training companies all over. I just noticed Firebrand in the UK today.

The problem is, while GIAC and SANS are two separate entities in theory, we all know they're the same company. The GIAC exams are based off of the SANS course material. None of it is proprietary, but you can't just copy there material either. Most bootcamps cost in the $3500 - $5,000 range. SANS was at the high end around $5200-$5500 until about two years ago, but their training was the best, and the certification test was half the price if you took the training through them.

So your options were either take the course from a little known vendor, for $3500. Factor in the cost that it's unlikely you live near one of the few that offer it and you have to travel, whereas with SANS they may be coming to your area and offer most of their courses on-demand. Then you're paying full price for the challenge exam, $1,100 two years ago. (~$1800 now). So you're at $4600 for training from a little known company, and an exam attempt, plus your travel cost. Now you're going to take the exam and hope you're actually prepared since you didn't use the official books or materials. Or you could have spent $5200 on the course, and got the exam at a discount of $659 back then, so $5859. Maybe travel, maybe not, and be well prepared with the course and instructors that the exam was based off of.

So for an extra $1200 or less, especially if travel factors in or not, you get the highest quality training and exam prep. Once you get to these price points, an extra $1200 is worth it.

As a side note, no one has to offer "GIAC exam training". You could take OSCP and pass the GPEN. You could read the TCP/IP Guide illustrated, play with Scapy and Snort and pass the GCIA test, etc.

Why do people not compete with SANS? Because if I'm going to spend close to that money, I'm going to spend a little extra for the quality training, not just to get a piece of paper.

All of that said, if their prices keep going up at the rate they are now, the difference in cost becomes greater and the balance of cost/quality will change.

To illustrate my point. Infosec Institute is offering their GCIA course at $6,299, but it does include a voucher and the videos of the course you attended.


SANS cost for the same course would be $6939 for the course and exam, if you took it live. The on-demand usually has some deal offering $400 off or a free laptop. You don't get the videos post course for free like with Infosec Institute. OnDemand would be an additional $729, but I wouldn't compare the full OnDemand course (full course, videos, slides, mp3 audio files, and LABS) to a copy of the videos from Infosec Institue.


So, save yourself $638 to go with the unknown instructors who developed their material based on the test syllabus and the videos afterwards.


Or pay the extra $638 for the SANS instructors using the course material that the test was based on.
If I'm paying that much, I'm going for quality instruction. The paper at the end is a bonus.

josephandre

iBrokeIT wrote: »

From the highlighted yellow text at the top of the page...

Nothing is stopping them: https://www.infosecinstitute.com/vendors/giac/

so odd. I think that I was incepted honestly, because I'm sure that I saw that. Good breakdown Black Beret, and I agree. Was more of a thought exercise about the opening in the market to undercut SANS. It doesn't necessarily have to be from 'unknown vendor', but point taken.

[Deleted User]

Hey josephandre,


BlackBeret did a good job breaking down how we (InfoSec Institute) can offer GIAC certification training. As you can see, this is not unlike (ISC)2’s CISSP. They created the standard and provide their own training, but you can also prepare for the CISSP through a number of third-party training providers.


Everyone learns different, and competition is a good thing in most markets. Our goal is to offer an alternative certification path for those who don’t see SANS training as a viable option.


It’s worth noting that in addition to the course videos and exam voucher as BlackBeret indicates, InfoSec Institute students also get to keep their digital courseware.


The GIAC courses are a very new offering for us — our first course is scheduled to run in August. While I can’t provide student testimonial on those courses just yet, I encourage you to check out student feedback on other courses we offer like GGEIT, CISSP and SCADA. These include feedback directly from our students (I do the interviews myself, and students are not compensated for these reviews).

• https://resources.infosecinstitute.com/how-infosec-institute-alum-rexson-serrao-earned-the-worlds-highest-cgeit-score/
  
• https://resources.infosecinstitute.com/tips-from-gil-owens-on-how-to-pass-the-cissp-cat-exam-on-the-first-attempt/
  
• https://resources.infosecinstitute.com/how-infosec-institute-alum-val-vask-stays-current-on-pentesting-scada-standards/

I hope this addresses your questions. Please let me know if I can answer anything else.


-Megan from InfoSec Institute

TechGromit

As others said, nothing prevents another organization from teaching the SANS material, so long as the information is not pulled directly from SANS books, using other materials sources there is no copyright violations. That said, the course material is updated often, as well as the exams. It would be very expensive for an organization to keep updating there materials to keep up with SANS, it's far cheaper and more profitable to teach something like the CISSP or CCNA where the course materials and exams do not change very often.

yoba222

SANS isn't an industry standard--it's just well known enough that people may confuse it to be one. SANS/GIAC is just some private company that has provided really, really good training of its own inception for many years.

josephandre

yeah obviously it's not a standard. point was more that the certs are highly regarded, and the demand is becoming pervasive. I really don't even see how them changing their course material is that big of a deal because even though the exams are derived from the materials, it's still concepts and tools, not proprietary secrecy.

MiniBella

Just so I'm clear: For between 250 - 600 less (depending on discounts) I get to keep access to my 'online course-ware' and videos from my class (vs. audio only) from SANS?

• Are Linux/Microsoft VMs with labs included too?
• Are your sample questions timed and in test format?
• Are your instructors industry professionals with formal instructor training?

I'm not trying to be a jerk, I guess I'm just confused about the pricing. At the point where I (or my company) is willing to pay $6,000+ for training and certification, a $600 discount isn't going to effect my decision. Especially if one is written/taught specifically for the test and the marginally cheaper option is similar material (but not so close that it gets you into copyright trouble). I know you didn't personally pick the pricing, but a 10% discount for what is essentially a knock-off seems kind of absurd. Please tell me I'm missing something.

side note: video instead of audio isn't really a bonus- you can't listen to video in the car, or while exercising, doing mindless chores etc. And while everyone learns differently, your course offering is the same 'fire-hose' format.