Which Sans Course and certification from these two?!

CyberCop123

I have funding to do two SANS Course's. I've already chosen to do GREM - which is the reverse malware engineering, a topic I am very interested in and a really unique/niche area.  

The other two options are as follows: 

OPTION 1)  SANS FOR572 - Advanced Network Forensics: Threat Hunting, Analysis and Incident Response

GNFA certification : GIAC Network Forensic Analyst

• I do digital forensics at the minute but not much networking stuff
• I do some incident response but I am law enforcement so most of it is just asking companies for data ... it would be good to do it myself and learn more
• I don't do any threat hunting but I am really interested in this area

OPTION 2)  SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
GXPN certification - Exploit researcher and advanced penetration tester

• I am reluctant about this as I think I would find it very difficult (I'm not against working hard but genuinely not sure if it's beyond my abilities)
• Also I'm not really interested in being a pen tester ... it's a very niche area and I'm not sure if it's that beneficial given
• However, it may be fit in well with my OSCP and help build on some of my knowledge I have got from that 

Any thoughts?

Thanks

paul78

I'm personally not a big fan of SANs but if you already have funding - well...

I recall you are sitting for the CISSP - you could also consider the MGT414 - https://www.sans.org/ondemand/course/sans-plus-s-training-program-cissp-certification-exam

Cuse0311

Based on what you've stated above I would go with FOR572 over SEC660, especially since you have no desire to be a pen tester or have no interest in it. FOR572 is an excellent course. I took it several years ago with Phil Hagen. He's a tremendous instructor with lots of real world experience from various environments. I think you'll learn a ton and enjoy it. Let us know what you decide to do.

LonerVamp

I think 660 is a little more akin to OSCE than OSCP, at least as far as topics. (I've not looked much at the 660 course syllabus.) It's less about pen testing like OSCP, and more about exploit writing and bug hunting.

Besides, it already sounds like you're leaning to the Network course. Stick with your gut.

CyberCop123

Ignore all, I am going for the networking one.  I know that is the right one for me.
Thanks everyone 

StormFiber

paul78 said:

I'm personally not a big fan of SANs but if you already have funding - well...

I recall you are sitting for the CISSP - you could also consider the MGT414 -

I've not looked much at the 660 course syllabus.

CyberCop123

paul78 said:

I'm personally not a big fan of SANs but if you already have funding - well...

I recall you are sitting for the CISSP - you could also consider the MGT414 - https://www.sans.org/ondemand/course/sans-plus-s-training-program-cissp-certification-exam

Out of interest why don't you like the SANS courses?  It's unusual to see someone say that as most seem to rate them highly

paul78

CyberCop123 said:

Out of interest why don't you like the SANS courses?  It's unusual to see someone say that as most seem to rate them highly

My comment is economically related. I've only taken 2 SANS courses SEC542 and MGT414. IMO, the value isn't really there.  Perhaps the 600-level courses are better but the SEC542 was structured like a survey course.