Is there any equivalent to SANS Courses

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 385 ■■■■□□□□□□
Hi all,

Is any equivalent from other vendors to the SANS Courses such as the ones listed below or does SANS hold the monopoly for these courses?  I see that the SANS prices for their courses tend to be extremely high.

SANS SEC501: Advanced Security Essentials-Enterprise Defender
SANS SEC503: Intrusion Detection In-Depth
SANS SEC503: Intrusion Detection In-Depth

Comments

  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    There may be something similar ( I can look later) but you have more overall recognition for being certified by SANS.
  • SteveLavoieSteveLavoie Member Posts: 902 ■■■■■■■■□□
    I think there is 2 part in that.  The first is getting knowledge, where another vendor/trainer can offer something interesting. The second part is certification, SANS is the heavyweight in that niche.   Alternative security vendor that I know are Elearnsecurity or Offensive Security.  
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    You can get the learning from anywhere. A course like SEC542 (that leads to GWAPT) is a great example. You can learn everything in that course from free sources online and even practice the skills using free and paid labs online. But, you're left figuring out how to convince a hiring manager to give you more than 2 minutes of time to demonstrate what you know.

    SANS is expensive, but keep in mind that two-fold issue that they bring to the table: the material/learning and also the trusted/easy verification.

    CCNA Cyber Ops probably covers quite a bit SEC503, but not that many employers know about or look for it. CompTia is usually a good, recognized stack to get into, but isn't quite the same as a SANS student who passed the exam. ISC2 is good, too, but is more of a trivia/management level than what you'd normally find in a technical worker. Still, the concepts and knowledge are important either way.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 385 ■■■■□□□□□□
    Incredible! Thanks for the insight guys.  So basically their certs are the BMWs of the security certification field metaphorically speaking.  Is their a SANS equivalent for CISSP and Security+ ?
  • SteveLavoieSteveLavoie Member Posts: 902 ■■■■■■■■□□
    The closer certification to Security+ in the SANS world is GSEC.

    CISSP is another giant in the infosec world. It is more managerial in nature. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP.  SANS are best known for their technical certifications. Finally, CISSP is much less expensive to acquire and maintain than a SANS certs and CISSP have much more recognition in that niche. You can achieve your CISSP with self-study and a couple books and/or CBT, and a lots of time. CISSP can be achieved with a 1K$ budget compared to a 8-9K$ for a SANS certification (course 7000$ + ondemand + exam).

      
  • chrisonechrisone Senior Member Member Posts: 2,147 ■■■■■■■■■□
    edited January 10
    To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

    https://www.giac.org/certifications/renewal
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    edited January 10
    SteveLavoie said:. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP.  
      

    SANS is the training organization while GIAC is the certification organization.  SANS has a specific course and GIAC has a specific cert geared towards the CISSP

    Course: https://www.sans.org/course/sans-plus-s-training-program-cissp-certification-exam

    Cert: https://www.giac.org/certification/information-security-professional-gisp 

    (I got to do a work study for this course and take this exam this last summer)

    Definitely not close in same recognition though :) 
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,000 ■■■■■■■■□□
    edited January 10
    For SEC511: Continuous Monitoring and Security Operations

    LMG security teaches a class at Black Hat called "Network Forensics". This course was originally developed for SANS, but CEO Sherri didn't like the deal they offered her for the course, so she took her toys and went out on her own. Unfortunately no certification exists, but the technical information is largely the same. You can also purchase her book if you can't afford the course, I paid $4,000 for the course at Blackhat.

    SEC555: SIEM with Tactical Analytics

    Red Tiger Security developed the course and taught to students at SANS under contract, eventually SANS cut out the middle man by developing there own course, but training by Red Tiger is just a valid as what SANS teaches. Not sure if they have a stand alone book you can buy without taking training from them.      

    I'm sure there are other examples of where SANS obtained there materials and expertise from others, but I'm not aware of other sources. 

    Still searching for the corner in a round room.
  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    chrisone said:
    To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

    https://www.giac.org/certifications/renewal

    The CPE program leans toward making you take more training/ exams which is nothing but an evil cycle.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    chrisone said:
    To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

    https://www.giac.org/certifications/renewal
    Yea, I don't plan on "maintaining" mine.  That cost is ridiculous.   I'm just going put the date I obtained the certs on my resume and if anyone asks I'll let them know they have expired.  Don't think it should matter.
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 385 ■■■■□□□□□□
    The closer certification to Security+ in the SANS world is GSEC.

    CISSP is another giant in the infosec world. It is more managerial in nature. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP.  SANS are best known for their technical certifications. Finally, CISSP is much less expensive to acquire and maintain than a SANS certs and CISSP have much more recognition in that niche. You can achieve your CISSP with self-study and a couple books and/or CBT, and a lots of time. CISSP can be achieved with a 1K$ budget compared to a 8-9K$ for a SANS certification (course 7000$ + ondemand + exam).

      
    I agree with this 100%  Recognition is higher for the CISSP as you see it in 9/10 job descriptions compared to any SANS schmertifications.  Even certs like CEH appear in job descriptions tons more times than SANS certs do so I believe it's just not worth it at all.  With the thousands you're paying for in SANS courses if you put it the certs on your resume it would not even rank in the search algorithm as much as CISSP or CEH so that alone right there is a deal breaker for me.
  • chrisonechrisone Senior Member Member Posts: 2,147 ■■■■■■■■■□
    edited January 11
    @bigdogz @NetworkNewb

    one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

    I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field. 

    To each their own :smile:
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • redshoeinfoseredshoeinfose Network +, Security + Member Posts: 5 ■□□□□□□□□□
    This conversation helps me tailor my pursuits quite a bit, thank you!
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 385 ■■■■□□□□□□
    chrisone said:
    @bigdogz @NetworkNewb

    one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

    I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field. 

    To each their own :smile:

    So consider getting degrees then.  Those actually never expire and look formidable on a business card.  A Masters degree in cybersecurity takes only 2 years after your Bachelors.  A PhD takes only 2 years after a Masters degree. .....just a thought if you're sick of certifications.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    You can do other things for SANS CPEs. For instance, I earned my Linux+ last year and that counted to renew a SANS cert.

    Also, you do pay for the maintenance, but you also get updated course materials. This is useful if the cert you renew has a major update on a timetable that matches your renewal date.

    That said, that's a value decision that can be very personal and different for everyone. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • roninkaironinkai Senior Member San DiegoMember Posts: 305 ■■■■□□□□□□
    What PhD takes only 2 years after a Masters? I'm looking for such a PhD...
    浪人 MSISA:WGU
    ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
    2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,912 Mod
    edited January 28
    Of course it takes two years. With maybe 12-18 credits per quarter  :D
  • SteveLavoieSteveLavoie Member Posts: 902 ■■■■■■■■□□
    Unless you want to do research.. I think a Master is more than enough to get credibility
  • VictorVictor5VictorVictor5 Member Member Posts: 77 ■■■□□□□□□□
    edited January 28
    egrizzly said:
    chrisone said:
    @bigdogz @NetworkNewb

    one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

    I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field. 

    To each their own :smile:

    So consider getting degrees then.  Those actually never expire and look formidable on a business card.  A Masters degree in cybersecurity takes only 2 years after your Bachelors.  A PhD takes only 2 years after a Masters degree. .....just a thought if you're sick of certifications.
    I beg to differ with "A PhD takes only 2 years after a Masters." While it certainly depends on the field itself, I can tell you right now that 2 years for a PhD post-Masters is definitely NOT the norm. It all depends on your research and peer-review publications. Plus your qualification exam to go after the PhD to begin with, then your dissertation proposal and defense. A PhD is in no way automatic after a Masters, unless you go to a fly-by-night college that just wants your money.

    If you think it'll only take you 2 years, be prepared to be in the lab 24/7/365, and your journal articles better be accepted on first-pass and better be first-author. That's what comprises your dissertation. 

    I speak from experience. See the signature block.

    VV5 out. 
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • VictorVictor5VictorVictor5 Member Member Posts: 77 ■■■□□□□□□□
    edited January 28
    One more thing for my TechExams family - if any of you are seriously considering a PhD, PM me and I will gladly mentor you on that process. However, it just irks me when some of my fellow members think it's NBD to get a PhD. My friend, no. The purpose behind a PhD is to bring unique knowledge to your particular field of study and to convey that knowledge. It is not akin to studying for and getting a cert.

    Other than that, you wouldn't believe half the crap I put up with to get said degree. And now you know why I am getting a law degree!  :)
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • chrisonechrisone Senior Member Member Posts: 2,147 ■■■■■■■■■□
    How about the costs of a master or PhD vs certs?  :)

    Its like telling a tuner hey just buy a lambo and call it a day. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • VictorVictor5VictorVictor5 Member Member Posts: 77 ■■■□□□□□□□
    edited January 28
    @chrisone - good one bro!

    I did my PhD in a traditional sense - university lab setting. The pros: tuition free (not including books and ancillary fees) + stipend. Cons: stipend amount and you're at the whims of your advisor. If you get a good one, great. But then there are those that are stuck with ones, well, I'll stop while I'm ahead.

    Another common misnomer is that if one were to do a PhD at a regular university vs. an online one (Phoenix, Capella, etc.) - I'm not going to say that they are not real PhDs because I know work does go into them, but if you're set on becoming faculty at a lock-step university, and if you do go to an online school like I mentioned, good luck. If the competition were between me and someone who did the online version, I'm going to get the position hands down (unless I really screw up the interview, and even then). Unfortunately the academic world is still not keen on online PhDs. As an aside, even the ABA is still not cool with 100% online JD (law) degrees, but I think Syracuse Law (???) has conditional approval. They'll allow some courses to be online, but only so many. But I can get a LL.M. (Master of Laws) 100% online.....
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
Sign In or Register to comment.