Is there any equivalent to SANS Courses

Hi all,

Is any equivalent from other vendors to the SANS Courses such as the ones listed below or does SANS hold the monopoly for these courses? I see that the SANS prices for their courses tend to be extremely high.

SANS SEC501: Advanced Security Essentials-Enterprise Defender

SANS SEC503: Intrusion Detection In-Depth

Find more posts tagged with

sans courses

equivalent

Comments

bigdogz

There may be something similar ( I can look later) but you have more overall recognition for being certified by SANS.

SteveLavoie

I think there is 2 part in that. The first is getting knowledge, where another vendor/trainer can offer something interesting. The second part is certification, SANS is the heavyweight in that niche. Alternative security vendor that I know are Elearnsecurity or Offensive Security.

LonerVamp

You can get the learning from anywhere. A course like SEC542 (that leads to GWAPT) is a great example. You can learn everything in that course from free sources online and even practice the skills using free and paid labs online. But, you're left figuring out how to convince a hiring manager to give you more than 2 minutes of time to demonstrate what you know.

SANS is expensive, but keep in mind that two-fold issue that they bring to the table: the material/learning and also the trusted/easy verification.

CCNA Cyber Ops probably covers quite a bit SEC503, but not that many employers know about or look for it. CompTia is usually a good, recognized stack to get into, but isn't quite the same as a SANS student who passed the exam. ISC2 is good, too, but is more of a trivia/management level than what you'd normally find in a technical worker. Still, the concepts and knowledge are important either way.

egrizzly

Incredible! Thanks for the insight guys. So basically their certs are the BMWs of the security certification field metaphorically speaking. Is their a SANS equivalent for CISSP and Security+ ?

SteveLavoie

The closer certification to Security+ in the SANS world is GSEC.

CISSP is another giant in the infosec world. It is more managerial in nature. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP. SANS are best known for their technical certifications. Finally, CISSP is much less expensive to acquire and maintain than a SANS certs and CISSP have much more recognition in that niche. You can achieve your CISSP with self-study and a couple books and/or CBT, and a lots of time. CISSP can be achieved with a 1K$ budget compared to a 8-9K$ for a SANS certification (course 7000$ + ondemand + exam).

chrisone

To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

https://www.giac.org/certifications/renewal

NetworkNewb

SteveLavoie said:. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP.

SANS is the training organization while GIAC is the certification organization. SANS has a specific course and GIAC has a specific cert geared towards the CISSP

Course: https://www.sans.org/course/sans-plus-s-training-program-cissp-certification-exam

Cert: https://www.giac.org/certification/information-security-professional-gisp

(I got to do a work study for this course and take this exam this last summer)

Definitely not close in same recognition though

TechGromit

For SEC511: Continuous Monitoring and Security Operations

LMG security teaches a class at Black Hat called "Network Forensics". This course was originally developed for SANS, but CEO Sherri didn't like the deal they offered her for the course, so she took her toys and went out on her own. Unfortunately no certification exists, but the technical information is largely the same. You can also purchase her book if you can't afford the course, I paid $4,000 for the course at Blackhat.

SEC555: SIEM with Tactical Analytics

Red Tiger Security developed the course and taught to students at SANS under contract, eventually SANS cut out the middle man by developing there own course, but training by Red Tiger is just a valid as what SANS teaches. Not sure if they have a stand alone book you can buy without taking training from them.

I'm sure there are other examples of where SANS obtained there materials and expertise from others, but I'm not aware of other sources.

bigdogz

chrisone said:

To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

https://www.giac.org/certifications/renewal

The CPE program leans toward making you take more training/ exams which is nothing but an evil cycle.

NetworkNewb

chrisone said:

To maintain SANS certs requires CPEs for each cert (can you combine CPEs?), one time payment of $429, then fees of $219 for each additional cert? Every 4 years? Please correct me if I am wrong.

https://www.giac.org/certifications/renewal

Yea, I don't plan on "maintaining" mine. That cost is ridiculous. I'm just going put the date I obtained the certs on my resume and if anyone asks I'll let them know they have expired. Don't think it should matter.

egrizzly

SteveLavoie said:

The closer certification to Security+ in the SANS world is GSEC.

CISSP is another giant in the infosec world. It is more managerial in nature. There some SANS certs geared toward CISSP, but none have the same recognition as CISSP. SANS are best known for their technical certifications. Finally, CISSP is much less expensive to acquire and maintain than a SANS certs and CISSP have much more recognition in that niche. You can achieve your CISSP with self-study and a couple books and/or CBT, and a lots of time. CISSP can be achieved with a 1K$ budget compared to a 8-9K$ for a SANS certification (course 7000$ + ondemand + exam).

I agree with this 100% Recognition is higher for the CISSP as you see it in 9/10 job descriptions compared to any SANS schmertifications. Even certs like CEH appear in job descriptions tons more times than SANS certs do so I believe it's just not worth it at all. With the thousands you're paying for in SANS courses if you put it the certs on your resume it would not even rank in the search algorithm as much as CISSP or CEH so that alone right there is a deal breaker for me.

chrisone

@bigdogz @NetworkNewb

one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field.

To each their own

redshoeinfose

This conversation helps me tailor my pursuits quite a bit, thank you!

egrizzly

chrisone said:

@bigdogz @NetworkNewb

one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field.

To each their own

So consider getting degrees then. Those actually never expire and look formidable on a business card. A Masters degree in cybersecurity takes only 2 years after your Bachelors. A PhD takes only 2 years after a Masters degree. .....just a thought if you're sick of certifications.

LonerVamp

You can do other things for SANS CPEs. For instance, I earned my Linux+ last year and that counted to renew a SANS cert.

Also, you do pay for the maintenance, but you also get updated course materials. This is useful if the cert you renew has a major update on a timetable that matches your renewal date.

That said, that's a value decision that can be very personal and different for everyone.

roninkai

What PhD takes only 2 years after a Masters? I'm looking for such a PhD...

cyberguypr

Of course it takes two years. With maybe 12-18 credits per quarter

SteveLavoie

Unless you want to do research.. I think a Master is more than enough to get credibility

VictorVictor5

egrizzly said:

chrisone said:

@bigdogz @NetworkNewb

one of the main reasons why I decided not to pursue SANS certs. Had big dreams of GSE etc, but I’m old now lol Maintaining all that is not worth it. I doubt I get anything north of 160k salary for my hard work and trouble obtaining gse and X amount of sans certs. It’s better to just get some ISC2, ISACA, Cloud certs for the salary and certs from offensive security, elearnsecurity, pentester academy, etc for the technical side. The former is not as expensive to maintain, and the latter doesn’t expire and gives you a very great grasp for the hands on skill set.

I am looking at this from a perspective of being in certs for 15+ years and somewhat tired of it all. I feel I only have a couple years left in the cert field.

To each their own

So consider getting degrees then. Those actually never expire and look formidable on a business card. A Masters degree in cybersecurity takes only 2 years after your Bachelors. A PhD takes only 2 years after a Masters degree. .....just a thought if you're sick of certifications.

I beg to differ with "A PhD takes only 2 years after a Masters." While it certainly depends on the field itself, I can tell you right now that 2 years for a PhD post-Masters is definitely NOT the norm. It all depends on your research and peer-review publications. Plus your qualification exam to go after the PhD to begin with, then your dissertation proposal and defense. A PhD is in no way automatic after a Masters, unless you go to a fly-by-night college that just wants your money.

If you think it'll only take you 2 years, be prepared to be in the lab 24/7/365, and your journal articles better be accepted on first-pass and better be first-author. That's what comprises your dissertation.

I speak from experience. See the signature block.

VV5 out.

VictorVictor5

One more thing for my TechExams family - if any of you are seriously considering a PhD, PM me and I will gladly mentor you on that process. However, it just irks me when some of my fellow members think it's NBD to get a PhD. My friend, no. The purpose behind a PhD is to bring unique knowledge to your particular field of study and to convey that knowledge. It is not akin to studying for and getting a cert.

Other than that, you wouldn't believe half the crap I put up with to get said degree. And now you know why I am getting a law degree!

chrisone

How about the costs of a master or PhD vs certs?

Its like telling a tuner hey just buy a lambo and call it a day.

VictorVictor5

@chrisone - good one bro!

I did my PhD in a traditional sense - university lab setting. The pros: tuition free (not including books and ancillary fees) + stipend. Cons: stipend amount and you're at the whims of your advisor. If you get a good one, great. But then there are those that are stuck with ones, well, I'll stop while I'm ahead.

Another common misnomer is that if one were to do a PhD at a regular university vs. an online one (Phoenix, Capella, etc.) - I'm not going to say that they are not real PhDs because I know work does go into them, but if you're set on becoming faculty at a lock-step university, and if you do go to an online school like I mentioned, good luck. If the competition were between me and someone who did the online version, I'm going to get the position hands down (unless I really screw up the interview, and even then). Unfortunately the academic world is still not keen on online PhDs. As an aside, even the ABA is still not cool with 100% online JD (law) degrees, but I think Syracuse Law (???) has conditional approval. They'll allow some courses to be online, but only so many. But I can get a LL.M. (Master of Laws) 100% online.....