SANS recommendation

rfernandes

Hello all,

Do you have any recommendations for any SANS course to take after SEC530?

It could be something outside SANS (if you have any other recommendations) but because I have the budget approved I think it is worth it to go after another GIAC cert.

Thanks in advance.

E Double U

Are you seeking a direct follow-up to SEC530 that is similar content-wise? If so, I am not aware of a course like that. If you are just asking for recommendations in general then providing the following information could help:

- Describe your current role
- What is your goal?
- What other certifications do you hold?

rfernandes

Thanks E Double U...I was trying to see if there is like a direct follow up or something that would make sense to do after sec530. During the course they mentioned different courses like 511 and SEC555 but I'm not sure if this is the right path to follow.

I work as a security architect with focus in consultancy. I analyze current setups and project proposals and make recommendations to the design, this could be from physical security up to the application layer. Type of environments could be private clouds, public clouds (different vendors), industrial controls systems, PLCs, SCADA, etc. 

My goal is to continue to grow as security architect and because I have my own private limited company (which I'm currently providing consultancy services in my current role) maybe the idea is to expand the business at some point.

Other certs I hold are:

GDSA, CISSP, SSCP, eJPT, CCNA cyberops/ R&S/ Security, Checkpoint CCSA, Sonicwall CCSP, Palo alto

Thanks in advance.

E Double U

For an architect I would think TOGAF or a CISSP concentration (ISSAP, ISSEP) would be good. 

Disclaimer: I do not have experience with the credentials I just mentioned.

rfernandes

That's fine! ISSAP is on my list and so TOGAF and/or SABSA.

I would like to maybe use the budget for another SANS course but the most obvious option for me doesn't have a GIAC cert as of yet (SEC545).

E Double U

Then if it just about using up the budget then take SEC545 anyways and maybe follow-up with CCSP. You could also check with GIAC/SANS if a cert is on the roadmap which it likely is. Is the deadline to use the budget approaching?

rfernandes

I did contact them already and they say there is nothing planned for now.

Deadline is kinda approaching but still have some time.I might take the SEC545 but I just don't like the idea of not getting a cert afterwards...

E Double U

rfernandes said:

I just don't like the idea of not getting a cert afterwards...

I am exactly the same way.

UnixGuy

How about SEC566? I haven't done it, check it out:

https://www.sans.org/course/implementing-auditing-critical-security-controls

you have eJPT, how about expanding your offensive knowledge with GPEN? I found GPEN to be easy after eJPT though.

How's your knowledge in incident handling? GCIH or GCFA could be an asset.

You've already done the architecture course from SANS. I don't know what else to recommend from SANS for architecture. You can pursue CCSP, SABSA, TOGAF, and some ISACA certs (CISM/CRISC) to expand your knowledge

I would strongly recommend AWS and Azure architect certs.

Does the cert have to be SANS?

rfernandes

Thanks UnixGuy. It does not have to be sans but because budget is available for it, I think it makes sense to use it in a sans course as I could easily do any of the others certs on my own.

AWS and Azure are also in the wish list.

I will check out those recommendations, much appreciated.

E Double U

@UnixGuy - Based on the provided role description and credentials, I don't see GCIH, GPEN, or GCFA giving additional value. GCCC could though so SANS SEC566 is good when one just has money to burn (that's why I did it lol). 

rfernandes

Thanks E Double U. How did you find SEC566? is this of any value? I just had a look at the scope of the course and this seems more like security frameworks (quite boring in my own opinion).

scasc

I'm actually in the same boat - though seriously now contemplating calling it a day with certs as I need to focus on my young kids. I have just done 530 - going over the material. 545 is great  but no exam, 540 interesting as I have seen you need CI/CD, devsecops skills if you work as a security architect in the cloud (but still bit too hardcore based on the work I do). I also consult from my own Ltd company and checking out what else I can finish up with. Have a strong risk/audit and architecture background so looking at 522 - GWEB only because have always enjoyed web security. Other than that, perhaps ISSAP - but no demand for it. TOGAF was "interesting" in the sense you need to get your head around the ADM/lifecycle etc, confused me at the start....

E Double U

@ rfernandes - I found value in SEC566 for some auditing work I've had to do plus I was involved in initiatives to implement CIS CSC. I feel the content is easy because of my experience and the real value came from the classroom discussions.

Definitely not the most exciting course topic, but I was in the same boat as you where I just had the budget to use and wanted to take something that reflected my work in some way. I had already completed GCIH, GCIA, and GPEN by that point then moved away from hands-on operational work. SEC530 didn't have the GDSA certification yet so SEC566 was just something to keep me busy, get me out of the office, network with others, and use up my budget 

rfernandes

@scasc it looks like we  are in the same boat indeed . I have exactly the same questions you have and although SEC545 looks great, not having an exam available is a blocker for me. SEC540 seems also interesting but as you said maybe too hardcore either for me and the work I do (It could be handy though as I have to assess things like Jenkins).

I will check out SEC522 - thanks for the recommendation.

ISSAP is not really demanding either where I'm currently based, so I will keep it running in the background for now and will assess it later on.

TOGAF or SABSA is on the wish list.

I see you also have GCCC - Did you find any value on this one?

scasc

Hi - if you do a number of projects in the devsecops space - I highly recommend 540, but it recommends you have the fundamental knowledge of cloud (e.g. 545) as a whole before embarking upon it. I personally liked 566 as it allowed me to see security control best practices which can mitigate some material vulnerabilities and threats. Probably not everyone's cup of tea but then again I do a lot of risk assessments/assurance work so helped me. Even as an architect it will help design the right controls in the right areas - course teacher even said a lot of people dont realise but it is a good course for students who want to architect artefacts/controls etc - and I thought the same thing. 

522 - If you are interested in web app architecture with IDP's/SP's (OAUTH/SAML etc) then pretty neat. 

SABSA/TOGAF touch at the enterprise level - more for strategy/road maps/TOM's etc. 

rfernandes

@scasc Thanks for the feedback. I do also a lot of risk assessment work, so it could be something worth to do it.

I have some interesting points to think about, so thanks a lot for all your help on this one folks.