materials for SANS's MGT514: Security Strategic Planning, Policy, and Leadership
aleksej
Member Posts: 9 ■■■□□□□□□□
Wanted to take SANS mgt514 (GSTRT certificate). it's so expensive that my company refused me to. Do you know of any other source of info to get similar knowledge at lower price? I prefer paper back book ...but anything would be of help.
My second choice would be an MGT551: Building and Leading Security Operations Centers. but the price here is about the same. this knowledge probably is easier to get elsewhere. but maybe some advices where to start to get whole picture?
regards
Tagged:
Answers
-
JDMurray Admin Posts: 13,099 AdminMaybe the pages for those SANS courses and GIAC certs will have a reference list of materials used to build those courses.
-
aleksej Member Posts: 9 ■■■□□□□□□□got there once again. I suppose I will add SANS youtube channel to bookmarks. thanks. it didn't catch my attention earlier.still, no list of materials.
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Hi @aleksej, welcome to the group.
I would suggest you to look at this class from Antisyphon. It has been founded a few years ago and most of their instructor are ex-SANS instructor. Their founder is John Strands famous for the GCIH course.
Chris Brenton has written a class very similar to SANS MGT514 (but shorter, only 16h). I took this class last year and I really liked it. It is only 545$USD. It is online and in 4 chunk of 4h in the afternoon (12h-4PM EST)
https://www.antisyphontraining.com/security-leadership-and-management-w-chris-brenton/
The next class is in April.
Another idea is an online program from University of Toronto Continuing education called "Cyber Security Management". It is a short non-credited program with only 3 course, the content is very much aligned toward the ISACA CISM course, but their intent is not to be a CISM bootcamp. It is relatively cheap (2K$ USD). I did the first 2 class and it is great. Internaltional student are permitted.
https://learn.utoronto.ca/programs-courses/certificates/cyber-security-management
-
aleksej Member Posts: 9 ■■■□□□□□□□SteveLavoie said:Thanks. I've been here before, but in RO mode only. Succesfuly looking for recommendation which sec certs are worth the effort.Antisyphon seems like for a manager. I would rather be an team leader or a strong influencing team player. SANS seems like addressing those needs better, putting emphases on "leadership". I will get this into consideration as the cost far more attractive than SANS.toronto university course seems interesting. time consumming and expensive, but sure seems like a lot of knowledge. And it has the key words "program design", "IR". I believe those and also "polices" and "leadership" are those that I am looking for.
I am a technical guy and for the next few years i plan to keep it that way. Rather thought about architect / blue team / SOC leader but maybe I should get what is within my reach. Thanks I will consider those 2 options.
-
UnixGuy Mod Posts: 4,570 ModI did the course few months ago using the Work Study so perhaps look into that: https://www.sans.org/work-study-program/I don't recommend spending money on the course, it's mainly leadership theories, I wrote a review a mini review: https://community.infosecinstitute.com/discussion/138472/passed-sans-giac-gstrt-mini-reviewAs was suggested above, look into CRISC/CISM, that's a cheaper alternative. There is countless free leadership material from universities online that you can study too
-
aleksej Member Posts: 9 ■■■□□□□□□□thanks for all the answers. I believe I should look at CISM/CISP in 2 years or so. for now I want bo be an engineer with leading skills not a manager. so maybe CASP from comptia. but it seems like I need to look for and put the puzzles together by myself. seems like a good suggestion to go for courses/university knowledge this year. It should save so much additional time on preparing for cert typical questionI believe I now know what to look for. Thanks.
-
UnixGuy Mod Posts: 4,570 Mod@aleksej if you want to be an engineer with leadership skill then GSTRT is definitely not the course you're looking for. CASP is a lot more aligned to what you're looking for.What area of security engineering are you looking at? Some of the best engineers i met have zero certs, but they're absolute guns when it comes to implementing solutions, troubleshooting, etc. They all seem to have a genuine interest in the tools and practice/learn after work at home labs/cloud
-
aleksej Member Posts: 9 ■■■□□□□□□□I also don't think certs are mandatory. I believe certs are a good mean to cover areas that you don't work with, but are important to understand.I agree that to learn specyfic tool it's better to have your lab on one screen and google on 2nd. but it's no longer true if talking about soft and planing skills. So overall security is within my interests and also developing polices around SOC and making it work.
-
UnixGuy Mod Posts: 4,570 Mod@aleksej got ya. I know the course description of GSTRT have security policy development as part of the curriculum but i honestly didn't find it particularly great. They have some policy development tools, I mean they're nice to explore but I'm not 100% convinced.I don't know of a cert that teaches this, but from experience, I learned this by being in SOCs, being a consultant, looking at previous examples of policies, learning from my (and others) mistakes and seeing what policies are practical and what end up not being used, etc etc.I wish there was a single good course that teaches that. I found working for a consulting firm to be the quickest way to learn this
-
JDMurray Admin Posts: 13,099 AdminI'm in the SANS MGT551 course on-demand right now with the GSOM certification due out in a month or two. This course is just the ticket if you want to learn how to build out and manage a SOC in a very small to very large organization.
-
JDMurray Admin Posts: 13,099 AdminI'll be writing a review of SANS MGT551 and the corresponding GSOM cert when I am finished with the course in March.
-
JDMurray Admin Posts: 13,099 AdminIt looks like I passed the GIAC GSOM beta exam with a score of 74% (The minimum passing score is 66%.) My index was hastily put together, as I didn't have much time to go through the material, but it apparently was enough to net me the Analyst #61 spot for this cert. I'll write a review of the experience in a new discussion.
-
Aharrell Member Posts: 18 ■■■□□□□□□□Congrats on your pass! I look forward to your review. I just got the material this week. I finished SOC Design and Operational Planning yesterday.M.Sc, CDPSE, CGEIT, CISA, CISM, CISSP, CISSP-ISSMP, CRISC, CySA+, HCISPP, ITIL, PenTest+, PMP, Project+, Sec+
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□In most case, GIAC certs without the SANS class are not worth it. Their value derive from the class you took.
There are a few exception, like GSEC who is a basic certs and GCIH because there are some third party books. -
E Double U Member Posts: 2,237 ■■■■■■■■■■Growwithme said:Hello I am looking for GSTRT Training
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□E Double U said:Growwithme said:Hello I am looking for GSTRT Training