SANS challengers group

L0gicB0mb508

After doing a little more number crunching I will have to do self study to be able to swing the GPEN and the CISSP course. So, it looks like I'll be doing lots of reading.

Bl8ckr0uter

Well I found out that the gov job I was hoping to get won't be coming through so... now I really have to reconsider self studying both GCIA and GCFW. 1800 is a lot. I am probably going to do one but not both. Also I am throwing my hat back in for SSCP (the poor man's GSEC ) and I am going to take the elearn course and offensive security course. Who knows, I might do GPEN instead of GCIA or GCFW since alot of my studies are going to be pen test oriented (CEH, elearn, oscp).

rwmidl

Best of luck to you! Keep us posted on how it goes.

Bl8ckr0uter

Bl8ckr0uter wrote: »

Well I found out that the gov job I was hoping to get won't be coming through so... now I really have to reconsider self studying both GCIA and GCFW. 1800 is a lot. I am probably going to do one but not both. Also I am throwing my hat back in for SSCP (the poor man's GSEC ) and I am going to take the elearn course and offensive security course. Who knows, I might do GPEN instead of GCIA or GCFW since alot of my studies are going to be pen test oriented (CEH, elearn, oscp).

Hmmm. I am strongly considering doing GSEC and GCED now. Since my job is more of a handyman security type job, those two would make sense. GSEC seems to be little more than I thought. In fact, I have been reading some of the SANS papers and it has made me believe that I am weak in a few areas, so GSEC is going to be a target for me (insead of SSCP). GCED looks awesome and I might be able to squeeze it in this year, but more than likely, I will have to take it early next year (due to a soon to be 18CR class load and a full time job). I kinda have this stigma in my mind about GSEC (entry level blah blah) and some of the people going for the higher levels have furthered that stigma but whatever lol. so GSEC>GCED>GCIA over the next few months (more than likely a year+)

Plus threads like this make me really not want to do it:
http://www.techexams.net/forums/security-certifications/62338-so-i-just-passed-gsec.html

Lol but I guess I don't have like 20 years of experience. I still have less than a year of Infosec experience and less than 6 years of overall experience. Hell I am still only two years off of the helpdesk. So Idk maybe I should take their opinions with a grain of salt but it does make me wonder if the $900 will be worth it. I just don't want to spend all of that money and no one will care.

Chris:/*

Don't worry about stigma everyone's experience level is different domains of knowledge and everyone has an opinion about what is easier to them.

Bl8ckr0uter

Chris:/* wrote: »

Don't worry about stigma everyone's experience level is different domains of knowledge and everyone has an opinion about what is easier to them.

What did you think the of the exam?

Chris:/*

Fair but it does expect you to have a decent range of knowledge. You are not required to have a significant depth of knowledge in any of the domains but you do need to understand the material. It is an application of knowledge endurance test not an knowledge endurance test.

Bl8ckr0uter

Chris:/* wrote: »

Fair but it does expect you to have a decent range of knowledge. You are not required to have a significant depth of knowledge in any of the domains but you do need to understand the material. It is an application of knowledge endurance test not an knowledge endurance test.

Ah. GSEC/GCED combo looks killer. I think I would want to go gold as well.

docrice

Since I just finished a great experience with the GCFW, I'm itching for another round on the SANS ride. However, having just done my taxes and not expecting the return to come back anytime soon (due to the IRS needing to reprogram their systems), I can't pull the trigger for the GCIA yet.

Part of me is now considering challenging the GAWN next. After searching through this forum (and some Googling), this certainly is not one of the more popular / well-discussed GIAC cert. GIAC's site mentions that there are currently 561 individuals with the GAWN, which is minuscule compared to the GSEC, GCIH, etc..

http://www.giac.org/certified_professionals/listing/gawn.php

I don't intend to strictly specialize in wireless security, but I would like one of my focuses to be in that area.

Has anyone here actually gone through either the GAWN course / exam or know anyone who has? On a practice exam someone gave me a couple of months back I just barely missed the passing mark, so maybe this would be a good one to challenge to get another four-letters to my name (yeah, I know, that's the wrong attitude ... but in the near-term I'd rather spend out-of-pocket training on the GCIA; plus I don't want to take another course where a good portion of the material might be review).

I'm dragging my heels on the CISSP and CCNP studies since the SANS stuff is more interesting and the idea of accomplishing a third GIAC cert within 12 months is kind of appealing to the ego, even though I probably won't score very high on the exam. Plus, the second edition of Hacking Exposed Wireless is sitting there a few feet away.

iVictor

Hey guys,

Is this challengers group still active?

I am preppin up to GPEN which comes in next few weeks. I took a SANS class and revising the topics as of now. Will be sitting on my first practice test in a day or two.

Lemme know. Thnx.

Update: Passed GPEN.

w0rd

Bl8ckr0uter wrote: »

Isn't the self study stuff like 3k?

Precisely the reason I am not taking, at this time, pursuing GSEC. I'm all for organizations charging to put food on the table for their employees, but $3,246 for books and MP3s only is absurd. The live classes are around $3,800 so clearly they really value their printed and audio materials. I want to read the materials myself; I don't want to sit in a class or do a 'live' online session. Furthermore, at least for the company I work with, they will gladly pay for the exam fee but not materials towards obtaining it. I imagine many others are in a similar position.

Another reason, in my opinion, is lack of knowledge around GSEC. Do a Google search on this exam and see what comes up (i.e.: nothing). The best public information that is available is the candidate bulletin with the outline of topics. I can comfortably talk about each item on that list, but I have no idea what the actual test will be like. Furthermore, almost every other certification has tons of third party books you can pick up at a bookstore. Nothing recent on GSEC; Amazon has a book on it but it's from 2003. Yes, I could get an entry point into this by purchasing a practice test for $100, but I shouldn't have to rely on that.

Lower the cost to purchase materials and I'm all in. I even want to write a gold paper, but I'm not paying those prices.

Finally, if I understand the procedure properly, you also have to pay $399 every certification cycle as a maintenance fee.

So, potentially, you have:

Class ($3,800) + Certification Attempt ($499) + Certification Renewal ($399) = $4,698

Yikes. Almost $4,700 for four letters on your resume. Is that price point worth it over, say, CISSP?

(One final thought: It doesn't help that exam scores are posted for all the see on the site. In that case, darn well be sure I'm not taking this exam unless I know exactly what to expect.)

Chris:/*

Sorry I like the fact that my scores and everyone else are online. It shows you know what you are doing or you don't. In comparison to other organizations SANS does provided research and bulletins in the security and system administration world. You do see SANS and GIAC on the tipping point of the industry not just using other people's work.

Now if you are chasing the cert for the initials I suggest you look elsewhere. If you want knowledge and more credibility in the technical community than the CISSP I suggest going with the GIAC certs. I am not saying the CISSP is worthless by point in fact but GIAC certs are technical certs and are respected as such.

Now looking at GSEC in comparison to other GIAC certs I would not recommend it compared to other cheaper alternatives at its level. That is unless you are going for the GSE then I would say that the GSEC would be a worth while investment.

I can say that my GSEC, though it has not brought more jobs directly to me it does carry geek cred in the industry. In addition SANS Institute does provide an avenue to get security research papers published which does help me.

w0rd

Hmm... I eat my words slightly. I stumbled upon this and was not aware of this beforehand...

"The renewal fee includes a current set of certification specific course materials should you choose to receive them. The updated course materials are available to you regardless of the renewal option(s) you utilize and will aid you in keeping your skill set current. You are responsible for shipping fees associated with receiving updated course materials."


That certainly justifies the renewal fee. Training fee is still high though. But this makes it slightly easier to swallow and pony up some money.

Bad marketing... that wording is somewhat buried on the FAQ page. They need to make that more well-known to people like myself who see the money required and then hit the back button.

docrice

Much of the training SANS provides can't really be found elsewhere, to some degree, which I believe is one of the reasons these courses cost so much. A generalistic course like SEC-401 (to prepare for the GSEC) is an exception since one can probably wing it if they have sufficient experience or fundamental understanding of the technologies covered. But other courses like SEC-5xx (and higher) are pretty unique in the industry as far as I can see. I doubt Cisco courses are going to teach you a lot about intimate packet structure, their malicious crafting, open source tools used, the resulting effects against targets, methods used to evade defenses, etc.. I say this without having taken any classes specifically for 642-level areas, however, so correct me if I'm wrong.

Also, SANS seems to run a discount or special for their courses frequently. Keep an eye out: http://www.sans.org/ondemand/discounts.php

I'm still on track in prepping for the GCIA. Although I'm not really "challenging" it (as I paid for the OnDemand), I have to say that so far this has been the best SANS course I've taken. When I initially registered for an OnDemand demo of 503 last year, I got intimidated since the instructor (Mike Poor) talks fast and the subject matter is very detailed by its nature. Yes, the material is deep (after all, one of the things you learn early on is decoding hex **** in packet headers) but the instructor is very entertaining, informative, and has plenty of battlefield anecdotes to put things into context. I'm definitely getting my money's worth here. Love every minute of it, including listening to the MP3s during the commute.

While the course provides a VM that has Snort and other software preconfigured for you, I decided to immediately apply my new knowledge and set up Snort both at work and home (I even paid for a personal subscription for the latest Snort rules for my home IDS). This can only strengthen my experience and my chances at passing the exam when the time comes. I will say though that IDS tuning is a pain. It's part of life. Like taxes. Boo. I knew about this going in, and now I get to suffer through it. Very magical. I highly recommend the experience as your admin-fu will only get better.

I'm still contemplating challenging the GAWN and would like to do the GCIH course, but I'm also eyeing the TCP/IP Weapons School at Black Hat. I may have to see if living off of ketchup sandwiches for the next couple of years is worth it...

dynamik

w0rd wrote: »

Hmm... I eat my words slightly. I stumbled upon this and was not aware of this beforehand...

"The renewal fee includes a current set of certification specific course materials should you choose to receive them. The updated course materials are available to you regardless of the renewal option(s) you utilize and will aid you in keeping your skill set current. You are responsible for shipping fees associated with receiving updated course materials."


That certainly justifies the renewal fee. Training fee is still high though. But this makes it slightly easier to swallow and pony up some money.

Bad marketing... that wording is somewhat buried on the FAQ page. They need to make that more well-known to people like myself who see the money required and then hit the back button.

Just get the GSE. Then all you have to do is pass the written every four years to keep all your GIAC certs current

docrice

dynamik wrote: »

Just get the GSE. Then all you have to do is pass the written every four years to keep all your GIAC certs current

Yeah, sure, sounds easy. Let me get right on that...

BTW, congratulations on your 12,345th post. It's exactly like the combination on my luggage.

Chris:/*

docrice wrote: »

Yeah, sure, sounds easy. Let me get right on that...

BTW, congratulations on your 12,345th post. It's exactly like the combination on my luggage.

I know who you are now President Skroob!

It was funny to read that from Dynamik though, but in reality that is the way I am eventually heading as well.

iVictor

Hi all,

I was planning to challenge exam and wondering if there is any discount code I can use while booking?

Also, how long does it take for exam and practice tests to get loaded to my portal account?

Please let me know.

Best Regards.

docrice

I think I might've read of instances where the course instructors gave out discount codes to attend the classes, but not for just the exam itself.

iVictor

docrice wrote: »

I think I might've read of instances where the course instructors gave out discount codes to attend the classes, but not for just the exam itself.

Ah ok. Any information on how soon do I get access to the exam & practice tests?

Thanks.

docrice

When I signed up for a SANS course in the past, they've always gotten to it on the first business day, or possibly the next. If you're impatient, you can always call them up and ask for a status update. They tend to expedite it.

iVictor

Waiting... just want to give SANS fellas some time before rushing in. Yea, I am impatient about this today n really want to get hold of practice tests as in like <now> heh.

iVictor

Update: Passed GCIH today.

One quick observation is few questions were tricky. I mean their english was really random. Finished all q in around two n a half hours. All in all, I learnt a lot n enjoyed it thoroughly.

iVictor

Why is SANS GSE fee so high! I mean GSE written exam is $399 but then the mandatory lab attempt, is $1199! A total of ~$1600.

It soo feels like $$$ milking out of candidates. To reach GSE level, at least 3 exams with 2 golds need to be done. That is, at least $2700 plus gold paper fees whatever it is. For those who plan to substitute 2 gold papers with respective exams, have a straight $ 4500 gone.

So, why can't SANS cut down on cost of GSE exam, written n lab both. They already have juiced out so much by the time a candidate meets the pre-requisites, isn't it?

Ah, I know my rants here will prolly get some flames, but I just want to know more thoughts / perspectives about this.

On a side note, My study plans for next GIAC cert are still holding their cosmos. It's too good a content to miss out on.

Chris:/*

A part of it is you have to have a location set up with a comparable team to work with. It is a specialized proctored exam unlike GIAC’s other certifications. The price also keeps people from doing it on a whim “Oh it is only $125 I can do it again next week if I fail.”

I personally consider it to be on the same level as a CCIE as such I expect similar costs but that is me. It is a bargain if you look at the MCM or MCA. No flames here just opinions, cheers.