Security traning courses
ChooseLife
Senior MemberMember Posts: 941 ■■■■■■■□□□
Hi everyone,
Our manager is entertaining the idea of sending some of us into security training and asked me for suggestions of what's available out there besides the famous SANS courses.
Target audience: seasoned sysadmins
Format: online, bootcamp, or corporate on-site
Study goals: defensive side, security-focused approach to sysadminning, best practices for network/systems design and operations, server hardening, proactive monitoring, and so on.
Priorities: Best quality and/or value for the money
So far I've identified SANS GIAC, EC-Council, and InfoSecurity Institute courses. Particularly, EC-Council's NSA program and Network Defense two-day workshops look attractive, but I'm unsure about their quality.
EC-Council - Network Security Administrator
EC-Council - Certified Security Analyst
SANS GIAC - GCED - Advanced Security Essentials - Enterprise Defender
SANS GIAC - GCWN - Securing Windows
SANS GIAC - GCUX - Securing Linux/Unix
InfoSec Institute - Security Architecture and Assessment
InfoSec Institute - Assessing & Securing the Perimeter
Any other good training classes out there?
What are your thoughts on the courses listed above?
Our manager is entertaining the idea of sending some of us into security training and asked me for suggestions of what's available out there besides the famous SANS courses.
Target audience: seasoned sysadmins
Format: online, bootcamp, or corporate on-site
Study goals: defensive side, security-focused approach to sysadminning, best practices for network/systems design and operations, server hardening, proactive monitoring, and so on.
Priorities: Best quality and/or value for the money
So far I've identified SANS GIAC, EC-Council, and InfoSecurity Institute courses. Particularly, EC-Council's NSA program and Network Defense two-day workshops look attractive, but I'm unsure about their quality.
EC-Council - Network Security Administrator
EC-Council Certificate series - Network DefenseCourse Description
This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.
EC-Council - Certified Security Analyst
SANS GIAC - GCED - Advanced Security Essentials - Enterprise Defender
SANS GIAC - GCWN - Securing Windows
SANS GIAC - GCUX - Securing Linux/Unix
InfoSec Institute - Security Architecture and Assessment
InfoSec Institute - Assessing & Securing the Perimeter
Any other good training classes out there?
What are your thoughts on the courses listed above?
“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs
GetCertified4Less - discounted vouchers for certs
Comments
CCSP (Cisco)
Security+
My 2 cents
The mind is the limit. As long as the mind can envision the fact that you can do something, you can do it, as long as you really believe 100 percent. - Arnold Schwarzenegger
Too basic
Our team does server management and does not deal with network equipment (I do in my other role, and will be going after CCSP later, but that's a different discussion)
From what I've read, the certification (and therefore associated training) does not go deep enough on the technical side...
Thanks for the opinion.
I'm sure SANS courses are the best of the bunch, but still trying to figure out some cheaper alternatives.
GetCertified4Less - discounted vouchers for certs
Information Security Certifications by Offensive Security
ESecurityOnline is also great. I know a few people that have taken their course:
eLearnSecurity : Penetration testing and IT Security courses
Again this is another pen tester type course, but Joe McCray is the man:
Courses | Learn Security Online
If you are on Linux servers / system admins....Red Hat makes a decent set of security courses that can be applied to any Red Hat/Centos/Fedora system as well:
https://www.redhat.com/certification/rhcss/
SE Notebook
The RedHat security course looks pretty decent. We just happen to use a non-RH-based distro, otherwise I'd definitely propose this course to the management...
GetCertified4Less - discounted vouchers for certs
Ec-Council Certificate: I've never heard of it. I can say that it likely will have little future viability, IMO.
SANS: IMO, all of these require previous knowledge. This is based purely as an outsider, but i've never seen someone go straight after any of those, some of the GIAC guys here might have a better opinion.
The last two seem interesting. I am currently in an ISI course, and they are legit. Good material.
One thing I would look into, is vendor specific training, even without a cert attached. Intrusion Detection classes, or Firewall administration, Global Knowledge has a few courses I would look at:
Defending Windows Networks
Security Defending Windows Networks at Global Knowledge
Cybersecurity Foundations
Security Cybersecurity Foundations at Global Knowledge
theres actually a whole list:
Security Training : Global Knowledge's IT security courses include cybersecurity, CompTIA, Certified Ethical Hacker, and more.
Yes, most certainly, in this case the focus is on the quality of training and not on finding one associated with some cert. I have no problems with doing self-study for certs and to be honest feel like most cert-focused training is a rip-off in terms of price/value ratio, so when the employer volunteers to budget some money for my training, I want to put it to good use.
GetCertified4Less - discounted vouchers for certs
If you do go with them report back after the training and let us know how it went and any feedback you might have.
SE Notebook
SANS courses aren't that much more expensive and are in most cases vendor-neutral. They're generally slide-based and may include some labs. The content is generally very good, but if you're looking for something that's straight lab-based, then the Global Knowledge offering mentioned previously might suit you better.
Another option would be to have one of your team members do a SANS, another do a Global Knowledge, another do EC-Council, etc.. While you are generally legally restricted from sharing class materials with each other afterwards, you could perhaps share ideas and notes from what has been learned.
I will be taking the Foundstone Ultimate Hacking course at Black Hat this year so I will let you know what I think.
I am also very interested in Defensive security training so these are good options. Keep'em coming!
Next Up: Linux+/RHCSA, GCIA
Yes! If anyone knows of other good defensive courses, please do add to the thread.
GetCertified4Less - discounted vouchers for certs
GetCertified4Less - discounted vouchers for certs
I would like to hear back on this, I saw their classes on GK, but I got the feeling they aren't attended much.
SE Notebook
InfoSec Institute recently acquired Intense School. Their phone system says "Welcome to Intense School", which triggered an alarm in my head, because of some strongly negative reviews of Intense School on this board. Nevertheless, their staff were professional and intimately familiar with programs they were offering and I was fully satisfied with the level of customer service, so my concerns over Intense School disappeared by the end of the conversation.
The interesting thing about EC-Council's training is that they have two online formats - iWeek and iClass. iWeek is online live training, 5-day, 9 to 5 MT schedule, and I was told that these classes generally run for ~$2500. iClass is self-paced online training with lectures recorded in iWeek sessions and thus identical in content (but not in interaction, I presume). Access is given for 1 year. iClass runs for ~$1400.
GetCertified4Less - discounted vouchers for certs
The Training Camp (A+, Net+): My introduction to boot camps, what an experience, long days filled with learning with IT focused individuals in a good isolated environment. Good company and I went into the exams confident in my ability to pass the exams and retain the knowledge, most of which I retained years down the line. Pros- The price of the camp included the hotel stay, trust me, I would recommend that all camps do this, it makes managing your training budget SOO much easier. Today this is an optional add on not included by default, but I think they have a better rate than the "discounted rates" offered by most training companies.
SANS (GCIH-Online): I loved this course, my only regret being that I could not attend in person, and I couldnt get the time off to actually attend the class daily like I wanted. This, more than anything is why I still havent taken the GCIH. con- The online method I had took place over an extended period, like 2 months? So I couldnt take the time off. (they could have let me come in late those days but no....) try to work this out with your company.
Intense School/ISI (CEH/CPT): I took this course online and I have to say, I enjoyed the content of the course. Engaging material and a knowledgeable instructor. Honestly I think they have a decent online program, and the prices are right for online, but I think I just prefer live environments. I will say that I fully recommend their CPT/CEPT practical certifications
Intense School/ISI (CCNA/CCNA Security): I am in this program now, and my feelings are mixed. pro's-The company was willing to work with me on getting the materials shipped to my overseas location, and when the CCNA Sec exam expired they offered to ship me the new cisco press book, when I brought it up. The videos are very interesting in the fact that they defiantly spend time laying out and explaining the OSI model and the other subjects, I think there is a video for each layer, about 45-60 min. This can defiantly be a benefit over reading a few lines of Odom.
Global Knowledge: I have yet to take training through them but I really want to (anyone want to sponsor me? I'll give a full review!) They have an amazing number of courses and it looks like they run fairly often. Some of the training is hard to find elsewhere, and they have really good deals and discounts (for gov/mil, you can take a $3500 for $2500!!) including bogo's and free appliances for their checkpoint courses. They also have technology based courses that are seemingly geared more towards teaching a technology (hands on?) rather than a certification. (though they may line up). For example:
Certification Path
MCITP: Server Administrator / MCSA: Windows Server 2008 Boot Camp
MCITP: Server and Enterprise Administrator Combo Boot Camp
Skills-Building Path
Exam 70-640
Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services (M6425)
Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory (M6426)
[h=4]Two Paths To Take[/h] Certification Path - If your primary focus is obtaining your certification quickly, we offer Boot Camps to prepare experienced students for all the exams they will need to take.
Skills-Building Path - If your focus is on building your skills first, we offer individual courses that both train you for the real world and provide content covered in the exams.
Security University (QND)- A smaller company than most, but perhaps not as small as you would expect, You will probably be pleased to meet the CEO of the company during your stay and you will see her over the course of your class, I was suprised to see her setting up classrooms with instuctors, getting the food and coffee ready. Her instructors are knowledgable, and approachable. This company provides mostly security courses built around a line of SU certifications, roughly in line with the EC-Council line they also offer vendor certifications I remember there was a wireless class going on at the same time, I think it was WCNA/CP. pros-Many. Having payed for my course with the GI Bill the course felt "free" to me. Trust me that is a relief. It says something that the company was willing to take the time to be eligible for VA funding in this way, few do, and most are a hastle to try to set up the process, or try to limit your use of the program. For me the process was simple, and I was able to take an enjoyable course with a practical exam. cons- nothing significant that I can think of about the company itself, except the website needs a little work.
the learning tree: took a work sponsored share point class through them years ago. decent class, learned a bit, though it was mostly a power user level class, the techs spent most of the week "hacking" each others sharepoint portals and changing backrounds and other stuff. (the hacking was logging in with the default pws assigned to the class). The instructor got in on it in the last day I think.
CED Solutions: Expensive, but intriguing. The offer round trip airfare and lodging at some locations. This can equal big savings! Based on what I can see, this is a pure boot camp experience (minus the brain **** to my knowledge). Long courses, and combined certifications (MCITP SA/EA+CCNA/CCDA, CEH+CHFI+ECSA, ect) This can make for one heck of a 2 week vacation. Pro- The longer class time can equal more retained knowledge for many students.
Words of advice:
If you, like me are paying for training out of pocket, I believe that self-study is useful you can prep for your course, and sometimes, may find that you have studied to the point of not needing to pay for an expensive course. Your biggest enemy is time and motivation, if you have these, you can train yourself to learn many skills, and of course many certs. I am ideally a professor of instructor led training, so I offer this advice.
Planning: plan your expenses, find the cheapest travel options, consider the cost of plane tickets vs driving to the camp location, it can be useful to have the use of a vehicle, so if you plan to fly, consider a rental. For some courses you my not want to have the distraction, but it can be useful. Lodging- If the cost of lodging isnt included, make sure you do your research. most training providers will have discounted rates. But you can increase your savings by checking into a discount hotel or motel that costs 60 bucks a night vs $100 at "discount". This really adds up when combining courses or courses over 5-6 days. You can also save if you can cut things from the "included" cost of the course. While I dont imagine you could have them cut the cost of foods provided for the guests, you could purchase your own vouchers (or have them payed for by WGU or some other method...
So there it is, the combined knowledge of my boot camp experience, I hope this provided some useful insight.
GetCertified4Less - discounted vouchers for certs