SANS extension fee

What a joke. Needed to get an extension on their already ridiculously overpriced exams. They want $250 just to extend for 45 days

.... I wont be taking another sans cert unless my company pays for it and all tests.

Find more posts tagged with

Comments

cyberguypr

Ouch! That hurts.

laughing_man

Everything SANS related these days seems to be a money grab. Used to be that retakes were $199, now they are $500. Not sure about the extensions, but I knew they were $250. Plus, in the old days, most of the certs had a written, essay portion where the student wrote a minimum 8 page paper. Those have been dropped as required, but are now optional (Gold level or something) and they cost $350.

Basically everything is parsed out and has an associated cost.

beads

Yeah, SANS needs to be able to pay for all those work at home folks that you don't necessarily see. Developers, call center, managers, etc. Its really become quite a large organization behind the curtains, so to say.

docrice

There was a similar discussion recently on another forum about the cost of SANS training and associated GIAC certification exams. Keep in mind that SANS is a for-profit organization. I'd imagine that some of the reasons why they're able to justify the costs are due to the frequency of updates to their courses (several times a year from what I understand), practically-experienced and engaging instructors, the relative breadth of training offerings which is generally considered high-caliber (although I could also argue that most of their exams are purely multiple-choice tests which aren't as difficult as "live, hands-on" variations like Offensive Security's), and the delivery options available. I can't think of any other training provider that focuses exclusively in the security space covering traditional defense subjects as well as offensive, development, legal, and management topics. The amount of material you get in a single course is also quite sizable.

I'd also hazard a guess that due to the increasing emphasis regarding cybersecurity in both public and private sectors, there's a growing demand for SANS training. As mentioned a number of times in other threads, SANS doesn't really cater to individuals but rather to larger organizations who send out at least several people to training at once. I've never worked for an organization who would do that, but that's what I hear. Also, unlike vendor-based training where the training fees complements the sales of vendor equipment, SANS' only bread-and-butter is their training. They also support other initiatives like the Internet Storm Center, etc..

In the previous incarnation of GIAC certifications, you had to pass the written exam and write a paper. Only after that you got your GIAC certification status. Then they decided to split it up so passing the written gets you Silver status and if you optionally also wrote a paper on the same subject as what the exam covered, you get Gold status. Was it to make the certification more accessible to a wider audience, or a way to dig deeper into your pocket? You decide.

I personally haven't written a Gold paper yet, therefore I don't really consider my GIAC certifications all that credible, at least when measured by the traditional benchmark. In the end it's all about what I've gained knowledge-wise. The training has helped align many things into perspective for me. For most people in the private sector, I suspect the certs don't really help that much from a resume presentation perspective.

I will say though that overall my experience with SANS has been great. Even calling them up and asking questions has always resulted in a quick answer or at least a diligent response with attentive follow-up. Their customer experience is actually quite good. Their OnDemand has been a very convenient training option and provides a decent mock-up of live instruction without having to incur travel costs. There are minor areas which could be better, but overall I've never gotten the feeling from the specific courses that I've taken that it's all about passing an exam (which would be more of a secondary emphasis, with the primary being actually learning the material). I wish there was non-SANS material to study with to challenge the GIAC exams, but it looks like the exams generally model after the course material.

I agree that the costs are hard to swallow. I had to make a lot of sacrifices to absorb the costs myself and it's very understandable that SANS and GIAC is out of reach for many. GIAC certifications on my resume may or may not have helped in landing me my last two security positions (I suspect not in my case for a number of reasons). Most (non-SANS) live-instruction classroom training generally costs about the same though, but I wish the SANS self-study options were discounted more heavily. Perhaps the exclusiveness of the course material allows them to charge as much as they do.

Sorry, didn't mean to write an essay. I'm going to sleep now...

JDMurray

docrice wrote: »

I wish there was non-SANS material to study with to challenge the GIAC exams, but it looks like the exams generally model after the course material.

I'm sure that book publishers have approached SANS with the idea of producing a set of official study guides for the GIAC certs, but SANS/GIAC have obviously decided not to do that (yet). Now I'm wondering why authors/publishers don't come out with a product line of "SANS GIAC Certs Study Guide: The Unauthorized Editions." There's certainly a market for such books, and would contain so much information they'd be worth buying for people not interested in the certs. Or maybe I'm wrong, and publishers running the marketing numbers have determined that there's too few potential buyers to offset the cost of producing GIAC cert study guides. Still, you would think at least one publisher would try it and risk a loss.

ipchain

With SANS being a for-profit organization, I don't foresee to see any 'Study Guides' out there in the near future. Heck, they cannot even provide color books for a 4k course, go figure. However, they have resources to send out quite a bit of marketing material printed in high quality paper in FULL colors.

I'll never understand that...at least I know where my dollars are going.

beads

With that you'd think they could normalize their databases as to not send me 2-3 copies of the same materials over and over again.

- beads

reppgoa

welp, I got my extension..... I went to the testing center and was about halfway through the test when GIAC's server kicked offline and booted anyone taking a GIAC exam out. I was given a "complimentary" 30 day extension.

On a side note, I was doing well, something like 87% after 90 question checkpoint, but I was dismayed to find may questions that were NO WHERE in the material provided. Thank god I brought a Linux and Windows book along as well. Some of the Linux questions were really obscure.

docrice

Stopped by the SANS booth at the RSA Conference over the last couple of days. While they have a presence at the show, they were located way out in the corner where all folks with the smaller marketing budgets were set up.

JDMurray

Is O'Reilly book pub there? I'm wondering if they are in the "cheap seats" near the SANS booth, or are in a more expensive area. I'm not with what importance O'Reilly regards the RSA show.

reppgoa

@docrice and JD,

Is it your opinion that SANS certs are mainly for the federal space? What would you recommend for someone in the private arena as far as security certs?

beads

DOD 8570 certainly gets more than its fair share of attention of late but I wouldn't say that SANS training is limited to only the DOD space. Most folks I have run into at conferences have been civilian in nature. That being said I haven't attended any of the larger Las Vegas or SANSFire shows, just Chicago conferences.

Having just recently gone through the joy of changing positions (job search) after 12 years I can tell you that civilian HR types, at least, gobble up SANS training/certs just as well as any other IT Security certification.

- beads

docrice

JDMurray wrote: »

Is O'Reilly book pub there? I'm wondering if they are in the "cheap seats" near the SANS booth, or are in a more expensive area. I'm not with what importance O'Reilly regards the RSA show.

I don't think they are at RSA. I saw a couple of other training providers (including Global Knowledge), but that was it as far as I can remember.

reppgoa wrote: »

Is it your opinion that SANS certs are mainly for the federal space? What would you recommend for someone in the private arena as far as security certs?

I think there's probably more emphasis (or HR recognition) on SANS in the government space, but my previous statement was about "resume attraction." There are private industry organizations who recognize GIAC certs as well. There are quite a few people in the private sector who hold GIAC credentials, if I can believe what the alphabet soup implies on all these business cards.

JDMurray

reppgoa wrote: »

Is it your opinion that SANS certs are mainly for the federal space?

No, there are very few SANS courses or GIAC certs that are targeted specifically at the Federal and DoD space. A cert being on the DoD 8570.01 list does not make it a "Federal cert." Instead, it means that the Feds have servers and routers and security problems just like in the private sector.

reppgoa wrote: »

What would you recommend for someone in the private arena as far as security certs?

It depends on what area(s) of InfoSec you are looking to make a career in. Look on the job boards for the kind of work you want to do and see what certs are listed in the job postings. CISSP will be near the top of the most desirable security certs.

laughing_man

Yeah 4k for black and white books with no indexes. Granted, I know they encrourage you to make the index, which ensures you at least skimmed the material (plus it is a good study tactic), but it does seem a bit cheap.

Finishing up GSEC now and getting ready to sit for the exam soon. My company required that I pass GSEC in my first 2 years of employment. I did purchase an extension, so I really only contributed $250 to the course, not the full 5K or whatever. Decent material, especially for someone new to security.

intelinarizona

I went to SANs New Orleans in Jan/Feb (don’t remember) and took 504 Intrusion Analysis. Though the course was great and worth the almost 5,000 my company shelled out +room/board to send me. There was a lot of material and it was well represented in the book. The exam was surely alot different from Comptia's or CCNA and though it was open book, was very stressful. If my wife and I had not created a 10 page table of contents the night prior I would have failed for sure. I had to reference it for almost 85% of the test. I did not do to much study which is a fault of mine, but still passed. I enjoyed the SANS experience, and if I can get my new company to send me back there are a bunch of different courses I would want to attend. Mike Poor is one of the best technical instructors and experienced security experts I have ever met, and if you have a chance to interface with him I surely recommend it!

JDMurray

When you take a GIAC exam in a CBT testing center, are you allowed to get up to stretch, move around, and go to the bathroom? Or are you required to sit at the terminal for the entire time it take you to complete the exam?

docrice

I'm not sure how different the rules are with the newer 90-minute exam format, but in the old format you were allowed a single 15-minute break which pauses the exam. However, any question that you marked skipped (I think it was up to 5 questions) you had to answer before the break. I don't recall if the rules explicitly state whether you should stay in your chair for the rest of the time. I'd assume so since there may be others taking the same exam nearby.

sexion8

When I got my GREM, I was not allowed to take any breaks nor did I want to. Unsure if this was the policy of the proctor or from SANS but it was a question I had asked. I mentioned "What if I needed to go potty" to which I was told I could have no more than 5 minutes. Again, unsure if this was the policy of the proctor or via way of SANS - this was last year

tpatt100

I always wanted to take some of the SANS exams but with no third party books and the exams being so expensive no thanks.

rwmidl

JDMurray wrote: »

When you take a GIAC exam in a CBT testing center, are you allowed to get up to stretch, move around, and go to the bathroom? Or are you required to sit at the terminal for the entire time it take you to complete the exam?

I recall being able to "pause" the exam to take a bathroom break/stretch.