Questions on SANS On Demand Courses

WilliamK99

Hey all,
First a little about me, I am in the military and have worked in the IT field for about 16 years, about 9 years ago I moved to the Security side of the house and have been my unit's IAM and IASO for the past 5 years. I currently have the CISSP, CCNA, and a bunch of Comptia Certs. Among my duties over the past years have been working on DIACAP packages and serving as IAM in charge of security training for my unit.

I am starting to prepare for life outside the military and after getting a nice tax refund this year, convinced my wife to let me take a SANS course online via On Demand(She wouldn't let me go to SANS Vegas). The problem I have is which one should I take to help prepare myself for civilian life. I am open to staying in the military as a civilian, but haven't thought that far ahead yet.

With the courses costing 4000 a piece, I want to make sure I pick the right one. I was leaning towards MGT 512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ GLSC, as I prefer the management field, but have more experience as a technician, GSEC seems too basic for me, and seems to be too similar in scope to CISSP.

Does anyone have any advice? Thanks...

paul78

I would not suggest mgt 512. That is similar is isc2 ISSMP concentration for CISSP as I recall. There are other more focused technical courses fron SANs.
Perhaps you may want to wait and see where you land first. And what area of security you may want to focus onr.

JDMurray

Nobody will give you a management job if you have no management experience--even if you have completed SANS MGT 512. Instead, spend your money on what will definitely help you land your next civilian job as a tech. The CISSP is an excellent acquisition for both management and tech positions. If you are looking to get on with a defense contractor certifying systems, the (ISC)2 CAP is the cert to look at. If you are headed towards network security, continue on with Cisco and maybe add Juniper cert too. When your employer wants to promote you to management, the company will pay for all of your management training.

jlc512

I have the GLSC (MGMT 512) and CISSP along with other IT certificatios.

Like some of the other commenters said, people don't really hire based on certifications any more. For a few years there, I made a pretty good living teaching certification courses (MCSE stuff mostly) because so many thought they'd get into the field and make a lot of money if they just had the right cert. It sort of deflated the value of certifications. Yup, you'll have to start small, change jobs every few years and build a solid resume to get those jobs. To be sure, certifications help, but only when they are in support of actual experience. The entire industry (training and certification) is lying to us to sell their products. They imply you just sign up, send in the money, sit through the classes, and the great job comes knocking and it's just not so. Put yourself in the position of the employer and, maybe, a cert will help differentiate between you and another qualified candidate.

LET ME SAY THIS ABOUT SANS: Their big money earner is their crash courses and, frankly, nobody can absorb that stuff in 5 or 6 days - having taught a lot of very technical courses, let me assure EVERYONE is numb by Thursday. And definitely STAY AWAY from SANS' On Demand courses. Very expensive CRAP - poor quality and poor reliability. You'll spend more time trying to get them to work than studying them.

Always make sure a certification is in demand before you invest your time and money. Often the only people benefiting from a certification is the company selling it to you. It is the responsibility of the certifier (like SANS, ISC2, Microsoft, COMPTIA etc.) to promote the certification so that when you put it on your resume it means something. Most don't do very much on this front.

Don't mean to sound negative as I really like this stuff and enjoy teaching the classes but let me assure you many many people have wasted a lot of time and money to no real benefit.

I hope this post doesn't get deleted.

JDMurray

I understand why training companies sometimes oversell the ability of certifications to get people high-paying employment. Training companies do what they can into legally entice people to pay for their training. People often do not realize that the training company is not the certification provider, and that the cert provider is not responsible for the sales pitch of the training provider. So when people pay $$$$ to get that XYZ cert, but still cannot get a job paying the salary they want, they often blame the cert provider and not the training provider that gave them the (possibly false) hope in the first place.

SANS Training and GIAC certification are seen as the same thing, but they are not. They are two independent organizations that are business partners. You will not find any over-promotion or outrageous guarantees of employment and salaries by attending SANS training or from obtaining GIAC certification. These organizations rely on market research and personal testimonies of their customers for their assertions of their effectiveness. And from what I have seen, I can say the same of Microsoft, Cisco, CompTIA, and many other certification providers as well.

I have recently attended SANS training and become GIAC-certified. I walked out of a 6-day (58 hour) classroom course with six course books, six days worth of hand-typed notes, and four months of access to the slides, videos, full course lectures, module tests, and two GIAC practice exams found in the OnDemand course material. I used all of this to study for the course's associated GIAC certification, for which every student is given four months to prepare and complete. I felt all of that time and study material was much more than sufficient.

Your advice of, "Always make sure a certification is in demand before you invest your time and money" is right on the money. When it comes to getting a job, the bottom line is that you should only care about what hiring managers think, because they are the ones who will hire you, not the training or certification providers. If anyone seriously considers the opinions of people who are not in the position to hire you, then you are quite possibly banking on mis-information.

docrice

I agree that certifications in many cases don't lead to instant hirings (and they shouldn't). However, I'm of the complete opposite opinion when it comes to the quality of their courses, particularly via OnDemand. I can't speak for MGT 512, but I've been using OnDemand for years now and never really had any reliability problems. It provides a convenient option of taking their classes if I can't wait for an upcoming SANS event or don't have enough space in the budget for travel expenses.

SANS also has the widest coverage of infosec topics with some very good instructors. Unlike most other training and certification providers, SANS / GIAC isn't about getting you to learn all the intimate details and demonstrating them in an exam but rather somewhat replicating the real-world and applying fundamental principles taught in the courses on tests which allow you to look up specific details as needed. I'm kind of split on multiple-choice exams where there are no sims, but I see where they're coming from and from the macro perspective, these courses have helped a lot in my career.

Certification isn't just about being able to meet the demands of industry. They've helped me (and others) become further immersed in the subjects as an additional incentive to learn the material. Certs provide a paper credibility, but that's only part of the point. Coming out of the training experience with an overall better understanding is more critical. As a matter of fact, I'd say as someone working in private industry GIAC certs don't get mentioned as much as in the government sector. But regardless I think I've gained a lot by being GIAC-certified.

While there's a lot of discussion on this forum on GIAC certs and SANS training, I think it's a good approach to complement other training from other infosec training providers (Offensive Security, eLearnSecurity, events at Black Hat, Usenix Security, etc.). I'm taking an OnDemand right now (and will be attending their Orlando conference in March), and while I don't come out of the experience as an expert, it does help me become a better-informed amateur and puts me on a solid path to better myself. It helps that my current employer is willing to foot the bill for my recent training experiences (I've had to do it on my own previously), and as discussed here in the past, SANS tends to cater more to corporate / government entities who can afford training budgets for their staff.

dover

I'm going to have to respectfully disagree with jlc512 particularly about the OnDemand courses. While I'll agree that 5-6 day cram courses aren't the ideal method (for me) to master any material, I think they are great at providing a good foundation for learning more or as effective review/different perspective for topics that have already been studied. I studied for the CISSP independently for about eight months and wrapped up with four months of the SANS OnDemand CISSP review course before taking test.

I enjoyed the OnDemand experience. You get the audio tracks from the BEST SANS instructors for the topic at hand and you can go at your own pace. Taking the time to do the labs -and creating your own - is the only way to turn information into skills.

Like Doc said, I think SANS courses and GIAC certs are like any other - you aren't going to magically become a subject-matter expert at the end of the course/cert exam but you will have a solid foundation to become one - if you are willing work hard.

As in all things, you get out of something exactly what you put into it.

iota

JDMurray wrote: »

Nobody will give you a management job if you have no management experience--even if you have completed SANS MGT 512. Instead, spend your money on what will definitely help you land your next civilian job as a tech. The CISSP is an excellent acquisition for both management and tech positions. If you are looking to get on with a defense contractor certifying systems, the (ISC)2 CAP is the cert to look at. If you are headed towards network security, continue on with Cisco and maybe add Juniper cert too. When your employer wants to promote you to management, the company will pay for all of your management training.

Your posts make a lot of sense each time I browse the forums. Thanks for the wise thoughts you put in for forum members.