Sans 2013

wmcglasswmcglass Junior MemberMember Posts: 13 ■□□□□□□□□□
I'll be at SANS 2013 this year in Orlando, taking the SEC505 course. Anyone else going?


  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    Great course. Took it last October. Jason Fossen is awesome.
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
    I also heard that Jason Fossen is nothing short of awesome, speaks fast, and will fill your brain quickly. 505 is another course I really want to take in the future, although maybe next year.

    I'll also be in Orlando taking 560 and this will be my first SANS conference since I've taken courses via OnDemand for all the other training I've been through with them. Looking at the schedule with the bonus sessions, it's going to be a really packed event. I don't know whether I should participate in NetWars or go to the nightly talks.

    I'm guessing that I'll arrive at the hotel on Saturday night and won't step out off the property until the conference is over and I check out on the following Saturday.
    Hopefully-useful stuff I've written:
  • azmattazmatt Senior Member Member Posts: 114
    I did one night of netwars in vegas last november (i couldnt do night two due to other obligations) but it's the most fun you can have with your clothes on. Pick that.
  • wmcglasswmcglass Junior Member Member Posts: 13 ■□□□□□□□□□
    Awesome! Glad to hear good things about Jason and 505. I am really looking forward to the W8 and Server 2012 coverage.

    I took the 560 course through OnDemand and really enjoyed it. I have an Ed Skoudis “Hack-Counter Hack” training course on my book shelf from 2002. He’s been doing this for a long time, and he’s a fun guy.

    I agree, the schedule with Bonus Sessions will be pretty crazy. It’s easy to make it a 9 to 9 kind of week.

    I’ll have to try the NetWars next time; I keep hearing good things.
  • ciscokid413ciscokid413 Junior Member Registered Users Posts: 2 ■□□□□□□□□□

    I was wondering if you had a digital copy of your index for the GCIH you would be willing to share. I was going to try and message you privately but there doesn't appear to be a function for that on this forum. I have all the books tabbed and haven't used an index before so I was just looking to see what was contained within some of the indexes people are using for this exam. If you do you can e-mail me through the forums. Thanks!
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    Threadjacking aside, indexes have been discussed here before. Did you try a search? I am confused if you are looking to discuss ideas on indexing or just plain down asking for a full index.
  • ciscokid413ciscokid413 Junior Member Registered Users Posts: 2 ■□□□□□□□□□
    Just looking for ideas. I only tripped across this site while looking around for different ways people are prepping for GIAC exams. Sorry for threadjacking I actually meant to post this in another thread that azmatt was actually discussing indexing for the GCIH.
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
    It looks like I'll be missing at least the first day of the conference. My flight got canceled due to weather problems. What a bummer.
    Hopefully-useful stuff I've written:
  • azmattazmatt Senior Member Member Posts: 114
    That blows! I hope the rest of the week is awesome.
  • azmattazmatt Senior Member Member Posts: 114
    My apologies for the thread jacking but since it was asked here, I'll answer it here.

    (Background: A few SANS conferences ago one of the TA's explained to me how he prepared his index and let me flip through one of his for a minute to see how the final product looked. I had never seen a in-depth index before so this really helped me out. I made one of my own and after my test I wrote a blog article where I described the process and took a few pics of sections of mine to try to demonstrate one way to make an index.)

    I actually just modified that blog post to state that I am unable to give out copies. I’ve gotten several emails from people saying that my post really helped them in their index creation and studies so I want to leave it up but also make it clear that it’s only to try to help those who are looking to make one of their own.

    The standard reason people list for not sharing the indexes is that they would be doing a disservice to the requester since the time consuming part of creating an index isn’t typing a few words, it’s going through the book page by page and scanning for key points. I 100% agree with that statement. That process is at least as valuable as the index itself on the test and for actually absorbing the knowledge for future use. I absolutely catch things in the books which I missed in class.

    A “Bonus” reason is that the index I show is made from books which are now approaching a year old and they update those things all the time. If “Student X” feels like they don’t have time to create a proper index so they’re going to find one online, that can end in disaster. They would now likely be going into the test without having studied through the books and with an index which contains outdated information and points them to the wrong places. A lot of smart people could get away with that but someone who really needed to study and was hoping that someone else’s index would be a “silver bullet” would likely be in big trouble and may waste hundreds of dollars on a test attempt they were ill prepared for.

    As always, a sincere best of luck!!!
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
    I agree that indexes should be personal, tailored to each specific student. When I create my indexes, I use them as a sanity-check to see which areas I still need brushing up on. For areas that I'm already familiar with, I might have a book / page reference but otherwise that's it. One of my strategies when taking the exam is to minimize the amount of book references and page-turning I have to do. The longer the index, the more it's going to increase my mental stress ... and consequently exam completion time. The real key is to know the material well enough that checking the book should be done for confirmation of your selected answers for which you aren't 100% sure of.

    My goal is to finish the exam in about two hours (assuming a four-hour exam). After that point, the intense concentration will fry my brain and there will probably be a steep drop-off in my performance. This is probably why an exam like the CISSP will just kill me. You have to know your limits and strategize accordingly.

    But again, know the material. Having the courseware and additional paper-based references is convenient, but time or stress will catch up to you to the point where it generally won't make up for lack of grasp on the covered exam topics.
    Hopefully-useful stuff I've written:
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
    So anyway, back to the topic at hand: SANS 2013 in Orlando. I just got back home a little while ago and this was a cross-country trip for me. My travel arrangements got screwed up in the beginning since my flight to Orlando (via Denver) got cancelled due to snow. I frantically rebooked for a flight the next day from a different airport. If there was no additional flight available that next day, I would've ended up canceling the entire trip since missing two full days of class would've made the whole event thing much less valuable from a cost perspective. I might as well just go OnDemand again if that were the case. The live instruction conference fees are not cheap.

    Once I got the travel arrangement issues out of the way, the week went smoothly. While this SANS conference isn't the scale of Black Hat or DEFCON, it was still sizable and I felt it was ran very smoothly. There were lots of students interested in security, the World Center Marriott was nice (not extravagant or ritzy, but relatively quite nice), and there was almost always something to do. You had a small area dedicated for SANS student Internet connection, the SANS store was front-and-center in the main hall where you could look at books, some small devices, and SANS memorabilia to peruse and purchase, the various courses were scattered throughout the conference center, and during the evening you had a variety of talks to keep you engaged.

    And then there was NetWars. I participated in this not knowing what it was all about. It was actually a lot of fun and quite accommodating, designed for complete first-timers to seasoned veterans. You're given a VMware-based VM that you run on your own laptop, you register to a portal, get your game credentials, and log into the scoring server to know what the challenge questions are. The folks running NetWars are there to help guide you if you're seriously stuck. I heard there were about 150 people participating. It probably explains why Metasploit was running really slowly by the time I got to one of the servers to try to get my next flag. If you don't have some basic Linux skills, NetWars is going to be pretty tough for you in the first two levels. I made it as far as Level 3 and didn't realize until then that I was apparently allowed to look things up on the Internet. If I had known that, I'd have hit Level 3 on my first day, but during the second evening I was exhausted and quit in the middle of the session as I had skipped lunch earlier.

    The first two days of the conference had a room dedicated a variety of infosec vendors / sponsors. I missed out on the first day, but passed through it on the second when I was there. As I had just been to the RSA conference, most of this was pretty much the same except at a much smaller scale.

    Each day of class has a coffee break in the morning and afternoon to keep caffeine going through your veins. Juice and some pastries are also provided. Unfortunately, lunch isn't included in the conference tab. Black Hat is also like this in Vegas this year for the first time as they're charging $50 a day for sit-down dining, which I think I'll pass on. The Marriott dining options aren't bad, but the variety overall was lacking.

    On Tuesday of the week, there were lunch-and-learn sessions which one could sign-up for (limited space). You'd choose to listen in on a presentation by a particular vendor and you'd get a free lunch (basic sandwich, chips, soda, fruit). The one I signed-up for wasn't particularly interesting as I'd hoped, unfortunately.

    One of the evening talks was with Jeff Frisk discussing the GIAC certification program. Although I'm not exactly unfamiliar with this topic, I decided to drop in and see if I could learn anything new. I used the opportunity to provide some feedback regarding the certification process, etc.. I also happened to meet Jeff Lake, the GIAC Technical Director and it was obvious to me that these guys are very open to comments and are committed to improving the program overall. They are very interested in providing a solid learning experience. We've commented on various aspects of SANS and GIAC in this forum and those have also been mirrored on other forums and mailing lists. GIAC is very aware of these issues.

    In summary, this was my first SANS conference that I've attended. The experience has been very positive, more so than I expected. It feels very immersive and considering that I was taking SEC-560, it was a lot of infosec-ness from every direction. The downside for me was that during my entire stay, my internal clock was still on west coast time and there were a few occasions where I somewhat dozed off during class. The daylight savings time change didn't help either, and plus my plane landed in Orlando on Monday around two in the morning. I don't recall if I got any sleep on the morning of my check-in. This didn't help, and the continuous stream of coffee only kept pushing the limits of my sleepy adrenaline further throughout the week.

    In short, I probably won't be attending another training conference if it's on the other side of the country. San Diego or Las Vegas would be much better since a single flight cancellation has much less potential to impact my itinerary. But if all SANS conferences are similar to my experience in Orlando, I very highly recommend going. If you love information security, this is it. Not cheap for sure, and justifying this to management might be a challenge depending on your organization, but it's certainly more than what you'd get by going to typical IT training vendors who happen to have courses with the word "security" in the title.
    Hopefully-useful stuff I've written:
  • ChooseLifeChooseLife Senior Member Member Posts: 941 ■■■■■■■□□□
    Excellent review of the conference experience, docrice!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    - discounted vouchers for certs
Sign In or Register to comment.