SANS Security West 2014
Oh boy, here we go again. I just booked for FOR508 (Advanced Computer Forensic Analysis and Incident Response) at SANS Security West 2014 in San Diego, something I've been wanting to take for a long time now. As this is a newer version of the course revised in the last year or so, there's no OnDemand option for it.
http://www.sans.org/event/sans-security-west-2014/course/advanced-computer-forensic-analysis-incident-response
My other choice was FOR572 (Advanced Network Forensics and Analysis):
http://www.sans.org/event/sans-security-west-2014/course/advanced-network-forensics-analysis
However, since I've been focusing on network-related training over the last few years, dabbling back into the host-level side of the house (especially Windows) would be great for me. Many of the topics in 572 are also somewhat familiar to me and I figured I'd get more bang for the buck out of 508. Plus, there's also NetWars for digital forensics and incident response which might be a great departure from the normal NetWars I participated in last year.
My only other SANS conference experience was last year in Orlando:
http://www.techexams.net/forums/sans-institute-giac-certifications/87391-sec-560-sans-2013-orlando.html
and I remember coming back thinking that it was one of the most well-organized security conferences I've been to. The Vegas and Orlando annual conferences are SANS' largest, but Security West in San Diego is one of their sizable ones as well with a great line-up. Given the supreme jet lag going from the Bay Area to the other side of the country (plus the Daylight Savings added in), I decided to stick towards the Pacific Ocean this time around. I avoid the Vegas event since it's right between Black Hat/DEFCON and another vendor-specific security conference that I attend and I can only handle so much of Vegas.
Anyone else planning on attending?
http://www.sans.org/event/sans-security-west-2014/course/advanced-computer-forensic-analysis-incident-response
My other choice was FOR572 (Advanced Network Forensics and Analysis):
http://www.sans.org/event/sans-security-west-2014/course/advanced-network-forensics-analysis
However, since I've been focusing on network-related training over the last few years, dabbling back into the host-level side of the house (especially Windows) would be great for me. Many of the topics in 572 are also somewhat familiar to me and I figured I'd get more bang for the buck out of 508. Plus, there's also NetWars for digital forensics and incident response which might be a great departure from the normal NetWars I participated in last year.
My only other SANS conference experience was last year in Orlando:
http://www.techexams.net/forums/sans-institute-giac-certifications/87391-sec-560-sans-2013-orlando.html
and I remember coming back thinking that it was one of the most well-organized security conferences I've been to. The Vegas and Orlando annual conferences are SANS' largest, but Security West in San Diego is one of their sizable ones as well with a great line-up. Given the supreme jet lag going from the Bay Area to the other side of the country (plus the Daylight Savings added in), I decided to stick towards the Pacific Ocean this time around. I avoid the Vegas event since it's right between Black Hat/DEFCON and another vendor-specific security conference that I attend and I can only handle so much of Vegas.
Anyone else planning on attending?
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
JDMurray Admin Posts: 13,099 AdminSan Diego is definitely in my range, but I'm not sure of my training budget yet. FOR572 looks exactly what I need for the SOC work I'm doing now, but there's no corresponding GIAC exam! I should probably take SEC504 instead anyway.
-
docrice Member Posts: 1,706 ■■■■■■■■■■Sort of having second thoughts about 508. Although many people go straight to it and skip 408, I also wouldn't mind doing 408 first. On the other hand, I've taken the CHFI course seven years ago through Global Knowledge (before I even knew about the certification and EC-Council). I've read they don't exactly compare, so maybe I can just take 408 later? Reading over Matt's digitalforensicstips.com blog's got me thinking.
http://digitalforensicstips.com/2013/03/should-i-take-sans-408-or-508-part-1/
http://digitalforensicstips.com/2013/04/sans-508-compared-to-408-part-two-plus-a-side-of-610/
Or maybe I'll do a brain compression and take 408 OnDemand in March (when I'm finally going to allow myself to take days off from work after a year of pretty much going into the office everyday) and by May when Security West comes around, I'll be a bit more prepared. Or maybe this is mental suicide.
Wait, isn't training supposed to be vacation?Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JDMurray Admin Posts: 13,099 AdminWait, isn't training supposed to be vacation?
-
ajd86 Member Posts: 60 ■■□□□□□□□□Sort of having second thoughts about 508. Although many people go straight to it and skip 408, I also wouldn't mind doing 408 first. On the other hand, I've taken the CHFI course seven years ago through Global Knowledge (before I even knew about the certification and EC-Council). I've read they don't exactly compare, so maybe I can just take 408 later? Reading over Matt's digitalforensicstips.com blog's got me thinking.
Should I take SANS 408 or 508? (part 1) | Digital Forensics Tips
Second look at SANS 508 forensics course compared to 408 | Digital Forensics Tips
Or maybe I'll do a brain compression and take 408 OnDemand in March (when I'm finally going to allow myself to take days off from work after a year of pretty much going into the office everyday) and by May when Security West comes around, I'll be a bit more prepared. Or maybe this is mental suicide.
Wait, isn't training supposed to be vacation?
I took 408 at SANS CDI 2013 in December, and the instructor (Chad Tilbury) said that although many people take 508 without taking 408, he strongly feels these people don't get as much out of the course as those who have already taken 408. I don't know what CHFI covers, but that could be enough background info to make you comfortable in 508. -
Khaos1911 Member Posts: 366I'm all booked for SANS Security West 2014 where I'll be taking the GSEC bootcamp. I've never been to San Diego, so I'm getting in a day early to get into some debauchery! I'm sure I'll be to exhausted mentally to do much throughout the week.It'd be nice to meet and shake hands with a few of you "Techexamers."
-
docrice Member Posts: 1,706 ■■■■■■■■■■When I took the CHFI course back in 2007, much of the material wasn't necessarily new to me, but there was a lot of emphasis on process, chain of custody, and so forth in addition to all the tools. I also don't recall touching any topic relating to timelines. With that in mind, I really doubt that course would come close to providing the same depth as 408.
Which hints me that I should make efforts to go through 408 before I do 508 in May. This is akin to stuffing an elephant into a peanut jar while keeping both intact while trying to stay financially afloat.
Help. Me. Brain. Dying.
A Techexams meetup would be cool, assuming there's time in the packed conference schedule. With the evening talks and NetWars, there seems to be little spare time.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
chanakyajupudi Member Posts: 712408 is a heavy course mentally at least. Lots of information thrown at you. I took the class last year with Nick Klein in Bangalore, India. As a work study participant.
I intend doing the 508 this year in Sydney. I think doing the 508 is okay if you already have a few years of forensic experience under the belt.
408 will put your already known skills to a persepective or should I say the SANS perspective making the 508 an easy task ( not so easy though ).
Do let us know how the 508 goes in May ! Best of luck !Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
http://adarsh.amazonwebservices.ninja -
azmatt Member Posts: 114When I took the CHFI course back in 2007, much of the material wasn't necessarily new to me, but there was a lot of emphasis on process, chain of custody, and so forth in addition to all the tools. I also don't recall touching any topic relating to timelines. With that in mind, I really doubt that course would come close to providing the same depth as 408.
Which hints me that I should make efforts to go through 408 before I do 508 in May. This is akin to stuffing an elephant into a peanut jar while keeping both intact while trying to stay financially afloat.
Help. Me. Brain. Dying.
A Techexams meetup would be cool, assuming there's time in the packed conference schedule. With the evening talks and NetWars, there seems to be little spare time.
You'll dig the 408. It's all Windows all the time but I left that class feeling informed and very confident about examining Windows systems. It was FAR more in-depth than the class I took for my CHFI.
Plus, "free" write blocker! -
5ekurity Member Posts: 346 ■■■□□□□□□□There's a chance I will be going for the GSNA class with David Hoelzer. All depends on the work schedule and which event I can attend in person, be it Orlando, SD or SANSFIRE in Baltimore.
-
JDMurray Admin Posts: 13,099 AdminA Techexams meetup would be cool, assuming there's time in the packed conference schedule. With the evening talks and NetWars, there seems to be little spare time.
-
TBRAYS Member Posts: 267I took 408 at SANS CDI 2013 in December, and the instructor (Chad Tilbury) said that although many people take 508 without taking 408, he strongly feels these people don't get as much out of the course as those who have already taken 408. I don't know what CHFI covers, but that could be enough background info to make you comfortable in 508.
I was in the 408 class too with Chad Tilbury this past December at SANS CDI 2013.Bachelors of Science in Technical Management - Devry University
Masters of Information Systems Management with Enterprise Information Security - Walden University
Masters of Science in Information Assurance - Western Governors University
Masters of Science Cyber Security/Digital Forensics - University of South Florida -
docrice Member Posts: 1,706 ■■■■■■■■■■SANS Security West 2014 was excellent. Due to extenuating circumstances, I missed the last day and a half of class but otherwise the training was fantastic. Similar to FOR408, by the third day of FOR508 my head popped. At some point the brain can no longer absorb anything and has to make space by purging out old memory in some fashion. In this state, I was essentially on autopilot trying to keep up. When you overfill at a buffet, it hurts.
I got to attend a couple of talks which was informative. I also got to hang out with some old friends so I ended up missing the other evening talks. Since this isn't SANS in Orlando or Vegas, the number of vendors for the Lunch and Learn was small. The venue was pretty nice though (Manchester Grand Hyatt) and I wouldn't mind staying there again. The big San Diego firestorms were happening in the same week.
I'm done with SANS training for this year. Can't take anymore. In retrospect, I shouldn't have signed up for the GCFE and GCFA exams as I'm now over-committed.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Khaos1911 Member Posts: 366I have to agree. SANS Security West was pretty awesome. San Diego is a beautiful city with beautiful women and great food. That Lucha Libre place has the best burrito I've ever tasted in my life. It was my first SANS conference/bootcamp and I met a bunch of new people in the field. If you have a chance to take GSEC bootcamp, Keith Palmgren is awesome and quite entertaining. Now If I can just focus on absorbing the material from these books and making my index to go ahead and knock GSEC exam out, I'l be golden. Hopefully I get to work study/facilitate for GCIA or GCIH in August or September.
-
docrice Member Posts: 1,706 ■■■■■■■■■■Interesting. Your class was directly across the hall from mine.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/