Where is SANS' competition?

SephStorm

I was thinking tonight, one of the reasons SANS is so expensive has to be because it has a cornerstone of this area of the market. The question that comes to mind, why is no-one else stepping up to fill it? It seems like theres this huge gap between the vendor specific training, entry point training SANS and then the smaller offensive security training providers (ELS, OFFSEC,ETC.) Anyone have any idea why no one else has emerged as a SANS competitor overall?

docrice

I'd guess because 1) the pool of really dedicated infosec professionals available to make this happen are relatively-limited and 2) it takes enormous resources to build the foundations for a comprehensive training infrastructure. Since the content for infosec training is itself a moving target, this makes development and maintenance of courses expensive by design, especially if you want to ensure they maintain relevancy.

With all the FUD in the news about digital security and "hackers," sooner or later we'll have more training establishments come to fruition. SANS has been in this space for a long time though so it's really hard to collect the resources necessary to compete against SANS as a whole. I think the niche providers like OffSec and eLearnSecurity are examples of groups who can bring good value small increments at a time.

Good infosec professionals are hard to find. Good infosec instructors with field experience and actual availability to help out are probably even harder to find. I think most of us want to give back to the community, but our day-to-day work really limits the amount of effort we can put in since we're constantly battling yet another fire in the house and there seems to be no end to the war in sight. I'd love to help out in a meaningful way, but I also recognize whatever I do must add real value because if there's one thing every security professional wants but can't buy, it's more hours on the clock.

5ekurity

I think you are spot on doc. We all know how fast the knowledge of today is outdated by the developments of tomorrow, and SANS provides that unique value in continuously updating their course content which is a monumental task in and of itself.

eLearn is great, but some of their example material, while relevant, is from older versions of software from 2-3 years ago. eLearn is also a fraction of the price compared to SANS, and I agree that they do bring value at the reduced price and greater 'accessibility' for those who can't afford a $5,000 class.

JDMurray

People tend to think of SANS as only a security education and training company. SANS also does security monitoring, research, and consultation. Also, not many training providers have an accredited Masters degree program. SANS' parent company, Escal Institute of Advanced Technologies, has a reported annual sales of over $30M (per Dun & Bradstreet). SANS is in a very different areas of business than other IT security training/certification providers.

colemic

Come on fellas, we all know that SANS doesn't hold a candle to the world-famous EC-Council! http://www.eccouncil.org/ceh-vs-sans

SephStorm

Lol, I totally forgot about this thread. Thanks for the replies. Interesting all around.