How many of you are actually using your knowledge.......

JasionoJasiono Member Posts: 896 ■■■■□□□□□□
How many of you are actually using your knowledge you obtained from attending/taking a cert through SANs?

This is the first time I have gotten a cert and IMMEDIATELY used what I learned, on the job. Very nice. I'm feeling very accomplished and extremely optimistic about my next one.

Comments

  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    I have quite a few of these certs and have taken even more courses than I do have the certs.

    I use them literally everyday. Maybe not all of them per day, but I dabble in the material from time to time. If you are a DFIR person, take Red Team certs. If you are Red Team, take Blue Team. If you are Blue Team, take Red Team. If you are Management, take Legal/Auditing. If you are Legal, take Forensics. They all coincide with one another in a weave if you have the funds that you learn on top of one another more information than what the other class left you with. I've used tools for SEC560 that I learned in FOR572. I've used knowledge gained about File Systems from FOR508 and FOR500 in a matter where FOR660 came into play.

    Here is my caveat with these types of courses though. If you are NOT going to be 100% engaged in the material + labs, then don't even bother. If you're just trying to get 3-5 Letters for a cert after your name, don't even bother. What is learned from these classes is so much more beneficial than that. Be grateful that you get to attend one, because I know hundreds of folks who's best training course they get to take is an EC-Counsel Bootcamp or a Vendor training.
  • al88al88 Member Posts: 62 ■■■□□□□□□□
    Exactly what Randy said, my two cents about that are:

    - I've my indexes on my office, if I'm not using them in my new tasks or even to at least share knowledge among my colleagues.. then I'm not utilizing my training/cert well.
    (Hence why you should take your time in making an index with quality.. you will need your reference to make sense instantly (during an exam or a year after during an incident) without referring to the books)

    - If you were really engaged in the course while attending or studying, you will have some sense of situational awareness. That sense will be triggered when you are in the middle of an investigation where you will feel like what make sense and what not then connect the dots.
    (That's why I always say SANS training is really about the experience you are in .. rather than knowledge you will get instantly. Something i can't say I've gained with others institutions or at least rarely)
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Hmm tough question...I used my knowledge in FOR508, I had to do some memory forensics..I also used my knowledge to stop guys from doing memory forensics when I decided it's pointless for the task in hand.

    I guess I'm not directly using the knowledge, but it all made me understand things so much more. I was planning to become a pentester so GPEN would've been crucial but then I changed my mind.

    Agree with Randy, one has to be grateful for this opportunity. Most people don't get this chance.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    when i do SANS training i am literally emailing my coworkers DURING the training to tell them what to start working on, looking for, etc. i use SANS training extensively from literally the first day of training,and so do my peeps.
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    Did FOR610, using everything that was taught. Lenny was great too, really recommend the course.
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    OH no, I'm not just going out for these just to have on my resume. Apologies if it came off that way.

    I was trying everything to get into the security field and got certs on the way, but those certs I took to get here helps me research what I need.

    I recently went to a SANs course, got certified, but started using that knowledge immediately upon my return and I absolutely love it. It's very valuable to me.

    Right now I'm tailoring my SANs path to what I'll be doing for the company I work for. Next up is SEC542 - Web App Pen Testing :D

    I guess I'm just extremely happy with finally starting my career and starting it properly (been in it for a year now), and happy that I get to apply anything I learn now toward my job.

    I'm like a kid during Christmas lol
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I have been able to use knowledge from both SEC503/504 on the job. I have even went back to the material on a few occasions (504 books during a red team exercise and 503 books while working in the NIDS).

    My colleagues have taken a range of SANS courses and they have all been able to use that knowledge to perform our SOC duties. We also keep our course material in the office for others to reference. Others are currently making use of my SANS, ISACA, and (ISC)2 books while I plan to use someone's Scrum book soon.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • sb97sb97 Member Posts: 109
    GCIA -> I rarely work on any IDS/IPS alerts anymore. Generally, I only get involved with these if we are short-handed.
    GICSP -> Never, I used to work for a MSSP and one of our clients sent us to this training while it was still in Beta. When I was changing jobs 3 years ago I did get a couple of recruiters reach out to me to work in the ICS space.
    GCFE -> I do a lot of insider threat work. I have been called in to validate the alerts on a number of occasions. I would not have been able to do my job without this training.
    GCFA -> I get asked to triage a number of systems for malware. I regularly use some of the methods described in this class.
  • sb97sb97 Member Posts: 109
    al88 wrote: »
    Exactly what Randy said, my two cents about that are:

    - I've my indexes on my office, if I'm not using them in my new tasks or even to at least share knowledge among my colleagues.. then I'm not utilizing my training/cert well.
    (Hence why you should take your time in making an index with quality.. you will need your reference to make sense instantly (during an exam or a year after during an incident) without referring to the books)

    - If you were really engaged in the course while attending or studying, you will have some sense of situational awareness. That sense will be triggered when you are in the middle of an investigation where you will feel like what make sense and what not then connect the dots.
    (That's why I always say SANS training is really about the experience you are in .. rather than knowledge you will get instantly. Something i can't say I've gained with others institutions or at least rarely)
    I don't have my index at work but I do have the "evidence of" and "find evil" posters. I also have a SIFT reference sheet.
  • HornswogglerHornswoggler Member Posts: 63 ■■□□□□□□□□
    Every. Single. Day.

    I learned (lots of) things in the GPEN class that weren't covered in the OSCP. Yesterday I was mocking up a lab at home, had trouble elevating to system, and remembered the trick Ed taught us to background the session and use a Bypass UAC exploit for an elevated meterpreter sessions... and it worked! When it comes to the scoping, reporting, and relating to the business, I use that all the time. Sadly more business than hacking. While one can learn these things via other ways, SANS training makes it easy and applicable.
    2018: Linux+, eWPT/GWAPT
Sign In or Register to comment.