Thoughts on becoming a SANS instructor?

UnixGuyUnixGuy Are we having fun yet?Mod Posts: 4,341 Mod
I'm thinking of applying to becoming a SANS instructor

This thread isn't about the process of becoming one, but more so about what you think about becoming one

is it a good career move? is it viable to do it while holding a full time job?


Have you had chats with SANS instructor about their experience being instructors?

I like the idea because it'll enable me to become more independent consultant (in the future...)


Thoughts? ideas?
Certs: GPEN, GCFA, CISM, CRISC, RHCE
In Progress: MBA

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,437 Admin
    edited July 7
    I've known three people who have become SANS instructors; two quit and the other is dead. :D Although that's true, I've been told first-hand that it's a very tough part-time job. You need to find great satisfaction in teaching to stick with it. There are no full-time SANS instructors; having a full-time professional InfoSec career is a requirement of all SANS instructors.
    Besides being extremely well-versed on the course material, you must have lots of energy, likability (we use to call it charisma), a good coordinator of people and things, and have a voice that carries well. You also need to be free days/nights/weekends to take teaching assignments when they are given to you, as you start at the bottom of the SANS teaching food chain.

    I'd love to hear what the SANS work study members here at TE have been told by SANS instructors about their experiences.

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    Thanks JD!

    I'd like to think I have charisma as I've trained people before

    but the availability thing is tricky as I prefer to have a fair of autonomy. I wonder if I can start 'slow'....


    I think it's a great way to build your personal 'brand', but I also i don't mind have bigger teaching load that I can balance with some shrot term contracts or run my own business.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,437 Admin
    I wonder if any SANS instructors have produced a video about teaching and talked about their own SANS experience. It seems John Strand may have done just that.
  • scascscasc Member Posts: 414 ■■■■■■□□□□
    I think if you can do it, a great idea. Great to network and build your name too. However, it is pretty draining. I know someone who writes part of the Forensic track and is a teacher now, was a TA previously and he mentioned deadlines are pretty demanding. Lots of effort. I have been speaking with them myself in order to write a cloud security architecture course - just time is the issue with current demands. With a young family who already see me in evenings only etc. doing this would probably be the final straw etc.....But if you can do and manage time, I think its pretty neat.
    MSc, BSc (Hons), C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP
  • SteveLavoieSteveLavoie Member Posts: 1,006 ■■■■■■■■□□
    I think there may be a lot of recognition that may be gained from this. It look prestigious.  Most of SANS instructor are consultant doing short term contract and dont have a full time job. SANS require them to be active in the field (and this is one reason why they are good/best). 

    I am sure that once COVID is over, and that event will restart fully, that there may be a lot of event. Also, they seem to have lost a few instructor with COVID that took full time job. 
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    I am in their instructor development program. Have done a few co-teaches and doing my first solo run soon.  Good advice here so far. There are two big things: time is one. You have to dedicate a LOT of time to prep for class and practice labs, do talks, vendor partnership engagements, etc. The other one is what JD says: you must love teaching. I always had SANS in my sights so I worked on becoming an adjunct first to see it teaching was for me. I liked it a lot so a few years later decided to pursue it. 

    Another thing I would say is that the SANS team is extremely awesome working with you to make sure you are comfortable with how fast/slow you want to move. In my case they never pushed and always asked if I felt ready to take the next step. The flip side is that they also have to feel comfortable moving you to that next step, which is totally fair. There was a ton of good communication and I always felt informed of where things were. 

    Before I wrap it up I want to bring up what John Strand says in the video linked above. Someone will hate you. No matter how excellent your delivery is someone will not like the way you brush your hair. Reading those evaluations at the end of the day and seeing the comments may be hard, but you have to be able to discern who is being absolutely ridiculous and who has a valid point on something you need to improve on. This is crucial.

    To close, my experience so far has been great. Now I need to find a job with unlimited vacation so I can do more classes until I open my own company :smiley:
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,068 ■■■■■■■■□□
    edited July 8
    While rewarding in the teaching aspect, don't expect to make a lot of money doing it. Most instructors I spoke to say they make way more money in there consulting gigs. I guess one of the perks would be you will get to be known very well in the field and former students could recommend you for consulting work. so there's that. My instructor for a Blackhat course said she developed a forensics course for SANS, but was not happy what they offered her for her work, so she took her material and started her own course she teaches during Blackhat conferences. Another vendor Red Tiger Security taught SCADA courses under contract for SANS, but once SANS developed it own course, they were let go. As a teaching organization they are very good, but from a business prospective, they are cut throat, over priced, don't pay a lot.  . 
    Still searching for the corner in a round room.
  • WhiteMilkWhiteMilk Member Posts: 37 ■■■□□□□□□□
    edited July 11
    As you know, these instructors are considered experts in the field. Just being an instructor is a revenue generating event. I am not sure I've sat in a week long class and the instructor didn't tell me (or it wasn't in the book), what company he/she was apart of  It's like free promotion. Working as a SANS instructor is like a (financially beneficial) spear fishing campaign.You have a targeted audience, who is likely a great candidate for his/her specialized services. 

    I don't necessarily agree on the statement from @JDMurray of:

     *full-time professional InfoSec career*

    Full-time is 40 hours a week in North America. A good portion (not all) of the instructor staff are US citizens. Some of these classes run pass 8hrs a day. So the instructor staff work 40-50+ hours a week teaching, then does 40  hours with his/her *full-time* role? Nah, I disagree my friend! Nobody has 2-6 months of leave a year to fly around the world and teach. Granted, not every instructor schedule is the same, and not every instructor has a full-time job.The definition of full-time can be questionable. Not every instructor works for someone. .

     I've facilitated a lot courses over the years. That is not including live pre-pandemic attendance. With that being said, with the plethora of courses and diversity of instructors, students, and individual backgrounds everyone will have a different experience. 

    Cyberguy has a point or two. 

    BUT, it's always a but. Everyone doesn't last. 

    You must be extremely knowledgeable in the material.  Nobody is paying 7k for you to read the material out of the book. This isn't Reading Rainbow.I digress. .. You should know the material and the tools in it like the back of your hand. If a student asks you a question about something in the book and you don't know it, people are going to stare at you like you have a booger hanging out your nose. 

    Yes, I agree with some points Cyberguy made. Take into consideration is said *someone*. Someone is not plural. I took a class somewhere where (at least) half the class complained about an instructor. I was reading the course evaluations with my own eyes. I haven't seen the instructor since, maybe he "quit" (cough cough). 

    I can produce emails. I've taken enough classes to have respectfully complained about an instructor once. If you complain, someone is going to follow up with the student! Trust me, that someone is not another instructor. Each complaint get followed up on. Trust me on that! I have the emails to prove it.If a student complains they are going to receive calls and emails. I am telling you from experience. A student complaint is not taken lightly.  No disrespect intended, but if John Doe is a half-azz instructor, he won't last long.

    Respectfully, @cyberguypr mentioned John Strand who has been with SANS since the 1990's and is a course author, not just instructor. I am sure he can get away with more than most.  :D:D:D  :D
    Someone who has been in an organization for 20+ years can get away with a lot more than someone who has been in an organization for 12 months. I think we can all agree on that. 

    We can ha ha ha and he he he, but the fact of the matter is:

    1. Average instructors don't last long.

    2. 9 times out of 10, you went looking to become an instructor, they didn't come recruiting you. 

    3. A student can't ruin you. Consistently having a multitude of students complain can ruin you. 

    4. People have quit jobs (that were forced out), just FYI. 99% of people would rather quit than say they were fired.  ;)


    Have you had chats with SANS instructor about their experience being instructors?

    You can gain that by the combination of this -> The SANS bio, LinkedIN, the introduction the first day of class, and/or go to the company page. A good portion of them have a company they run. 

    Respectfully, I didn't want to sugar coat it. I am not sure if it was or wasn't with the previous replies. With the 40+ SANS classes around the world, and hundreds of thousands (if not millions) of students taught, I wanted to give you my perspective. In the grand scheme of things, the handful of replies, compared to the number of students taught should not deter you one way or another. It's like going to a full Yankee stadium and 5 people ( in the entire stadium) say that hate the New York Yankees. I do hope that if your heart desires to become an instructor, your wish will be granted. I wish you all the best. 
  • SteveLavoieSteveLavoie Member Posts: 1,006 ■■■■■■■■□□
    I think most SANS instructor have consulting company, most do some teaching their "main" job but they have to be active in the industry. I heard that John Strand had pressure to do more than just teaching.. and it made it leave and build BHIS. Also look at BHIS, they are recruiting a lot of ex-SANS instructor and their course are more than affordable. 
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    Thanks for all the response, I really appreciate it

    I did some research and I also did some soul searching


    I realised that I don't want to dedicate more time to my 'main' career which is infosec. I say main because I have another side career or two that I enjoy doing, so if i decide to pursue SANS instructor route I won't have any time left to pursue the other stuff.


    SANS instructor seem like an awesome thing especially for someone who either wants to start their own consulting business, or want to work in consulting at a higher level where they need to acquire new clients or in general for someone who is extremely passionate about InfoSec AND want to make a name for themselves



    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,831 Mod
    edited July 14
    UnixGuy said:
    Thanks for all the response, I really appreciate it

    I did some research and I also did some soul searching


    I realised that I don't want to dedicate more time to my 'main' career which is infosec. I say main because I have another side career or two that I enjoy doing, so if i decide to pursue SANS instructor route I won't have any time left to pursue the other stuff.


    SANS instructor seem like an awesome thing especially for someone who either wants to start their own consulting business, or want to work in consulting at a higher level where they need to acquire new clients or in general for someone who is extremely passionate about InfoSec AND want to make a name for themselves



    Good call. Nothing much to add to the original post as its been well said by others, and WhiteMilk is spot on IMO. Your two views are exactly what I would say as well, A.) don't look to become a SANS Instructor if you aren't going to eat, breathe, sleep InfoSec and the course material itself and put that pursuit above all else, and B.) If you have a consulting company and are wanting to get more visibility to your company. Mike Poor was an amazing instructor and could teach one of the dryer subjects easily. He was one of the longest tenured instructors, but the amount of business he's probably brought in to InGuardians during his time as an instructor has to be crazy.

    Also one point I'll add that I highly agree with WhiteMilk on, you absolutely HAVE to be able to relate the material to actual work experience. Anyone can read the books (after all, you aren't (but you are lol) paying $7k for black and white printed PPT slides). Again using Mike Poor as an example, the way he could explain how they performed the dry topics of SEC503 on his company's engagements and illustrate the examples was masterful. That is the only way to do it.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    JoJoCal19 said:
    UnixGuy said:
    Thanks for all the response, I really appreciate it

    I did some research and I also did some soul searching


    I realised that I don't want to dedicate more time to my 'main' career which is infosec. I say main because I have another side career or two that I enjoy doing, so if i decide to pursue SANS instructor route I won't have any time left to pursue the other stuff.


    SANS instructor seem like an awesome thing especially for someone who either wants to start their own consulting business, or want to work in consulting at a higher level where they need to acquire new clients or in general for someone who is extremely passionate about InfoSec AND want to make a name for themselves



    Good call. Nothing much to add to the original post as its been well said by others, and WhiteMilk is spot on IMO. Your two views are exactly what I would say as well, A.) don't look to become a SANS Instructor if you aren't going to eat, breathe, sleep InfoSec and the course material itself and put that pursuit above all else, and B.) If you have a consulting company and are wanting to get more visibility to your company. Mike Poor was an amazing instructor and could teach one of the dryer subjects easily. He was one of the longest tenured instructors, but the amount of business he's probably brought in to InGuardians during his time as an instructor has to be crazy.

    Also one point I'll add that I highly agree with WhiteMilk on, you absolutely HAVE to be able to relate the material to actual work experience. Anyone can read the books (after all, you aren't (but you are lol) paying $7k for black and white printed PPT slides). Again using Mike Poor as an example, the way he could explain how they performed the dry topics of SEC503 on his company's engagements and illustrate the examples was masterful. That is the only way to do it.

    The courses I'm interested are the management track which I have plenty of experience in. My B-school knowledge also comes in handy

    But, I don't see myself eating and breathing infoSec.  It wont be hard to know the material in and out (took the course and found that I was familiar with the content already...have so many real world stories as well), but the commitment i'm not clear on

    I'm on a contract now (which will probably turn into Full time..), maybe If i go the contracting route I can juggle the two, but not in the short term


    Great answers and insights from everyone!
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,437 Admin
    edited July 16
    Which SANS management courses are you most interested in teaching?
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    @JDMurray MGT514 the one I just did
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    I just came across this fresh talk on how to become an instructor, may be helpful for some  
  • bigdogzbigdogz Member Posts: 882 ■■■■■■■■□□
    I did a few work studies and I had run in with one guy who did not like the class. He had some other idea of the class. He did not even read the syllabus before he signed up for the class. He was in over his head and blamed the instructor. He transferred to another course.

    You may rarely come across one of these student as the class is pricey and their management would filter problems like the one I saw.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,341 Mod
    bigdogz said:
    I did a few work studies and I had run in with one guy who did not like the class. He had some other idea of the class. He did not even read the syllabus before he signed up for the class. He was in over his head and blamed the instructor. He transferred to another course.

    You may rarely come across one of these student as the class is pricey and their management would filter problems like the one I saw.

    I know someone at a previous job, she complained and left the course because she thought ' the course wasn't good'....(real reason is the course was too difficult for her, she only had CEH and rumor has it she cheated in that too).

    Another guy was in my FOR 508, he was completely lost and couldn't keep up. He was a manage and said this is his 'passion', but didn't expect it to be that hard.

    Can't please everyone
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,437 Admin
    Does SANS have a policy to allow people to switch courses, or get a rain-check, if they decide that they've taking the wrong course by the first or second day?
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Absolutely. Switching courses is encouraged if the student believes they got in a class above/below their level. When I did work study there were always a few students moving up or down. 
  • SteveLavoieSteveLavoie Member Posts: 1,006 ■■■■■■■■□□
    yes.. it was offered to switch class after the first day... but I never heard about a rain-check
  • bigdogzbigdogz Member Posts: 882 ■■■■■■■■□□
    JDMurray said:
    Does SANS have a policy to allow people to switch courses, or get a rain-check, if they decide that they've taking the wrong course by the first or second day?

    I have never heard of a rain check. They can only go to another class. In most cases, as most of you know, if you miss the first 2 days it can be really tough to keep up with the class and the labs.
Sign In or Register to comment.