Need opinions on some 2-day SANS short courses

Assuming I pass the GCIH exam this Tuesday, I'm thinking of doing a short SANS OnDemand course afterward. I'm getting burned out with SANS stuff, but there's always a reason which keeps me coming back. The main reason for doing a two-day short course is that after paying for one, I would have accumulated enough OnDemand rewards points to get a free full-length course. The second (and more practical) reason is because my responsibilities as a generalist are expanding.

To address some of my weaker areas, I'm thinking of these:

SEC580 - Metasploit Kung Fu for Enterprise Pen Testing (http://www.sans.org/security-training/metasploit-kung-fu-enterprise-pen-testing-1472-mid)
MGT514 - Information Security Policy in Depth (http://www.sans.org/security-training/information-security-policy-in-depth-1527-mid)
AUD429 - IT Security Audit Essentials Bootcamp (http://www.sans.org/security-training/security-audit-essentials-bootcamp-1197-mid)
AUD521 - Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant (http://www.sans.org/security-training/meeting-minimum-pci-dss-20-staying-compliant-49-mid)

My first choice is the Metasploit one, naturally, as the techie side of things appeal to me. The others would provide good grounding in other business fundamentals. I can't say that I necessarily need to know all four of these areas greatly in-depth, but perhaps any of them would help round-out my overall skill set. I'm not yet sure which one would be better for me in the short and long-term and my training / professional development expenses are taking their toll so I can't go do them all.

Has anyone taken the above courses? I figure asking this would be a long shot since everyone mostly talks about 401 / 502 / 503 / 504 / 560 / 660 (GSEC, GCFW, GCIA, GCIH, GPEN) when it comes to SANS.

For the full-length course I'm thinking of these:

SEC617 - Wireless Ethical Hacking, Penetration Testing, and Defenses (http://www.sans.org/security-training/wireless-ethical-hacking-penetration-testing-defenses-3-mid)
SEC542 - Web App Penetration Testing and Ethical Hacking (http://www.sans.org/security-training/web-app-penetration-testing-ethical-hacking-942-mid)

I'm very weak on the web app stuff, but on the other hand I really enjoy wireless work. Choices, choices.

If anyone has taken the six courses above and can share your experience, I'd appreciate it. Being in constant training mode is kind of exhausting after a while, but it also keeps me motivated. It's the price of being in this space, I guess.

I am force-feeding myself. My Brain. It hurts.

Find more posts tagged with

Comments

ipchain

docrice wrote: »

Assuming I pass the GCIH exam this Tuesday

Good luck on Tuesday, although I am sure you don't need any.

docrice wrote: »

To address some of my weaker areas, I'm thinking of these:

SEC580 - Metasploit Kung Fu for Enterprise Pen Testing (http://www.sans.org/security-training/metasploit-kung-fu-enterprise-pen-testing-1472-mid)

MGT514 - Information Security Policy in Depth (http://www.sans.org/security-training/information-security-policy-in-depth-1527-mid)

AUD429 - IT Security Audit Essentials Bootcamp (http://www.sans.org/security-training/security-audit-essentials-bootcamp-1197-mid)

AUD521 - Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant (http://www.sans.org/security-training/meeting-minimum-pci-dss-20-staying-compliant-49-mid)

I strongly believe you can learn metasploit on your own, in fact there are a few videos on the internet that you can use. For example, check out the following link: Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos)

With that said, if memory does not fail me you wanted to learn regulatory compliance. Based on that, I would recommend the following:

[*]AUD521 - Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant (http://www.sans.org/security-training/meeting-minimum-pci-dss-20-staying-compliant-49-mid)

or if you are into auditing, [*]AUD429 - IT Security Audit Essentials Bootcamp (http://www.sans.org/security-training/security-audit-essentials-bootcamp-1197-mid)

docrice wrote: »

Has anyone taken the above courses? I figure asking this would be a long shot since everyone mostly talks about 401 / 502 / 503 / 504 / 560 / 660 (GSEC, GCFW, GCIA, GCIH, GPEN) when it comes to SANS.

Quite frankly, I have not taken any of them. If given a choice, I would go for AUD521 - Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant.

docrice wrote: »

For the full-length course I'm thinking of these:
SEC617 - Wireless Ethical Hacking, Penetration Testing, and Defenses (http://www.sans.org/security-training/wireless-ethical-hacking-penetration-testing-defenses-3-mid)

SEC542 - Web App Penetration Testing and Ethical Hacking (http://www.sans.org/security-training/web-app-penetration-testing-ethical-hacking-942-mid)

If I were you, I would take [*]SEC617 - Wireless Ethical Hacking, Penetration Testing, and Defenses (http://www.sans.org/security-training/wireless-ethical-hacking-penetration-testing-defenses-3-mid) as my last full-length course. While SEC542 - Web App Penetration Testing and Ethical Hacking should certainly be interesting, there are automated tools that do this for you. A few of them that come to mind are Qualys and Web Inspect. They are not free though, but well worth every cent.

docrice wrote: »

I am force-feeding myself. My Brain. It hurts.

I hear you, my brain hurts as well. The storm will pass, and then it will only be a matter of renewing your GSE if you are headed down that road.

docrice

I'm hearing that learning PCI-DSS is relatively easy. Qualys has a free PDF for download (http://www.qualys.com/forms/ebook/pcifordummies/). I'm going to run through this, but I wonder if this is too superficial an overview. While I won't be owning compliance, I will definitely need to have some tangible understanding of it.

I'm a little torn between 617 and 542. While automated scans are nice, at the same time there might be internal applications in development which I might want to run through my own manual scan stage and explain to the internal teams regarding the how / why of the particulars.

ipchain

docrice wrote: »

I'm hearing that learning PCI-DSS is relatively easy. Qualys has a free PDF for download (e-Book: "PCI for Dummies"). I'm going to run through this, but I wonder if this is too superficial an overview. While I won't be owning compliance, I will definitely need to have some tangible understanding of it.

I'm a little torn between 617 and 542. While automated scans are nice, at the same time there might be internal applications in development which I might want to run through my own manual scan stage and explain to the internal teams regarding the how / why of the particulars.

You know, I totally forgot that you can pretty much grab the PDF from https://www.pcisecuritystandards.org/ and become well-versed in the world of PCI-DSS requirements.

As for your last full-length course, I would still go for 617. To be honest with you, I thought taking 542 as part of my job requires me to meet with developers in order to promote secure coding standards and so forth. Needless to say that being well-versed in web application pen testing would come in very handy for that, but I decided to go for GCFA in the end.

While I agree with you in that having the knowledge is always a plus, automated tools will do everything for you. It should have been obvious by now that we use Qualys for our vulnerability scanning / pen testing, and we could not be happier with the product. Whenever you run a vulnerability scan for web applications, a PDF report is generated that goes pretty in-depth about what was found, and how to fix it. The knowledge you acquired from GCIH should be more than enough to cover the vulnerabilities that are outlined in the report with your clients / web developers, etc.

Just my two cents, but you should get your money's worth with either course. Good luck!

Skinner_au

I'm a big fan of the SANS courses, but personally I didn't really rate SEC517 via OnDemand. I didn't find it particularly cutting edge.
If it were me I'd probably tend towards the Metasploit or maybe even the Audit essentials course, but you might find (depending on the delivery method) you get more cutting edge metasploit stuff by signing up for various online free webinars.

I hear you re the study, I'm a little battle-weary too, after 4 SANS courses in 5 months and doing my CISSP a few weeks ago (a post on 'how not to study for CISSP' coming soon). It'd better be worth it!

I'm pretty keen to do SEC542 as it is a weak point for me too, but I also (REALLY) want to do the OSCP some time this year.

Never enough minutes in a day... $:\$

Sk

docrice

Skinner_au wrote: »

I'm a big fan of the SANS courses, but personally I didn't really rate SEC517 via OnDemand. I didn't find it particularly cutting edge.

Did you mean 617 or 517? I was referring to the wireless assessment course, although I was always a bit curious about the Cutting-Edge Hacking Techniques class.

Skinner_au

Ah yes I can see the confusion. I meant 517 as that is another 1 day course. I wasn't exactly overwhelmed by it. Not terrible - and there was a few things I didn't know - but I was expecting some newer/more novel stuff (given it's name was 'cutting edge...').

I thumbed through the books for 617's (someone I know did it) and it is a very comprehensive course, but not really applicable to what I do, so I couldn't give an indepth review of it (though there were a couple of minor things I expected but didn't see in there). I'd very much like to do 542 though.

I have a question for you: I'm neither an IDS analyst or Firewall guy but am thinking of doing one of SEC502/SEC503. I know this is probably difficult to answer, but I'll ask anyway: Which do you think has more value in the marketplace?

tks

Sk

docrice

Skinner_au wrote: »

I have a question for you: I'm neither an IDS analyst or Firewall guy but am thinking of doing one of SEC502/SEC503. I know this is probably difficult to answer, but I'll ask anyway: Which do you think has more value in the marketplace?

I would definitely say the GCIA is more often asked for. I think it's also a more difficult course, even though the subject area is narrower than the 502 / GCFW. These two share some amount of material commonality, but most people who have done both will probably agree with me that the GCIA is tougher to get, and thus more highly looked upon.

jmu200

I'd go for the Metasploit course... Have you considered going for the CISSP cert at all?

docrice

The CISSP scares me. People say the questions are tricky and need "proper interpretation." While I'm probably over-estimating its difficulty, 250 questions is still a lot and any intense exam that requires more than two or three hours of concentration will kill me. If I had my CISSP already, I would have plenty of CPEs to last me a lifetime to maintain the cert (although I don't think it works that way). The GIAC questions are generally straightforward.

I'll have to do the CISSP eventually though. No way around it.

Skinner_au

Thanks for the definitive answer re GCIA/FW. Exactly what I was after.

Without too many spoilers for my upcoming post on CISSP study (when I get a minute), it was everything I had heard, and more. Basically every question was vague. In my opinion it doesnt matter how long you've been in the business, you have to know what ISC says about x,y & z or it is extremely difficult to pass. That is, you have to know that syllabus and know it well, understanding what keywords to trigger your memory on.
The hardest thing for me was finding worthy practice questions - everything I came across was too simple. I purchased a book of the questions and they were much better than most, but still a little too simple to truly prepare you. I'm not trying to scare you - expect the worst and you can only be relieved. You don't want that 'Oh sh1t...' feeling that I had when I started reading the questions.

A guy I work with told me he studied with a friend every day for 2-4hrs for 2 months, and I would say to feel confident going in that is probably a reasonable amount of time (and I think a relatively equal study partner would be a big help). Another guy I work with reckons he prepared for almost a year (but he is quite... um... particular...). Sure you'll have a freak-out about it, almost everyone does, but with all those certs under your belt you obviously know how to study for exams: you'll be fine.

Sk