Security traning courses

Hi everyone,

Our manager is entertaining the idea of sending some of us into security training and asked me for suggestions of what's available out there besides the famous SANS courses.

Target audience: seasoned sysadmins
Format: online, bootcamp, or corporate on-site
Study goals: defensive side, security-focused approach to sysadminning, best practices for network/systems design and operations, server hardening, proactive monitoring, and so on.
Priorities: Best quality and/or value for the money

So far I've identified SANS GIAC, EC-Council, and InfoSecurity Institute courses. Particularly, EC-Council's NSA program and Network Defense two-day workshops look attractive, but I'm unsure about their quality.

EC-Council - Network Security Administrator

Course Description
This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.

EC-Council Certificate series - Network Defense

EC-Council - Certified Security Analyst

SANS GIAC - GCED - Advanced Security Essentials - Enterprise Defender

SANS GIAC - GCWN - Securing Windows

SANS GIAC - GCUX - Securing Linux/Unix

InfoSec Institute - Security Architecture and Assessment

InfoSec Institute - Assessing & Securing the Perimeter

Any other good training classes out there?

What are your thoughts on the courses listed above?

Find more posts tagged with

Comments

khaledesheh

SSCP & CISSP (General)
CCSP (Cisco)
Security+

Asif Dasl

If I had a choice FWIW, I would go for GCWN over any of the EC Council offerings, because I've never heard of the them and I would say GCWN would be more comprehensive and useful.

My 2 cents

ChooseLife

Thanks guys,

khaledesheh wrote: »

SSCP
Security+

Too basic

khaledesheh wrote: »

CCSP (Cisco)

Our team does server management and does not deal with network equipment (I do in my other role, and will be going after CCSP later, but that's a different discussion)

khaledesheh wrote: »

CISSP

From what I've read, the certification (and therefore associated training) does not go deep enough on the technical side...

Asif Dasl wrote: »

I've never heard of the them and I would say GCWN would be more comprehensive and useful.

Thanks for the opinion.
I'm sure SANS courses are the best of the bunch, but still trying to figure out some cheaper alternatives.

NightShade03

Although it is meant for pen testers and the like Offensive Security has some great security courses:

Information Security Certifications by Offensive Security

ESecurityOnline is also great. I know a few people that have taken their course:

eLearnSecurity : Penetration testing and IT Security courses

Again this is another pen tester type course, but Joe McCray is the man:

Courses | Learn Security Online

If you are on Linux servers / system admins....Red Hat makes a decent set of security courses that can be applied to any Red Hat/Centos/Fedora system as well:

https://www.redhat.com/certification/rhcss/

ChooseLife

Thanks, NightShade03, I've looked at these pentest training companies as well as a few others in hopes of finding some defensive courses.

The RedHat security course looks pretty decent. We just happen to use a non-RH-based distro, otherwise I'd definitely propose this course to the management...

SephStorm

ENSA: Virtually no ground training for this in the US, the only company I have found is in the UK, i think Firebrand Training? There is a dvd based training set out there, but I don't quite trust the company who claims to have it, they weren't sure which version of the material it covered, or wherether they even had it ready for delivery.

Ec-Council Certificate: I've never heard of it. I can say that it likely will have little future viability, IMO.

SANS: IMO, all of these require previous knowledge. This is based purely as an outsider, but i've never seen someone go straight after any of those, some of the GIAC guys here might have a better opinion.

The last two seem interesting. I am currently in an ISI course, and they are legit. Good material.

One thing I would look into, is vendor specific training, even without a cert attached. Intrusion Detection classes, or Firewall administration, Global Knowledge has a few courses I would look at:

Defending Windows Networks
Security Defending Windows Networks at Global Knowledge

Cybersecurity Foundations
Security Cybersecurity Foundations at Global Knowledge

theres actually a whole list:

Security Training : Global Knowledge's IT security courses include cybersecurity, CompTIA, Certified Ethical Hacker, and more.

ChooseLife

Super, thanks for pointing at Global Knowledge, this one was completely under the radar until you mentioned it. A quick search on TE revealed some very solid positive feedback on their training.

SephStorm wrote: »

One thing I would look into, is vendor specific training, even without a cert attached.

Yes, most certainly, in this case the focus is on the quality of training and not on finding one associated with some cert. I have no problems with doing self-study for certs and to be honest feel like most cert-focused training is a rip-off in terms of price/value ratio, so when the employer volunteers to budget some money for my training, I want to put it to good use.

NightShade03

Global Knowledge is pretty good I have taken a course from them and a few friends have as well. I had totally forgotten about them honestly. Hopefully they can provide you what you are looking for.

If you do go with them report back after the training and let us know how it went and any feedback you might have.

docrice

My experience with Global Knowledge has also been generally positive (ice cream Fridays). Their live instructor-led courses can get pretty pricy as well, depending on which one you take. They also have Foundstone Ultimate Hacking which I've always been curious about.

SANS courses aren't that much more expensive and are in most cases vendor-neutral. They're generally slide-based and may include some labs. The content is generally very good, but if you're looking for something that's straight lab-based, then the Global Knowledge offering mentioned previously might suit you better.

Another option would be to have one of your team members do a SANS, another do a Global Knowledge, another do EC-Council, etc.. While you are generally legally restricted from sharing class materials with each other afterwards, you could perhaps share ideas and notes from what has been learned.

ibcritn

docrice wrote: »

My experience with Global Knowledge has also been generally positive (ice cream Fridays). Their live instructor-led courses can get pretty pricy as well, depending on which one you take. They also have Foundstone Ultimate Hacking which I've always been curious about.

SANS courses aren't that much more expensive and are in most cases vendor-neutral. They're generally slide-based and may include some labs. The content is generally very good, but if you're looking for something that's straight lab-based, then the Global Knowledge offering mentioned previously might suit you better.

Another option would be to have one of your team members do a SANS, another do a Global Knowledge, another do EC-Council, etc.. While you are generally legally restricted from sharing class materials with each other afterwards, you could perhaps share ideas and notes from what has been learned.

I will be taking the Foundstone Ultimate Hacking course at Black Hat this year so I will let you know what I think.

I am also very interested in Defensive security training so these are good options. Keep'em coming!

ChooseLife

NightShade03 wrote: »

If you do go with them report back after the training and let us know how it went and any feedback you might have.

Most certainly!

ibcritn wrote: »

Keep'em coming!

Yes! If anyone knows of other good defensive courses, please do add to the thread.

ChooseLife

docrice, appreciate the GK vs SANS comparison. Interesting idea about taking different courses, too.

docrice wrote: »

My experience with Global Knowledge has also been generally positive (ice cream Fridays). Their live instructor-led courses can get pretty pricy as well, depending on which one you take. They also have Foundstone Ultimate Hacking which I've always been curious about.

SANS courses aren't that much more expensive and are in most cases vendor-neutral. They're generally slide-based and may include some labs. The content is generally very good, but if you're looking for something that's straight lab-based, then the Global Knowledge offering mentioned previously might suit you better.

Another option would be to have one of your team members do a SANS, another do a Global Knowledge, another do EC-Council, etc.. While you are generally legally restricted from sharing class materials with each other afterwards, you could perhaps share ideas and notes from what has been learned.

SephStorm

ibcritn wrote: »

I will be taking the Foundstone Ultimate Hacking course at Black Hat this year so I will let you know what I think.

I would like to hear back on this, I saw their classes on GK, but I got the feeling they aren't attended much.

NightShade03

Foundstone used to be big in the training area until they were picked up by McAfee. Now I believe they aren't as big and there are many more players in the field that compete against them.

ChooseLife

Talked to InfoSec Institute and EC-Council earlier this week and had a couple of interesting discoveries.

InfoSec Institute recently acquired Intense School. Their phone system says "Welcome to Intense School", which triggered an alarm in my head, because of some strongly negative reviews of Intense School on this board. Nevertheless, their staff were professional and intimately familiar with programs they were offering and I was fully satisfied with the level of customer service, so my concerns over Intense School disappeared by the end of the conversation.

The interesting thing about EC-Council's training is that they have two online formats - iWeek and iClass. iWeek is online live training, 5-day, 9 to 5 MT schedule, and I was told that these classes generally run for ~$2500. iClass is self-paced online training with lectures recorded in iWeek sessions and thus identical in content (but not in interaction, I presume). Access is given for 1 year. iClass runs for ~$1400.

SephStorm

Since this thread recently came up in a current thread, I thought I would drop an update. I always am looking to maximize my studying and learning experiences, so after self study I always consider boot camp training. I myself did a cert through InfoSec institute/Intense School and enjoyed it. I have also taken classes through Training Camp. My thoughts at this time:

The Training Camp (A+, Net+): My introduction to boot camps, what an experience, long days filled with learning with IT focused individuals in a good isolated environment. Good company and I went into the exams confident in my ability to pass the exams and retain the knowledge, most of which I retained years down the line. Pros- The price of the camp included the hotel stay, trust me, I would recommend that all camps do this, it makes managing your training budget SOO much easier. Today this is an optional add on not included by default, but I think they have a better rate than the "discounted rates" offered by most training companies.

SANS (GCIH-Online): I loved this course, my only regret being that I could not attend in person, and I couldnt get the time off to actually attend the class daily like I wanted. This, more than anything is why I still havent taken the GCIH. con- The online method I had took place over an extended period, like 2 months? So I couldnt take the time off. (they could have let me come in late those days but no....) try to work this out with your company.

Intense School/ISI (CEH/CPT): I took this course online and I have to say, I enjoyed the content of the course. Engaging material and a knowledgeable instructor. Honestly I think they have a decent online program, and the prices are right for online, but I think I just prefer live environments. I will say that I fully recommend their CPT/CEPT practical certifications

Intense School/ISI (CCNA/CCNA Security): I am in this program now, and my feelings are mixed. pro's-The company was willing to work with me on getting the materials shipped to my overseas location, and when the CCNA Sec exam expired they offered to ship me the new cisco press book, when I brought it up. The videos are very interesting in the fact that they defiantly spend time laying out and explaining the OSI model and the other subjects, I think there is a video for each layer, about 45-60 min. This can defiantly be a benefit over reading a few lines of Odom.

cons- The videos and the company supplied book are not meant to go together, as is the case of the above mentioned course, the book is good, but if you have a question about the book, if the videos were complementary, you could possibly get clarification from the video. Also with this package the exam vouchers are not included (this may or may not be the case with all their online training.).

Global Knowledge: I have yet to take training through them but I really want to (anyone want to sponsor me? I'll give a full review!) They have an amazing number of courses and it looks like they run fairly often. Some of the training is hard to find elsewhere, and they have really good deals and discounts (for gov/mil, you can take a $3500 for $2500!!) including bogo's and free appliances for their checkpoint courses. They also have technology based courses that are seemingly geared more towards teaching a technology (hands on?) rather than a certification. (though they may line up). For example:
Certification Path
MCITP: Server Administrator / MCSA: Windows Server 2008 Boot Camp
MCITP: Server and Enterprise Administrator Combo Boot Camp
Skills-Building Path
Exam 70-640
Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services (M6425)
Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory (M6426)

[h=4]Two Paths To Take[/h] Certification Path - If your primary focus is obtaining your certification quickly, we offer Boot Camps to prepare experienced students for all the exams they will need to take.
Skills-Building Path - If your focus is on building your skills first, we offer individual courses that both train you for the real world and provide content covered in the exams.

Security University (QND)- A smaller company than most, but perhaps not as small as you would expect, You will probably be pleased to meet the CEO of the company during your stay and you will see her over the course of your class, I was suprised to see her setting up classrooms with instuctors, getting the food and coffee ready. Her instructors are knowledgable, and approachable. This company provides mostly security courses built around a line of SU certifications, roughly in line with the EC-Council line they also offer vendor certifications I remember there was a wireless class going on at the same time, I think it was WCNA/CP. pros-Many. Having payed for my course with the GI Bill the course felt "free" to me. Trust me that is a relief. It says something that the company was willing to take the time to be eligible for VA funding in this way, few do, and most are a hastle to try to set up the process, or try to limit your use of the program. For me the process was simple, and I was able to take an enjoyable course with a practical exam. cons- nothing significant that I can think of about the company itself, except the website needs a little work.

Viable alternatives to the ECC certs from what I see so far.

the learning tree: took a work sponsored share point class through them years ago. decent class, learned a bit, though it was mostly a power user level class, the techs spent most of the week "hacking" each others sharepoint portals and changing backrounds and other stuff. (the hacking was logging in with the default pws assigned to the class). The instructor got in on it in the last day I think.

pro-they have a sans course advertised, I dont know how they are able to do that, but I would be interested in seeing a review of it.

CED Solutions: Expensive, but intriguing. The offer round trip airfare and lodging at some locations. This can equal big savings! Based on what I can see, this is a pure boot camp experience (minus the brain **** to my knowledge). Long courses, and combined certifications (MCITP SA/EA+CCNA/CCDA, CEH+CHFI+ECSA, ect) This can make for one heck of a 2 week vacation. Pro- The longer class time can equal more retained knowledge for many students.

Words of advice:
If you, like me are paying for training out of pocket, I believe that self-study is useful you can prep for your course, and sometimes, may find that you have studied to the point of not needing to pay for an expensive course. Your biggest enemy is time and motivation, if you have these, you can train yourself to learn many skills, and of course many certs. I am ideally a professor of instructor led training, so I offer this advice.

Planning: plan your expenses, find the cheapest travel options, consider the cost of plane tickets vs driving to the camp location, it can be useful to have the use of a vehicle, so if you plan to fly, consider a rental. For some courses you my not want to have the distraction, but it can be useful. Lodging- If the cost of lodging isnt included, make sure you do your research. most training providers will have discounted rates. But you can increase your savings by checking into a discount hotel or motel that costs 60 bucks a night vs $100 at "discount". This really adds up when combining courses or courses over 5-6 days. You can also save if you can cut things from the "included" cost of the course. While I dont imagine you could have them cut the cost of foods provided for the guests, you could purchase your own vouchers (or have them payed for by WGU or some other method...

) If you already have the official materials from the vendor, why are you paying for them again, ask them if they are included in the course, then nicely tell them you dont need them and ask them to cut the price.

So there it is, the combined knowledge of my boot camp experience, I hope this provided some useful insight.

ChooseLife

SephStorm wrote: »

So there it is, the combined knowledge of my boot camp experience, I hope this provided some useful insight.

Wow, that was monumental. You have unique and extensive first-hand experience with bootcamps, thank you much for finding time to write this review.

SephStorm

Thank you for taking the time to read it. I'll tell you guys, the best part of any boot camp (outside of seeing that "Pass" screen after a test, is the people you meet.