Penetration Testing mailing list archives
Re: Security Certifications for SOC team
From: Scott <opiesan () gmail com>
Date: Tue, 3 Mar 2009 02:39:34 -0500
On Thu, Feb 26, 2009 at 4:38 PM, Andre Gironda <andreg () gmail com> wrote:
On Thu, Feb 26, 2009 at 10:38 AM, Scott <opiesan () gmail com> wrote:I'm confused as to how SANS is considered "vendor-focused"? I've taken at least 3 of their classes and don't recall ever hearing them pimp one vendor over another. An instructor might give their opinion or preference but the organization overall has always been vendor agnostic. What vendors are you referring to?SANS is a vendor. They are a vendor for conferences, training, certification, computer-based training, training books, and their instructors' brand. They pimp themselves over everyone. You never hear them mention other training / certifications which are not provided by them or which they have a class for. You almost never hear them speak about other instructional capital such as books, ebooks, magazines, mailing-lists, blogs, forums, irc channels, news websites, rss feeds, other trainers, other places to attend training, conferences, training events at conferences, local chapter or local security community events, security communities and trade organizations, et al. They steal content from all of the above and never attribute it back. How is SANS vendor-neutral / vendor-agnostic? This email thread just goes to show that "way too many people" in this industry are completely owned by the vendors and product industry around security. Go read "The New School of Information Security" or something... dre
Wow, didn't mean to ruffle your feathers Andre. I meant that SANS doesn't bias towards any equipment/software vendor during their training. I see your point about SANS being a vendor when it comes to training, but frankly, who isn't? If you're paying a company to provide training of course they're going to focus on their own offerings above others. I'm taking the Offensive-Security training now and while it's much more hands on than my SANS classes were they haven't mentioned other training organizations either. I don't fault them for it because I'm not paying them to tell me who else I should train with. I'm paying them to provide their training to me. It's true SANS doesn't seem to mention many of the other resources you pointed out and perhaps they should change that. I'm sure if a student asked that question during training the instructors would provide whatever information they could but I doubt it would be included in the training materials unless there was a strong push from their "customer base" via the course review system. One small point of correction regarding your comment above "SANS works fairly exclusively with InGuardians for instructors". SANS is a huge organization with a large instructor pool. It's true that many of their highest profile instructors are from InGuardians but I believe they were SANS instructors before they formed the company (Skoudis, Poor, Wright to name a few). Many, if not all of them, were/are handlers for the ISC. There are plenty more instructors representing a broad spectrum of the industry and not from InGuardians. I don't want to beat a dead horse or come off as a SANS fanboy, just wanted to make that correction. It's unfair to the rest of the great instructors to lump them into a small group like that. Scott
Current thread:
- Re: Security Certifications for SOC team Scott (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- RE: Security Certifications for SOC team Craig S. Wright (Mar 03)
- <Possible follow-ups>
- Re: Security Certifications for SOC team Miller Grey (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team Michael Condon (Mar 04)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team FS (Mar 10)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)