RE: Security Certifications for SOC team

["Craig S. Wright" <craig.wright () Information-Defense com>]

SANS and GIAC do not require that you take all of the courses. There are
exam challenges available. These cost a good deal less if budget is an
issue. They are also a way of vetting people you may want to hire. I know
that this is a cost, but if a person is not certified and going for a
position and you want to hire them, what is the better option:

1       Hire them and possibly make a mistake (costing a good deal)
2       Have them take a test (and lose $899 max).

Next, the instructors do vary. I have lead a couple classes here in Au
(mentor for AUD507) and plan to do some more later this year. The formats
also include CBT and mentoring other than the 6 days in a row. 

As for vendor ware - having nearly 30 of the SANS certs completed, I can
categorically state that the only vendor related material is that which is
necessary. For instance, the Windows security courses are Microsoft focused.


As for a requirement to go to the training, I will speak up. I have
challenged around 65% of the certificates. The training is great, but there
is no way that I can give up 10 weeks a year average for it. Also think down
the track. Even if you have challenged the exam, when you re-certify you get
the material - and not at conference rates.

Having taken course from many of those listed in the emails, I stand by SANS
being one of the best. I still have not seen another with the depth of
SEC709 (Steve Simms) for creating exploits.

...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Andre Gironda
Sent: Wednesday, 4 March 2009 3:42 AM
To: pen-test () securityfocus com
Cc: Scott; Alcides; John Perea
Subject: Re: Security Certifications for SOC team

On Mon, Mar 2, 2009 at 11:39 PM, Scott <opiesan () gmail com> wrote:
Scott,
> Wow, didn't mean to ruffle your feathers Andre. I meant that SANS
> doesn't bias towards any equipment/software vendor during their
> training. I see your point about SANS being a vendor when it comes to
> training, but frankly, who isn't? If you're paying  a company to
> provide training of course they're going to focus on their own
> offerings above others. I'm taking the Offensive-Security training now
> and while it's much more hands on than my SANS classes were they
> haven't mentioned other training organizations either. I don't fault
> them for it because I'm not paying them to tell me who else I should
> train with. I'm paying them to provide their training to me. It's true
> SANS doesn't seem to mention many of the other resources you pointed
> out and perhaps they should change that. I'm sure if a student asked
> that question during training the instructors would provide whatever
> information they could but I doubt it would be included in the
> training materials unless there was a strong push from their "customer
> base" via the course review system.

Fail me if I'm wrong, but I always believe that
training/marketing/whatever material should cite their sources and
credit the original author(s) and source material.

> One small point of correction regarding your comment above "SANS works
> fairly exclusively with InGuardians for instructors". SANS is a huge
> organization with a large instructor pool. It's true that many of
> their highest profile instructors are from InGuardians but I believe
> they were SANS instructors before they formed the company (Skoudis,
> Poor, Wright to name a few). Many, if not all of them, were/are
> handlers for the ISC. There are plenty more instructors representing a
> broad spectrum of the industry and not from InGuardians. I don't want
> to beat a dead horse or come off as a SANS fanboy, just wanted to make
> that correction. It's unfair to the rest of the great instructors to
> lump them into a small group like that.

A very valid point/correction, however I was specifically referring to
"pen-testing" training and mentioned several application security and
incident handling boutiques that are alternatives to InGuadians and
SANS for those specific subject matters  Certainly SANS does have many
instructors for their other classes  from a wide variety of
organizations across the industry.

I plan on making more corrections to this thread and providing a
summary via an official source somewhere, possibly in coordination
with SANS.  Apologies to any for the confusing and potentially
incorrect language that I've used.  No harm ; No fowl [sic foul]
(feathers ruffled).

Cheers,
Andre