RE: Hacking Boot camps!

[srenna () lcssecuritygroup com]

I have to disagree in part about SANS being shit.  I personally hold two
GIACs that I had written extensive papers on to attain.  I learned a
good bit while writing the two; however, it was through personal
determination and grit that enabled me to do so, not through any SANS
training as my employer had sent about 7 people to get theirs and none
had successfully completed it.  I never received any training from SANS
so I can't comment on how effective it is; however, I used real world
experience to gain my own certs, so I presume others are capable of
this as well.

SANS is a good concept in theory, lets make it easier for those that
have an interest in IT Security to learn.  However, their exhorbitant
fees and the mentoring program need a serious retooling.  When I was
doing my challenge options, only about 1.5-2 years ago, the price was
$450.  Now, it has been elevated significantly to $800.  The
explanation for this is that instruction materials are being taken by
others and utilized in their own classes, hence, SANS must charge more
to protect Intellectual Property(yeah, doesn't make the most sense). 
The mentoring program is BALLS and I agree that SANS puts the "honor"
of being a mentor onto a certified individual, yet pays them next to
nothing to perform the task of devaluing ones certification.  I was
about to serve as a mentor, until I realized how much work is required
for the person who is serving as the mentor and the amount of money
they are paid for their hard work.  I think I worked out something like
3% of the total a student pays to SANS goes to the Mentor, while SANS
collects nearly 3k on each student, the instructor gets paid next to
nothing.  Then I realized that ignorant fools could take a SANS class,
take two EASY exams and become a GIAC, without the need to write a
paper.  Eliminating the paper requirement, in my mind, is just a ploy
to get more folks to fork over cash to SANS.

With the new distinction between GIAC and GIAC Gold, we're set for a
flood of underqualified applicants being sent to class by employers for
those that really have no desire to learn.  SANS gets paid, qualified
individuals become further devalued as more "boot campers" get GIACs
and everyone lives happily ever after

> -------- Original Message --------
> Subject: Re: [Full-disclosure] Hacking Boot camps!
> From: InfoSecBOFH <infosecbofh () gmail com>
> Date: Thu, November 24, 2005 4:43 am
> To: full-disclosure () lists grok org uk
>
> Bottom line is... and you can ignore the SANS instructor/SANS zealot post...
>
> SANS = SHIT.
>
> Now that I am in a position with my employer to hire and fire
> people... I will not even consider an applicant who touts his SANS
> certification as something to be proud of or something to make him
> more skilled than the next.
>
> And, now that I am in a senior position at my employer, I am doing
> everything I can to stop my employer from paying the EXTORTION fees to
> SANS in order to be a part of their what works program and any of
> their training.
>
> You know what makes me smile everyday... the knowledge in knowing that
> I am not the only senior infosec person at a major corporation who
> feels this way about SANS.
>
> Fuck SANS.  FUCK EM ALL!
>
> http://dictionary.reference.com/search?q=sans#without
>
> sans    ( P )  Pronunciation Key  (snz, sä)
> prep.
> Without.
>
>
> --------------------------------------------------------------------------------
> [Middle English, from Old French, blend of Latin sine, without, and
> absenti, in the absence of, ablative of absentia, absence from absns,
> absent- present participle of abesse, to be away. See absent.]
>
> On 11/23/05, senator.crabgrass () comcast net
> <senator.crabgrass () comcast net> wrote:
> > Maybe it is not what you know but who you know.  Best of luck with that grail thing, finding it is veiled, holding 
> > it is easy, keeping it polished is where the work is.
> >
> > --
> > vote for me
> >
> >
> > > On 11/23/05, senator.crabgrass () comcast net
> > > <senator.crabgrass () comcast net> wrote:
> > > > ... the cert game is nothing more than  a lucrative revenue generator. For
> > > either the test givers or the vender pusher or the land of test king.
> > >
> > > a few respectable names in their roster[1]; i wonder why they don't
> > > name the instructor giving each presentation on their conference
> > > schedule[2]...
> > >
> > > i have a theory: the more legitimately skilled you are, the less you
> > > instruct and the more you are paid.  a nice way to convert reputation
> > > into ca$h!
> > >
> > > [maybe i can get in on this racket once i attain the holy grail of
> > > CPA, GCFW, CISSP, CISM, CISA, CCNA, CCSE, CCSA, GIAC, GCIA, GSNA,
> > > GCFA, GCIH, GCUX, GSEC, QUE, WTFBBQ]
> > >
> > > 1. http://www.sans.org/instructors.php
> > > 2. http://www.sans.org/index.php
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/