PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SANSFire 2011

From: Matthew Reed <mreed () cgx com>
Date: Tue, 5 Jul 2011 13:46:12 -0500
I went to VA Beach last year and it was terrific. As mentioned below, it is the perfect size. I had a great time 
learning, well, until the conference was wrapped up a day early as a Hurricane was closing in on the area (and then 
missed). Great conference at a great location.


Matthew Reed, GSEC, GCIH, CHPSE


From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of John 
Strand
Sent: Tuesday, July 05, 2011 1:01 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] SANSFire 2011

And...  I'll buy the beer on the 5th day.
On Tue, Jul 5, 2011 at 11:43 AM, Kevin Shaw <kevin.lee.shaw () gmail com<mailto:kevin.lee.shaw () gmail com>> wrote:
Aaron:

You'll enjoy Virginia Beach.  I say that not just because I live near there!  The conference size is not huge, but not 
extra small either; and offers plenty of opportunity for learning outside of the course you may take

Kevin

On Tue, Jul 5, 2011 at 12:58 PM, Aaron <subdriven () gmail com<mailto:subdriven () gmail com>> wrote:
Gentlemen,

Thanks for your responses. I actually have your book, Seth! I've not
started it yet, but it is on my CISSP study list.

Thank you all for the advice on the Work Study program. I've applied
for the Virginia Beach conference which is in a few months. I agree
that $800 vs $5000 is a hard argument to beat especially when paying
for it out of my own, shallow pocket. :)

Aaron

On Tue, Jul 5, 2011 at 11:15 AM, mike p <mikeaperez1 () gmail com<mailto:mikeaperez1 () gmail com>> wrote:

Aaron,

I've never taken Sec301.  I have taken both Sec401 and 504 and I can say
that if you feel (as I did) that one needed a foundation before jumping in,
401 seemed to have more technical/hands on focus vs. Sec301.  Having said
that, I've always had a blast at SANS, so I doubt you could go 'wrong' with
SEC301, just that SEC401 seems like a better fit for what you describe. I'd
go for 401.

Having said that, please be sure to apply to the Work Study program:

http://www.sans.org/security-training/volunteer.php

It's SANS training (plus a lot of hard but rewarding work) at a discount.
The other benefit is it gives you a few months of online access to the
materials for the $850 (or so depending on course).  It is definitely a must
if you are paying for SANS on your own dime.

HTH,
Mike

On Tue, Jul 5, 2011 at 10:35 AM, Ty Purcell <TPurcell () ffin com<mailto:TPurcell () ffin com>> wrote:


Aaron,

Based on the below, then I second the recommendation of 401 w/ bootcamp,
and then take the GSEC certification.  That is also one of the certs that I
see as desired in some job listings.  In my opinion, I wouldn't worry about
the Security+ certification.


Ty

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com<mailto:pauldotcom-bounces () mail pauldotcom com>
[mailto:pauldotcom-bounces () mail pauldotcom com<mailto:pauldotcom-bounces () mail pauldotcom com>] On Behalf Of 
Aaron
Sent: Tuesday, July 05, 2011 9:17 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] SANSFire 2011

David,
I guess you can say it is weird that I am a part of this list but have
no official training. My background is in running small businesses as
an IT generalist (for lack of a better term). I've always been
fascinated with security and think I have a knack for it. My wife and
I are currently trying to move west; be it Seattle area, Portland, OR
area, or Denver. What I've (embarrassingly) found in all of the
interviews I've been on is A) I don't have the experience and B) I
don't have the requisite knowledge companies are looking for in a
candidate. Thus far in my career, I've either taught myself everything
I've needed to know whether reading and applying, or picking the
brains of those more knowledgeable than I (hence this list). My
knowledge of systems, infrastructure, TCP/IP, networking, etc has all
been very informal, rudimentary, and full of holes. Again, learning
what I needed to, to accomplish the job/task at hand then moving on.
During the interview process I cannot answer some questions or can
only answer them at a very basic level. (And yes, there is a good
chance I'm being hard on myself, but I don't think I'm too far off the
mark.)

Regardless of how well I portray this in interviews, companies are not
willing to hire someone on speculation. At least not with the job
market the way it is. Therefore, I've decided on two approaches. First
I'm going for training and certs on my own dime. Second, I'm looking
for entry level positions related to security or positions I think
will benefit me and help me move up to a security position.

I hope that has cleared some of this up. So, knowing the background,
you can see why I was looking at the lower level courses in which to
start. I think I have a decent technical background and with some
basic certs like Security+ or Networking+ I think I can back-fill
whatever information I'm missing.

I appreciate your reply about the auditing class. I will need to make
a decision very soon as the conference is only a few weeks away.

Aaron


On Mon, Jul 4, 2011 at 6:21 PM, David Hoelzer
<dhoelzer () enclaveforensics com<mailto:dhoelzer () enclaveforensics com>> wrote:

It's a good course.  I know Fred well and he's a good instructor.

It seems weird that someone on this list would have no security training
at all.  If you don't mind my asking, what kind of background do you have?
 I ask because if you're from more of an operational background and are
looking to apply security to things and develop good practice, I'd send you
straight over to AUD 507 (don't let the audit piece fool you...  there's
audit stuff, but it's really what sorts of operational practices and
controls should be in place that auditors ought to look for).

On the other hand, if you have a decent technical background but nothing
on the security side and aren't worried about development of secure
practices, I'd send you toward SEC 401.  It's a whirlwind tour of just about
everything to do with security.  Prepare to be exhausted. ;)

Best regards


On Jul 3, 2011, at 3:02 PM, Aaron wrote:


All,

I am looking at attending SANSFire 2011 in DC this month and taking
Security 301: Intro to Information Security with Fred Kerby. Does
anyone have anything good (or bad) to say about this course? Having no
formal training in security, I think it would be a great way to get my
feet wet and get some experience under my belt. Do you think it's
worth the $3500 price tag?

Thank you

Aaron
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



---------------------------------------------------------
David Hoelzer
Director of Research, Enclave Forensics
dhoelzer () enclaveforensics com<mailto:dhoelzer () enclaveforensics com>



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



--
John Strand
Office: (605) 550-0742
Cell: (303) 710-1171


________________________________
NOTICE: This message, as well as any attached document, contains information from Consolidated Graphics, Inc. that is 
confidential and/or privileged, or may contain attorney work product. The information is intended only for the use of 
the addressee(s) named above. If you are not the intended recipient, you are hereby notified that any review, use, 
dissemination, forwarding, printing, copying, disclosure, or the taking of any action in reliance on the contents of 
this message or its attachments is strictly prohibited, and may be unlawful. If you have received this message in 
error, please destroy all copies (in any form) of this message and its attachments, if any, without disclosing the 
contents, and notify the sender immediately. Unintended transmission does not constitute waiver of the attorney-client 
privilege or any other privilege. Unless expressly stated in this email, nothing in this message should be construed as 
a digital or electronic signature. Thank you for your cooperation.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: