Re: Security Certifications for SOC team

[Scott <opiesan () gmail com>]

On Thu, Feb 26, 2009 at 4:38 PM, Andre Gironda <andreg () gmail com> wrote:
> On Thu, Feb 26, 2009 at 10:38 AM, Scott <opiesan () gmail com> wrote:
> > I'm confused as to how SANS is considered "vendor-focused"? I've taken
> > at least 3 of their classes and don't recall ever hearing them pimp
> > one vendor over another. An instructor might give their opinion or
> > preference but the organization overall has always been vendor
> > agnostic. What vendors are you referring to?
>
> SANS is a vendor.  They are a vendor for conferences, training,
> certification, computer-based training, training books, and their
> instructors' brand.  They pimp themselves over everyone.
>
> You never hear them mention other training / certifications which are
> not provided by them or which they have a class for.  You almost never
> hear them speak about other instructional capital such as books,
> ebooks, magazines, mailing-lists, blogs, forums, irc channels, news
> websites, rss feeds, other trainers, other places to attend training,
> conferences, training events at conferences, local chapter or local
> security community events, security communities and trade
> organizations, et al.
>
> They steal content from all of the above and never attribute it back.
> How is SANS vendor-neutral / vendor-agnostic?
>
> This email thread just goes to show that "way too many people" in this
> industry are completely owned by the vendors and product industry
> around security.
>
> Go read "The New School of Information Security" or something...
>
> dre

Wow, didn't mean to ruffle your feathers Andre. I meant that SANS
doesn't bias towards any equipment/software vendor during their
training. I see your point about SANS being a vendor when it comes to
training, but frankly, who isn't? If you're paying  a company to
provide training of course they're going to focus on their own
offerings above others. I'm taking the Offensive-Security training now
and while it's much more hands on than my SANS classes were they
haven't mentioned other training organizations either. I don't fault
them for it because I'm not paying them to tell me who else I should
train with. I'm paying them to provide their training to me. It's true
SANS doesn't seem to mention many of the other resources you pointed
out and perhaps they should change that. I'm sure if a student asked
that question during training the instructors would provide whatever
information they could but I doubt it would be included in the
training materials unless there was a strong push from their "customer
base" via the course review system.

One small point of correction regarding your comment above "SANS works
fairly exclusively with InGuardians for instructors". SANS is a huge
organization with a large instructor pool. It's true that many of
their highest profile instructors are from InGuardians but I believe
they were SANS instructors before they formed the company (Skoudis,
Poor, Wright to name a few). Many, if not all of them, were/are
handlers for the ISC. There are plenty more instructors representing a
broad spectrum of the industry and not from InGuardians. I don't want
to beat a dead horse or come off as a SANS fanboy, just wanted to make
that correction. It's unfair to the rest of the great instructors to
lump them into a small group like that.

Scott