Snort mailing list archives

Re: Snort Network Admin Training / Certification

From: "Turnbough, Bradley E." <bturnbough () belcan com>
Date: Thu, 23 Jul 2015 15:53:59 +0000

Joel,

Can you please put in a word with the "powers that be" and tell them that the customer base wants a better 
'certification' track, and associated training courses?

Honestly, it's sad that a large org like Cisco (formerly Sourcefire) doesn't have a meaningful offering with a cert 
attached to it.

Brad

________________________________
From: Joel Esler (jesler) [jesler () cisco com]
Sent: Thursday, July 23, 2015 10:36 AM
To: John York
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Network Admin Training / Certification

We have a rules writing class as well.  No certification for it, but it’s a good class.


On Jul 23, 2015, at 8:21 AM, John York <YorkJ () brcc edu<mailto:YorkJ () brcc edu>> wrote:



From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Wednesday, July 22, 2015 4:51 PM
To: Turnbough, Bradley E. <bturnbough () belcan com<mailto:bturnbough () belcan com>>
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort Network Admin Training / Certification

Huh.  Was not aware we don’t have the CERT anymore..

<snip>
________________________________
From: Y M [snort () outlook com<mailto:snort () outlook com>]
Sent: Wednesday, July 22, 2015 9:34 AM
To: Turnbough, Bradley E.
Cc: Joel Esler (jesler); snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort Network Admin Training / Certification

Bradley,

I am glad that you asked. At all cost avoid the Cisco's exam 500-280 SSFSNORT (which to my understanding is equivalent 
to SnortCP which used to be offered by SourceFire). Why you ask?

Well I took the exam to renew my SnortCP which expired in May. I passed the 500-280 SSFSNORT exam, and Cisco's Tracking 
System explicitly says that I am "Certified" and I was told by a trainer (on different occasion) that there is a 
certificate. Only after the fact I learned that this is only an exam "to validate skills". So if you lose the report 
that gets immediately generated when you complete the exam, there is no way you can prove that you are certified.

To make things even worse, exam 500-285 SSFIPS (exam for the commercial product) is the same, no certification 
whatsoever.

I opened a ticket with Cisco, which resulted to dead end. There are other annoying details that I will spare you from.

In my humble opinion, Cisco is underestimating both exams, and hence underestimating the products themselves and the 
people who spend time, effort, and money ($250) per exam. If I knew before hand, then I would have not set the exam.

YM

Sent from Mobile


I had the same experience that YM had with the SSFIPS class. There is a test, but all you get is a note that says you 
passed the test.  The class was taught by a professional instructor, but he had never used the product—very 
disappointing.

I would not recommend SANS 503 if the only thing you’re looking for is Snort rule writing.  It’s a great course (took 
it myself and liked it) but Snort rules only get a day or less of coverage.

Thanks
John



------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

_____________________________________________________________ This e-mail transmission contains information that is 
confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in 
error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, 
copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately 
by informing the sender that the message was misdirected. After replying, please erase it from your computer system. 
Your assistance in correcting this error is appreciated.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort Network Admin Training / Certification, (continued)
- Re: Snort Network Admin Training / Certification Wil Mail (Jul 22)
- Re: Snort Network Admin Training / Certification Y M (Jul 22)
  - Re: Snort Network Admin Training / Certification Turnbough, Bradley E. (Jul 22)
    - Re: Snort Network Admin Training / Certification Y M (Jul 22)
  - Re: Snort Network Admin Training / Certification Turnbough, Bradley E. (Jul 22)
    - Re: Snort Network Admin Training / Certification Y M (Jul 22)
    - Re: Snort Network Admin Training / Certification Turnbough, Bradley E. (Jul 22)
    - Re: Snort Network Admin Training / Certification Joel Esler (jesler) (Jul 22)
    - Re: Snort Network Admin Training / Certification John York (Jul 23)
    - Re: Snort Network Admin Training / Certification Joel Esler (jesler) (Jul 23)
    - Re: Snort Network Admin Training / Certification Turnbough, Bradley E. (Jul 23)
    - Re: Snort Network Admin Training / Certification Y M (Jul 23)
    - Re: Snort Network Admin Training / Certification Joel Esler (jesler) (Jul 23)