Re: Snort Network Admin Training / Certification

[Y M <snort () outlook com>]

Just adding additional information..If this is not related to the list, I will be glad to share information directly.
The only track that I am aware of with a certification is the "Advanced Security Architecture Field Engineer 
Representative". This involves passing both 500-285 SSFIPS and 500-275 SSFAMP with a prerequisite of CCNP Security.
The only problem I see with this track is that it is targeted towards Cisco Partners and Technical Sales, according to 
Cisco's website:
http://www.cisco.com/web/partners/specializations/security-arch.html


> From: bturnbough () belcan com
> To: snort-users () lists sourceforge net
> Date: Thu, 23 Jul 2015 15:53:59 +0000
> Subject: Re: [Snort-users] Snort Network Admin Training / Certification
>
> Joel,
>
> Can you please put in a word with the "powers that be" and tell them that the customer base wants a better 
> 'certification' track, and associated training courses?
>
> Honestly, it's sad that a large org like Cisco (formerly Sourcefire) doesn't have a meaningful offering with a cert 
> attached to it.
>
> Brad
>
> ________________________________
> From: Joel Esler (jesler) [jesler () cisco com]
> Sent: Thursday, July 23, 2015 10:36 AM
> To: John York
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort Network Admin Training / Certification
>
> We have a rules writing class as well.  No certification for it, but it’s a good class.
>
>
> On Jul 23, 2015, at 8:21 AM, John York <YorkJ () brcc edu<mailto:YorkJ () brcc edu>> wrote:
>
>
>
> From: Joel Esler (jesler) [mailto:jesler () cisco com]
> Sent: Wednesday, July 22, 2015 4:51 PM
> To: Turnbough, Bradley E. <bturnbough () belcan com<mailto:bturnbough () belcan com>>
> Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
> Subject: Re: [Snort-users] Snort Network Admin Training / Certification
>
> Huh.  Was not aware we don’t have the CERT anymore..
>
> <snip>
> ________________________________
> From: Y M [snort () outlook com<mailto:snort () outlook com>]
> Sent: Wednesday, July 22, 2015 9:34 AM
> To: Turnbough, Bradley E.
> Cc: Joel Esler (jesler); snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
> Subject: Re: [Snort-users] Snort Network Admin Training / Certification
>
> Bradley,
>
> I am glad that you asked. At all cost avoid the Cisco's exam 500-280 SSFSNORT (which to my understanding is 
> equivalent to SnortCP which used to be offered by SourceFire). Why you ask?
>
> Well I took the exam to renew my SnortCP which expired in May. I passed the 500-280 SSFSNORT exam, and Cisco's 
> Tracking System explicitly says that I am "Certified" and I was told by a trainer (on different occasion) that there 
> is a certificate. Only after the fact I learned that this is only an exam "to validate skills". So if you lose the 
> report that gets immediately generated when you complete the exam, there is no way you can prove that you are 
> certified.
>
> To make things even worse, exam 500-285 SSFIPS (exam for the commercial product) is the same, no certification 
> whatsoever.
>
> I opened a ticket with Cisco, which resulted to dead end. There are other annoying details that I will spare you from.
>
> In my humble opinion, Cisco is underestimating both exams, and hence underestimating the products themselves and the 
> people who spend time, effort, and money ($250) per exam. If I knew before hand, then I would have not set the exam.
>
> YM
>
> Sent from Mobile
>
>
> I had the same experience that YM had with the SSFIPS class. There is a test, but all you get is a note that says you 
> passed the test.  The class was taught by a professional instructor, but he had never used the product—very 
> disappointing.
>
> I would not recommend SANS 503 if the only thing you’re looking for is Snort rule writing.  It’s a great course (took 
> it myself and liked it) but Snort rules only get a day or less of coverage.
>
> Thanks
> John
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> _____________________________________________________________ This e-mail transmission contains information that is 
> confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail 
> in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any 
> disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the 
> message immediately by informing the sender that the message was misdirected. After replying, please erase it from 
> your computer system. Your assistance in correcting this error is appreciated.
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!