+ Reply to Thread
Results 1 to 9 of 9
  1. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    619

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #1

    Default Looking at taking another SANS Course

    I'm looking at taking FOR572 https://www.sans.org/course/advanced...nsics-analysis.

    Has anyone taken it? How was it? Did you feel like it was worth the money or a rehash of things you already knew?

    I already have the GSEC and curious about experiences if anyone wants to share.

    Thanks
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  2. SS -->
  3. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,486

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #2
    Just be aware that level 500 courses are tougher than level 400 courses. If your going for the certification, it may require more study time than the GSEC. Not sure if the other numbers indicate the course is tougher than the lower numbers. for example I've heard the 503 is a pretty tough exam, but the 504 is easier. You would think numbering wise they be reversed if the course material was tougher to grasp. Actually SANS course numbering is all over the map, I can make no rhythm or reason on how they select course numbers.
    Last edited by TechGromit; 02-14-2018 at 08:19 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  4. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,410

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #3
    TechGromit is right

    What's your background? How comfortable are you with TCPDUMP/WireSHARK/TCPIP and analysing PCAPS?


    I haven't taken it but a colleague of mine have, it is tough. What are you career goals ?

    I always felt that FOR 508 is more useful in the real world, but all those courses are great anyway
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  5. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    619

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #4
    Thanks for the replies.

    I found the GSEC to be basic(I think that is the intent). You can find comments I made on here about it after I took the course/exam. I learned some things but felt let down in the material overall. I just felt it was lacking in the in-depth knowledge I wanted. With that said, I think the whole point of the GSEC is to provide the basics, which is why it's a first step on the roadmap. Generally speaking, I'm looking for a tough course so I can feel challenged.

    I recently transitioned from Linux Administrator to Security Analyst and have goals of Security Engineer/Architect in the future. The current career path at least for the time being is analyst->senior analyst->sec engineer->architect. 508 looks like it is geared for a traditional DFIR role, which while I find it interesting, I'm not really passionate about.

    I wouldn't consider myself anywhere close to knowledgeable enough but can analyse pcaps, flow data etc. It wasn't that long ago where I was ignorant about NSM as a concept so I dug in pretty hard to learn it. I have an understanding of what's what now and I want to grow that to a very deep level of knowledge.

    I'm pretty sure this is a course I want to take but would like some feedback on the reality of it. I am tentatively planning to do Austin, TX in June, right after Circle City Con this year if everything works out.

    Regards,
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  6. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,410

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #5
    fair enough, I made a similar career transition 3 years ago. While I don't know your technical background 100%, I would personally vote for SANS SEC 503 (GCIA), but you the one you're looking at is not bad either.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  7. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    619

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #6
    I reached out to the person teaching the course(Phil Hagen) on Twitter and his reply was
    I'd say the best prep would be a decent background on network fundamentals (CIDR notation, switching/routing/firewalling, etc), as well as knowing the ins and outs on the Linux command line. Bonus points for familiarity with tcpdump and wireshark
    Given that I have a few months to brush up, I should be GTG.
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  8. Senior Member stephens316's Avatar
    Join Date
    Oct 2009
    Posts
    200

    Certifications
    IASO,GSEC,GCED,GCFE, MCTS:AD,MCSA,,MCP, Sec+ VCA-DCV MCTS-SCCM
    #7
    I would use the road map for selecting my next course i think you would like GCIH SANS504 it actually has some teeth in HR community https://www.sans.org/media/security-...ng/roadmap.pdf
    ______________
    Studying: 8 month CISSP Challenge
    Next Up: [|GCIH|CISSP]
    Future: [
    | OSCP]
    Passed:
    [GCFE|SCCM|GCED
    Reading: Mainly Real Estate Books, CIA Books


    Reply With Quote Quote  

  9. Senior Member alias454's Avatar
    Join Date
    Sep 2014
    Posts
    619

    Certifications
    BSIT, A+, eJPT, GSEC, VCP5-DCV
    #8
    Thanks, I've looked at 503, 504 and 508 pretty thoroughly but still decided to go with 572. The HR recognition is nice but not really a factor in my choice. I got approval for the FOR572 so I'm going to do that. I'll be in Austin in June so maybe I'll see some of you there.

    Regards
    “I do not seek answers, but rather to understand the question.”
    Reply With Quote Quote  

  10. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,410

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #9
    Good luck mate
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks