Penetration Testing mailing list archives
Re: Security Certifications for SOC team
From: Andre Gironda <andreg () gmail com>
Date: Tue, 3 Mar 2009 08:42:26 -0800
On Mon, Mar 2, 2009 at 11:39 PM, Scott <opiesan () gmail com> wrote: Scott,
Wow, didn't mean to ruffle your feathers Andre. I meant that SANS doesn't bias towards any equipment/software vendor during their training. I see your point about SANS being a vendor when it comes to training, but frankly, who isn't? If you're paying a company to provide training of course they're going to focus on their own offerings above others. I'm taking the Offensive-Security training now and while it's much more hands on than my SANS classes were they haven't mentioned other training organizations either. I don't fault them for it because I'm not paying them to tell me who else I should train with. I'm paying them to provide their training to me. It's true SANS doesn't seem to mention many of the other resources you pointed out and perhaps they should change that. I'm sure if a student asked that question during training the instructors would provide whatever information they could but I doubt it would be included in the training materials unless there was a strong push from their "customer base" via the course review system.
Fail me if I'm wrong, but I always believe that training/marketing/whatever material should cite their sources and credit the original author(s) and source material.
One small point of correction regarding your comment above "SANS works fairly exclusively with InGuardians for instructors". SANS is a huge organization with a large instructor pool. It's true that many of their highest profile instructors are from InGuardians but I believe they were SANS instructors before they formed the company (Skoudis, Poor, Wright to name a few). Many, if not all of them, were/are handlers for the ISC. There are plenty more instructors representing a broad spectrum of the industry and not from InGuardians. I don't want to beat a dead horse or come off as a SANS fanboy, just wanted to make that correction. It's unfair to the rest of the great instructors to lump them into a small group like that.
A very valid point/correction, however I was specifically referring to "pen-testing" training and mentioned several application security and incident handling boutiques that are alternatives to InGuadians and SANS for those specific subject matters Certainly SANS does have many instructors for their other classes from a wide variety of organizations across the industry. I plan on making more corrections to this thread and providing a summary via an official source somewhere, possibly in coordination with SANS. Apologies to any for the confusing and potentially incorrect language that I've used. No harm ; No fowl [sic foul] (feathers ruffled). Cheers, Andre
Current thread:
- Re: Security Certifications for SOC team Scott (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- RE: Security Certifications for SOC team Craig S. Wright (Mar 03)
- <Possible follow-ups>
- Re: Security Certifications for SOC team Miller Grey (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team Michael Condon (Mar 04)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team FS (Mar 10)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)