Re: Security Certifications for SOC team

[Andre Gironda <andreg () gmail com>]

On Mon, Mar 2, 2009 at 11:39 PM, Scott <opiesan () gmail com> wrote:
Scott,
> Wow, didn't mean to ruffle your feathers Andre. I meant that SANS
> doesn't bias towards any equipment/software vendor during their
> training. I see your point about SANS being a vendor when it comes to
> training, but frankly, who isn't? If you're paying  a company to
> provide training of course they're going to focus on their own
> offerings above others. I'm taking the Offensive-Security training now
> and while it's much more hands on than my SANS classes were they
> haven't mentioned other training organizations either. I don't fault
> them for it because I'm not paying them to tell me who else I should
> train with. I'm paying them to provide their training to me. It's true
> SANS doesn't seem to mention many of the other resources you pointed
> out and perhaps they should change that. I'm sure if a student asked
> that question during training the instructors would provide whatever
> information they could but I doubt it would be included in the
> training materials unless there was a strong push from their "customer
> base" via the course review system.

Fail me if I'm wrong, but I always believe that
training/marketing/whatever material should cite their sources and
credit the original author(s) and source material.

> One small point of correction regarding your comment above "SANS works
> fairly exclusively with InGuardians for instructors". SANS is a huge
> organization with a large instructor pool. It's true that many of
> their highest profile instructors are from InGuardians but I believe
> they were SANS instructors before they formed the company (Skoudis,
> Poor, Wright to name a few). Many, if not all of them, were/are
> handlers for the ISC. There are plenty more instructors representing a
> broad spectrum of the industry and not from InGuardians. I don't want
> to beat a dead horse or come off as a SANS fanboy, just wanted to make
> that correction. It's unfair to the rest of the great instructors to
> lump them into a small group like that.

A very valid point/correction, however I was specifically referring to
"pen-testing" training and mentioned several application security and
incident handling boutiques that are alternatives to InGuadians and
SANS for those specific subject matters  Certainly SANS does have many
instructors for their other classes  from a wide variety of
organizations across the industry.

I plan on making more corrections to this thread and providing a
summary via an official source somewhere, possibly in coordination
with SANS.  Apologies to any for the confusing and potentially
incorrect language that I've used.  No harm ; No fowl [sic foul]
(feathers ruffled).

Cheers,
Andre