Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Security Certifications for SOC team
From: Scott <opiesan () gmail com>
Date: Tue, 3 Mar 2009 02:39:34 -0500

On Thu, Feb 26, 2009 at 4:38 PM, Andre Gironda <andreg () gmail com> wrote:
On Thu, Feb 26, 2009 at 10:38 AM, Scott <opiesan () gmail com> wrote:
I'm confused as to how SANS is considered "vendor-focused"? I've taken
at least 3 of their classes and don't recall ever hearing them pimp
one vendor over another. An instructor might give their opinion or
preference but the organization overall has always been vendor
agnostic. What vendors are you referring to?

SANS is a vendor.  They are a vendor for conferences, training,
certification, computer-based training, training books, and their
instructors' brand.  They pimp themselves over everyone.

You never hear them mention other training / certifications which are
not provided by them or which they have a class for.  You almost never
hear them speak about other instructional capital such as books,
ebooks, magazines, mailing-lists, blogs, forums, irc channels, news
websites, rss feeds, other trainers, other places to attend training,
conferences, training events at conferences, local chapter or local
security community events, security communities and trade
organizations, et al.

They steal content from all of the above and never attribute it back.
How is SANS vendor-neutral / vendor-agnostic?

This email thread just goes to show that "way too many people" in this
industry are completely owned by the vendors and product industry
around security.

Go read "The New School of Information Security" or something...


Wow, didn't mean to ruffle your feathers Andre. I meant that SANS
doesn't bias towards any equipment/software vendor during their
training. I see your point about SANS being a vendor when it comes to
training, but frankly, who isn't? If you're paying  a company to
provide training of course they're going to focus on their own
offerings above others. I'm taking the Offensive-Security training now
and while it's much more hands on than my SANS classes were they
haven't mentioned other training organizations either. I don't fault
them for it because I'm not paying them to tell me who else I should
train with. I'm paying them to provide their training to me. It's true
SANS doesn't seem to mention many of the other resources you pointed
out and perhaps they should change that. I'm sure if a student asked
that question during training the instructors would provide whatever
information they could but I doubt it would be included in the
training materials unless there was a strong push from their "customer
base" via the course review system.

One small point of correction regarding your comment above "SANS works
fairly exclusively with InGuardians for instructors". SANS is a huge
organization with a large instructor pool. It's true that many of
their highest profile instructors are from InGuardians but I believe
they were SANS instructors before they formed the company (Skoudis,
Poor, Wright to name a few). Many, if not all of them, were/are
handlers for the ISC. There are plenty more instructors representing a
broad spectrum of the industry and not from InGuardians. I don't want
to beat a dead horse or come off as a SANS fanboy, just wanted to make
that correction. It's unfair to the rest of the great instructors to
lump them into a small group like that.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]