At the end of March, I will be experiencing my first SAN class, SEC560! I was awarded this chance by ETHICALHACKER.NET. On the site, they hold monthly prizes for their registered users. I have been on the site since 2009 I do believe. They have had discussions on Google, LulzSec, Anonymous, Breaches, FBI, etc. It is where you can find and discuss IT security issues currently happening today. It is a very informative site with some of the top security professionals posting articles from time to time. If you want more information, check out this link (http://www.ethicalhacker.net/content/view/405/8/). It was definitely a surprise since I usually do not win anything. I guess it points out even further, that everyone has a chance to win the monthly prizes hosted at EthicalHacker.net. If you have time, try to check out the DIY Career article from Don Donzal if anything else (http://www.ethicalhacker.net/content/view/236/24/).
Well, I just wanted to give a shot-out to the site before I take the SANS course. The SANS course will be all online which works out well for me. It will be instructed by Ed Skoudis which I have heard is a great instructor by security professionals. It will focus on network security and pen testing. I like the fact that it will include the soft skills needs to be an effective penetration tester. I have heard Mike Murray press on the fact that a pentester should have equally strong soft and technical skills to be beneficial to the client that you are pentesting. WIN! The web application scanning looks good but I wonder how far they go. Also, it looks like it has a CTF event too which I have never been in either. I think this course (and the OSCE exam) will give me a good gauge to my progress in InfoSec.
Once I am done, I want to do a review of the SANS course compared to the three Offsec security courses I have taken, OSWP, OSCP and OSCE. I think the Offensive Security team are on their way to making courses that will set the standard for information security education. Right now, C|EH by EC-Council, seems to be the standard, (at least for HR) which does not seem right to me. When I did the self study for the C|EH course, and then, passed the exam, I had never even used netcat. Uh, yeah that will not fly when you take a OffSec course. I am not saying that they are perfect, but I would suggest to anyone that is serious about their security career, find a way to start taking the offsec courses. Soon, I will know if I need to include the SANS courses as well to that last statement. From what I hear already, I should. I will have the review by the end of April hopefully.
Why Evolution is True
4 days ago