Tuesday, March 6, 2012


At the end of March, I will be experiencing my first SAN class, SEC560! I was awarded this chance by ETHICALHACKER.NET.  On the site, they hold monthly prizes for their registered users. I have been on the site since 2009 I do believe.  They have had discussions on Google, LulzSec, Anonymous, Breaches, FBI, etc.  It is where you can find and discuss IT security issues currently happening today.  It is a very informative site with some of the top security professionals posting articles from time to time.  If you want more information, check out this link (http://www.ethicalhacker.net/content/view/405/8/).  It was definitely a surprise since I usually do not win anything.  I guess it points out even further, that everyone has a chance to win the monthly prizes hosted at EthicalHacker.net. If you have time, try to check out the DIY Career article from Don Donzal if anything else (http://www.ethicalhacker.net/content/view/236/24/). 

Well, I just wanted to give a shot-out to the site before I take the SANS course. The SANS course will be all online which works out well for me.  It will be instructed by Ed Skoudis which I have heard is a great instructor by security professionals.  It will focus on network security and pen testing.  I like the fact that it will include the soft skills needs to be an effective penetration tester.  I have heard Mike Murray press on the fact that a pentester should have equally strong soft and technical skills to be beneficial to the client that you are pentesting.  WIN! The web application scanning looks good but I wonder how far they go.  Also, it looks like it has a CTF event too which I have never been in either.  I think this course (and the OSCE exam) will give me a good gauge to my progress in InfoSec. 

Once I am done, I want to do a review of the SANS course compared to the three Offsec security courses I have taken, OSWP, OSCP and OSCE.  I think the Offensive Security team are on their way to making courses that will set the standard for information security education.  Right now, C|EH by EC-Council, seems to be the standard, (at least for HR) which does not seem right to me.  When I did the self study for the C|EH course, and then, passed the exam, I had never even used netcat.  Uh, yeah that will not fly when you take a OffSec course.  I am not saying that they are perfect, but I would suggest to anyone that is serious about their security career, find a way to start taking the offsec courses.  Soon,  I will know if I need to include the SANS courses as well to that last statement.  From what I hear already, I should.  I will have the review by the end of April hopefully.   

No comments:

Post a Comment