Tag Archives: SANS

Another New SANS Class: Hacker Techniques, Exploits & Incident Handling

So when SANS had a really nice 30% discount on OnDemand classes, I had to go for it: Hacker Techniques, Exploits & Incident Handling

I have until late April to finish it. And no, I haven’t forgotten about doing my GSEC Gold Certification. But I will also need to do my GCIH Gold Certification. So I thought I might as well finish this next class, and then do both Gold Certs. I will then be able to apply for the SANS Master’s program!


Tagged ,

Passed the GIAC STAR Security Policy & Awareness

Well, today I passed the GIAC STAR for Security Policy & Awareness with a 92%.

It wasn’t that bad except for some of the User Awareness Program questions.  That part of the course was difficult for me to really absorb, because of how much information there was.

Up until now, I have been shooting for greater than 90% on my Certification Attempts / STARS with my classes.  I think I’m going to up the ante to 95%.  I feel like this will help motivate me just a little bit more to learn the material backwards and forwards.

Now on to my next class!


Tagged ,

SANS Security Policy & Awareness Class Review

I have just finished with my 2nd SANS class: “Security Policy & Awareness.”

I will say that it was good, but not as good as my first SANS class.


Like my previous class, I took it OnDemand, meaning that I logged into the SANS website, and took it online, at my own pace.  I have to say that I really do like this format, but I do have to say that the OnDemand interface is not the most intutive.  Check out CERT’s VTE for Intuitive.


Overall, if I can sum up the content in a phrase, I would say “Quality, but again, Unituitive”  I was quite disspaointed in the content of the class.  There was a bit of outdated content (We discused Pre-PCI DSS Regulations instead of PCI DSS itself, as well as old statistics).  I also struggled with the layout of the first Section: Policies.  The organization of how it was layed out left a lot to be desired.


The teacher, SANS Ex Officio Steven Northcutt, was, as always, excellent.  Great real-world examples.

Overall, I would have to give the quality of the class a middle-of-the-road B.

Alot of great quality material, as well as a great teacher, but the presentation made it diffucult to understand it all.


Tagged ,

Passed the GIAC GSEC Certification

After almost 4 months of taking my class for a couple hours a day, yesterday I took the GIAC Security Essentials Certification test, and passed with a 94%. I was shooting for >90%, and found it to easier than I was thinking it was going to be.

Next up is the Gold Certification for GSEC, which requires “candidates to complete a technical report covering an important area of security related to the certification the student is seeking.”  I have some different thoughts on some topics, but if you guys can think of anything interesting, and especially relevant to my work with New Tribes Mission, let me know.

As for a review of the class, which I took from SANS, SANS GSEC 401 through their OnDemand program, I thought it was excellent.  Once you get past a few typos, and the obviousy-work-in-progress OnDemand program, I thought that the instructors were great, especially Dr. Eric Cole, and I thought the subjects covered were very good.  Probably my favorite portions of the class was the Cryptology section and  the indepth, low-level TCP/IP instruction.

That’s it for about now-

btw, been following the whole Dan Kaminsky DNS Bug / Matasano disclosure fiasco–Check it out for some interesting, thought-provoking thoughts on how to handle vulnerability disclosure (or how NOT to handle it, as some would quip)


Tagged , ,