I have just finished with my 2nd SANS class: “Security Policy & Awareness.”
I will say that it was good, but not as good as my first SANS class.
Presentation
Like my previous class, I took it OnDemand, meaning that I logged into the SANS website, and took it online, at my own pace. I have to say that I really do like this format, but I do have to say that the OnDemand interface is not the most intutive. Check out CERT’s VTE for Intuitive.
Content
Overall, if I can sum up the content in a phrase, I would say “Quality, but again, Unituitive” I was quite disspaointed in the content of the class. There was a bit of outdated content (We discused Pre-PCI DSS Regulations instead of PCI DSS itself, as well as old statistics). I also struggled with the layout of the first Section: Policies. The organization of how it was layed out left a lot to be desired.
Teacher
The teacher, SANS Ex Officio Steven Northcutt, was, as always, excellent. Great real-world examples.
Overall, I would have to give the quality of the class a middle-of-the-road B.
Alot of great quality material, as well as a great teacher, but the presentation made it diffucult to understand it all.
Josh
Defensive Depth 