Aaron, I've never taken Sec301. I have taken both Sec401 and 504 and I can say that if you feel (as I did) that one needed a foundation before jumping in, 401 seemed to have more technical/hands on focus vs. Sec301. Having said that, I've always had a blast at SANS, so I doubt you could go 'wrong' with SEC301, just that SEC401 seems like a better fit for what you describe. I'd go for 401.
Having said that, please be sure to apply to the Work Study program: http://www.sans.org/security-training/volunteer.php It's SANS training (plus a lot of hard but rewarding work) at a discount. The other benefit is it gives you a few months of online access to the materials for the $850 (or so depending on course). It is definitely a must if you are paying for SANS on your own dime. HTH, Mike On Tue, Jul 5, 2011 at 10:35 AM, Ty Purcell <[email protected]> wrote: > Aaron, > > Based on the below, then I second the recommendation of 401 w/ bootcamp, > and then take the GSEC certification. That is also one of the certs that I > see as desired in some job listings. In my opinion, I wouldn't worry about > the Security+ certification. > > > Ty > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Aaron > Sent: Tuesday, July 05, 2011 9:17 AM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] SANSFire 2011 > > David, > I guess you can say it is weird that I am a part of this list but have > no official training. My background is in running small businesses as > an IT generalist (for lack of a better term). I've always been > fascinated with security and think I have a knack for it. My wife and > I are currently trying to move west; be it Seattle area, Portland, OR > area, or Denver. What I've (embarrassingly) found in all of the > interviews I've been on is A) I don't have the experience and B) I > don't have the requisite knowledge companies are looking for in a > candidate. Thus far in my career, I've either taught myself everything > I've needed to know whether reading and applying, or picking the > brains of those more knowledgeable than I (hence this list). My > knowledge of systems, infrastructure, TCP/IP, networking, etc has all > been very informal, rudimentary, and full of holes. Again, learning > what I needed to, to accomplish the job/task at hand then moving on. > During the interview process I cannot answer some questions or can > only answer them at a very basic level. (And yes, there is a good > chance I'm being hard on myself, but I don't think I'm too far off the > mark.) > > Regardless of how well I portray this in interviews, companies are not > willing to hire someone on speculation. At least not with the job > market the way it is. Therefore, I've decided on two approaches. First > I'm going for training and certs on my own dime. Second, I'm looking > for entry level positions related to security or positions I think > will benefit me and help me move up to a security position. > > I hope that has cleared some of this up. So, knowing the background, > you can see why I was looking at the lower level courses in which to > start. I think I have a decent technical background and with some > basic certs like Security+ or Networking+ I think I can back-fill > whatever information I'm missing. > > I appreciate your reply about the auditing class. I will need to make > a decision very soon as the conference is only a few weeks away. > > Aaron > > > On Mon, Jul 4, 2011 at 6:21 PM, David Hoelzer > <[email protected]> wrote: > > It's a good course. I know Fred well and he's a good instructor. > > > > It seems weird that someone on this list would have no security training > at all. If you don't mind my asking, what kind of background do you have? > I ask because if you're from more of an operational background and are > looking to apply security to things and develop good practice, I'd send you > straight over to AUD 507 (don't let the audit piece fool you... there's > audit stuff, but it's really what sorts of operational practices and > controls should be in place that auditors ought to look for). > > > > On the other hand, if you have a decent technical background but nothing > on the security side and aren't worried about development of secure > practices, I'd send you toward SEC 401. It's a whirlwind tour of just about > everything to do with security. Prepare to be exhausted. ;) > > > > Best regards > > > > > > On Jul 3, 2011, at 3:02 PM, Aaron wrote: > > > >> All, > >> > >> I am looking at attending SANSFire 2011 in DC this month and taking > >> Security 301: Intro to Information Security with Fred Kerby. Does > >> anyone have anything good (or bad) to say about this course? Having no > >> formal training in security, I think it would be a great way to get my > >> feet wet and get some experience under my belt. Do you think it's > >> worth the $3500 price tag? > >> > >> Thank you > >> > >> Aaron > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > --------------------------------------------------------- > > David Hoelzer > > Director of Research, Enclave Forensics > > [email protected] > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
