Aaron: You'll enjoy Virginia Beach. I say that not just because I live near there! The conference size is not huge, but not extra small either; and offers plenty of opportunity for learning outside of the course you may take
Kevin On Tue, Jul 5, 2011 at 12:58 PM, Aaron <[email protected]> wrote: > Gentlemen, > > Thanks for your responses. I actually have your book, Seth! I've not > started it yet, but it is on my CISSP study list. > > Thank you all for the advice on the Work Study program. I've applied > for the Virginia Beach conference which is in a few months. I agree > that $800 vs $5000 is a hard argument to beat especially when paying > for it out of my own, shallow pocket. :) > > Aaron > > On Tue, Jul 5, 2011 at 11:15 AM, mike p <[email protected]> wrote: > > Aaron, > > > > I've never taken Sec301. I have taken both Sec401 and 504 and I can say > > that if you feel (as I did) that one needed a foundation before jumping > in, > > 401 seemed to have more technical/hands on focus vs. Sec301. Having said > > that, I've always had a blast at SANS, so I doubt you could go 'wrong' > with > > SEC301, just that SEC401 seems like a better fit for what you describe. > I'd > > go for 401. > > > > Having said that, please be sure to apply to the Work Study program: > > > > http://www.sans.org/security-training/volunteer.php > > > > It's SANS training (plus a lot of hard but rewarding work) at a discount. > > The other benefit is it gives you a few months of online access to the > > materials for the $850 (or so depending on course). It is definitely a > must > > if you are paying for SANS on your own dime. > > > > HTH, > > Mike > > > > On Tue, Jul 5, 2011 at 10:35 AM, Ty Purcell <[email protected]> wrote: > >> > >> Aaron, > >> > >> Based on the below, then I second the recommendation of 401 w/ bootcamp, > >> and then take the GSEC certification. That is also one of the certs > that I > >> see as desired in some job listings. In my opinion, I wouldn't worry > about > >> the Security+ certification. > >> > >> > >> Ty > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Aaron > >> Sent: Tuesday, July 05, 2011 9:17 AM > >> To: PaulDotCom Security Weekly Mailing List > >> Subject: Re: [Pauldotcom] SANSFire 2011 > >> > >> David, > >> I guess you can say it is weird that I am a part of this list but have > >> no official training. My background is in running small businesses as > >> an IT generalist (for lack of a better term). I've always been > >> fascinated with security and think I have a knack for it. My wife and > >> I are currently trying to move west; be it Seattle area, Portland, OR > >> area, or Denver. What I've (embarrassingly) found in all of the > >> interviews I've been on is A) I don't have the experience and B) I > >> don't have the requisite knowledge companies are looking for in a > >> candidate. Thus far in my career, I've either taught myself everything > >> I've needed to know whether reading and applying, or picking the > >> brains of those more knowledgeable than I (hence this list). My > >> knowledge of systems, infrastructure, TCP/IP, networking, etc has all > >> been very informal, rudimentary, and full of holes. Again, learning > >> what I needed to, to accomplish the job/task at hand then moving on. > >> During the interview process I cannot answer some questions or can > >> only answer them at a very basic level. (And yes, there is a good > >> chance I'm being hard on myself, but I don't think I'm too far off the > >> mark.) > >> > >> Regardless of how well I portray this in interviews, companies are not > >> willing to hire someone on speculation. At least not with the job > >> market the way it is. Therefore, I've decided on two approaches. First > >> I'm going for training and certs on my own dime. Second, I'm looking > >> for entry level positions related to security or positions I think > >> will benefit me and help me move up to a security position. > >> > >> I hope that has cleared some of this up. So, knowing the background, > >> you can see why I was looking at the lower level courses in which to > >> start. I think I have a decent technical background and with some > >> basic certs like Security+ or Networking+ I think I can back-fill > >> whatever information I'm missing. > >> > >> I appreciate your reply about the auditing class. I will need to make > >> a decision very soon as the conference is only a few weeks away. > >> > >> Aaron > >> > >> > >> On Mon, Jul 4, 2011 at 6:21 PM, David Hoelzer > >> <[email protected]> wrote: > >> > It's a good course. I know Fred well and he's a good instructor. > >> > > >> > It seems weird that someone on this list would have no security > training > >> > at all. If you don't mind my asking, what kind of background do you > have? > >> > I ask because if you're from more of an operational background and > are > >> > looking to apply security to things and develop good practice, I'd > send you > >> > straight over to AUD 507 (don't let the audit piece fool you... > there's > >> > audit stuff, but it's really what sorts of operational practices and > >> > controls should be in place that auditors ought to look for). > >> > > >> > On the other hand, if you have a decent technical background but > nothing > >> > on the security side and aren't worried about development of secure > >> > practices, I'd send you toward SEC 401. It's a whirlwind tour of just > about > >> > everything to do with security. Prepare to be exhausted. ;) > >> > > >> > Best regards > >> > > >> > > >> > On Jul 3, 2011, at 3:02 PM, Aaron wrote: > >> > > >> >> All, > >> >> > >> >> I am looking at attending SANSFire 2011 in DC this month and taking > >> >> Security 301: Intro to Information Security with Fred Kerby. Does > >> >> anyone have anything good (or bad) to say about this course? Having > no > >> >> formal training in security, I think it would be a great way to get > my > >> >> feet wet and get some experience under my belt. Do you think it's > >> >> worth the $3500 price tag? > >> >> > >> >> Thank you > >> >> > >> >> Aaron > >> >> _______________________________________________ > >> >> Pauldotcom mailing list > >> >> [email protected] > >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> >> Main Web Site: http://pauldotcom.com > >> > > >> > > >> > --------------------------------------------------------- > >> > David Hoelzer > >> > Director of Research, Enclave Forensics > >> > [email protected] > >> > > >> > > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
