I've taken a few SANS courses over the years - the week long, drink from a fire hose marathons - and found them to be hands-down the best training ever.
-Jeff Steward On Tue, Mar 13, 2012 at 2:40 PM, Alan Davies <[email protected]>wrote: > ** > You're right - you don't see SANS all that often on JDs (though DoD ask > for it and a few other US agencies .. I'm UK based and you also see it a > bit more here now including some Home Office/Intelligence areas). However, > I've always found it something of a talking point in interviews, and having > the written assignments published (what's called a Gold certification these > days) can also help demonstrate writing skills and ability to explain > highly technical data clearly. > > Personally, I find GSEC (and therefore CISSP since they're 75% similar) a > nightmare to study for! Too much information .. 10 miles high and 1cm > deep. Much prefer the "harder" certs where you go really deep in one area > like GCIH. The main advantage of SANS certs however is their instructors > and content - the ability to hit the ground running afterwards. You will > do your job better after attending unless you are God-like already! > > Anyway, I feel the OT giant coming to tickle me, so I'll hush now before a > huge conversation on certifications starts up! =) > > > > a > > ------------------------------ > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* 13 March 2012 15:49 > > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues > > Yeah going to need it, got less time than CISSP to study for this one, > but I know 3-5 domains cold from the CISSP so that is just a review, I just > need to think about stuff through the auditors eyes. Looking for a pass the > first time, and then off to C.E.H and CRISC in December. I have been > thinking about the SANS certifications but I just don’t see a clammering > for them in the job places. I was looking to possibly go the GSNA route > which would tie in with my CISA (when I get it)**** > > ** ** > > GL On your GSEC re-cert you should ace that pretty easy, GCIH is a little > harder but not unachieveable. **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Alan Davies [mailto:[email protected]] > *Sent:* Tuesday, March 13, 2012 10:04 AM > > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > Yup, no disagreement there .. my response was more to Stu's point in that > what he described can help increase security in a very general manner in an > organisation, but really the business context is where the value is.**** > > **** > > Good luck with the CISA! I'm re-certifying my GSEC again at the moment > and GCIH this time next year, so also under a weight of study and prep! ;o) > **** > > **** > > **** > > **** > > a**** > > ** ** > ------------------------------ > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* 13 March 2012 12:59 > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues > **** > > Alan, **** > > ** ** > > I totally agree, that is why I always vet the scans I get from any VA scan > and qualitatively risk prioritize them based on what is critical for the > business. Again with healthcare its protection of the CIA of EPHI when > stored, transmitted or processed and any and all systems that are in the > eco-system of that processing. **** > > ** ** > > The scans are done as part testing of the controls of an information > system, but it is not a means to an end nor is its findings absolutely > material to an auditor in determining the controls or lack thereof in an > information system, there are plenty of other things that an auditor must > consider via the ISACA auditing standard ( trust me I am going to be taking > my CISA in june, and there is a lot more to it than I even understood, > because I was only looking at it from the Risk Management and Compliance > aspect, and totally missed all the pieces that make up Governance)**** > > ** ** > > But I do agree Auditors are usually not technical enough to go deep enough > into the technologies and find the trust issues so they can be raised to > management and corrective actions to be taken, this is one of the issues I > have always had sometimes when dealing with auditors ( especially from the > big 4 firms, they have had little or no background in systems > administration, security engineering, database management, and other core > responsibilities in the areas they are to audit, therefore they usually > don’t have the technical expertise needs to complete what needs to be done > on the audit. ( which kinda goes contracting to what the ISACA auditing > standards require)(**** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Alan Davies > [mailto:[email protected]<[email protected]>] > > *Sent:* Monday, March 12, 2012 4:59 PM > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > I still argue that all that aside (and it can be valuable), what I > generally want if I'm in need of a quality piece of work to free up time is > a PT engagement where the testers are made fully aware of the business > context of the system they are testing and the risks and exec summary > framed in that context. Lack of SSL on an inside VLAN may be something to > fix in time, but it's a heck of a lot less important than the public > Internet facing one; access to a social committee intranet server less > important than a customer DB - stupidly simplistic, but you get the idea.* > *** > > **** > > Canned scans are for obliging the tickbox-generation auditors and general > information. Business context is the only way to a valid remedial plan of > action.**** > > **** > > **** > > **** > > a**** > > ** ** > ------------------------------ > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* 12 March 2012 19:20 > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > Yeah well it seems that I am digging a mile deep with a few of my own > tools ( Backtrack, Nmap, Rapid 7 Nexpose, Metasploit) to verify what the > issues are based on a Qualys Scan that a outside organization didn’t have > the time to “validate” the findings, so its been a real joy digging through > 100’s of pages of qualys scan information. **** > > ** ** > > Nessus is ok but seen the false positives with those also, **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Stu Sjouwerman > [mailto:[email protected]<[email protected]>] > > *Sent:* Monday, March 12, 2012 2:55 PM > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > That’s what we do for our customers here. We scan with Nessus, but provide > a shortlist of the real dangerous low hanging fruit and we poke around a > bit, and do a conference call where we show them what the problem is. **** > > Warm regards,**** > > Stu **** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* Monday, March 05, 2012 8:36 AM > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > Thanks, I am glad I am not the only one. **** > > ** ** > > Now if someone followed the Penetration test Execution Standard, and did a > real Pen test and validated the business risks, then I would be impressed, > so back to chewing through this Qualys scan and making heads or tails of > what needs to be fixed and what isn’t a big risk. **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Alan Davies > [mailto:[email protected]<[email protected]>] > > *Sent:* Monday, March 05, 2012 8:25 AM > *To:* NT System Admin Issues > *Subject:* RE: Vulnerability scanning, and calling it a Pen test the rant > continues**** > > ** ** > > You pays for what you gets ... even reports of actions that go beyond VA > into PT still aren't a proper PT engagement if they're not in a meaningful > report, written in English!**** > > **** > > Having said that, sometimes you just want to know if something can be > broken and do the rest yourself. Rarely though .. I have 1better things to > do with my time than translating someone else's results into an Exec > Summary and business context specific findings**** > > **** > > Rant welcome :o)**** > > **** > > **** > > a**** > > ** ** > ------------------------------ > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* 05 March 2012 13:12 > *To:* NT System Admin Issues > *Subject:* Vulnerability scanning, and calling it a Pen test the rant > continues**** > > Not sure if anyone on the list is responsible for Vul Scanning in their > organizations/business or Pen testing there systems, but it still blows my > mind that we have folks out there providing services to organizations and > business calling the output from a Qualys or Nessus vulnerability scanner a > Pen-test. I am current been going through someone else work for about 1.5 > weeks validating the scanners findings on the systems, so I can get working > on slimming down a 225 page report to something that is realistic and > achievable. **** > > ** ** > > Sorry about the rant, it isn’t how I wanted to start my Monday morning. ** > ** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > > ************************************************************************************ > **** > > WARNING:**** > > The information in this email and any attachments is confidential and may > be legally privileged.**** > > **** > > If you are not the named addressee, you must not use, copy or disclose > this email (including any attachments) or the information in it save to the > named addressee nor take any action in reliance on it. If you receive this > email or any attachments in error, please notify the sender immediately and > then delete the same and any copies.**** > > **** > > "CLS Services Ltd × Registered in England No 4132704 × Registered Office: > Exchange Tower × One Harbour Exchange Square × London E14 9GE"**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
