When I went through that exercise, we also moved from Nexpose with Metasploit Pro down to just Nexpose and are now working with Nessus and a handful of other open source tools. I think the primary determining factor is whether you want your team's intelligence in the people or in the tools. Both are valid choices, of course, but if you've got the good people who are likely to stick around, it's going to be cheaper in the long run to boost them.
For SANS courses, I think that any of them would be good, but you should pick the one that you are least comfortable attending. That will maximize your learning and minimize the amount of time you spend rehashing what you already know. The trick, I've found, is to keep the learning going after you take a class. if you do that, the specific class isn't going to matter as much as the fact that you have a continual improvement process focused on your people. -Josh More On Fri, Dec 7, 2012 at 3:39 PM, Arch Angel <[email protected]> wrote: > Good Afternoon Everyone, > > Our company is reviewing vulnerability management suites and Metasploit > for validation and penetation testing. Right now we are leaning towards > Rapid7, but would like others opinions on Qualys, McAfee, nCircle, and > Lumension. Rght now Rapid7 wants to sell us Nexpose with Metasploit Pro > and training. I don't believe this will have the best ROI. I believe that > we could purchase NexPose, use Metasploit Community, and go to SANs for the > training. I believe this will be less expensive and be an overall better > choice in the long haul. > > If SANS is choosen what courses would be the best over all for this > project? > > My opinion are these courses, in order: > > SEC560: Network Penetration Testing and Ethical Hacking > SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses > SEC542: Web App Penetration Testing and Ethical Hacking > > What are your opinions? > > Thanks All! > > Robert > (arch3angel) > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
