The SANS Institute is a cooperative research and education organization that reaches more than 165,000 security professionals around the world. Their programs undergo constant scrutiny and revision to ensure that the content is both on point and represents the state of the information security landscape as it stands today.
They are, without a doubt, the Ivy League of security education and training. Infogressive invests heavily in training our engineering department, and I was lucky enough to take SEC504: Hacker Tools, Techniques, Exploits and Incident Handling last week.
SANS Training Philosophy
Most cybersecurity educational opportunities are focused on a specific vendor’s technology, or involve professionals talking about a specific exploit or vulnerability they’ve discovered. SANS courses focus on specific disciplines within cybersecurity such as penetration testing, incident response, computer forensics and more. They present a vendor agnostic framework for accomplishing tasks which are central to the responsibilities of information security professionals. SANS instructors are drawn from experienced practitioners, then identified for their ability to pass down knowledge in a classroom environment.
During my one-week training, the instruction never devolved into war stories or one-upsmanship. Our instructor was energetic and knowledgeable about both the material being presented and its use in the field. After 22 years of military service I’m aware of what ‘death by PowerPoint’ is, and this course was the complete antithesis. The presentation was thoughtful and engaging. Not once did I wish for it to be over already.
Friendly Competition
Most SANS courses are composed of a combination of lecture/lab exercises and culminate in a day long practical event. In most classes this is a ‘capture the flag’ type of evolution. You’re encouraged to work with your peers at all points through the class, and it’s these opportunities which provide another extremely valuable component of the SANS experience.
At almost every point throughout the class you’re working along side (or against!) the students sitting around you. You get to know them, share an experience and gain respect for their skills and abilities. Everyone that was on my ‘capture the flag’ team from our final exercise is now a contact on LinkedIn and we all have a feel for the areas of each others’ expertise and know that in a pinch we can call on one another for advice.
A common phrase used by SANS students is that they’re ‘drinking from the fire hose’. Material comes at you fast and in great detail. If you want to absorb what’s being presented, you need to be in your seat and ready to focus every morning. Concepts are complex and deep and if you get overwhelmed there’s no safe word to get you out of trouble. Skim the book for tomorrow’s lesson the night before, and grab your highlighter and note important keywords or phrases ahead of time. There’s a test, and if the concept was difficult, you’ll probably need to know it.
I haven’t even mentioned NetWars! One of the mantras of SANS is that offense informs defense. Every security professional can benefit from being exposed to some pen testing. NetWars is a night time event that occurs after class is over. Competitors are given a scenario and a virtual machine then try to break into things to find information that should be hidden. Every competitor sharpens their Linux skills and their ability to use tools to extract information within a specific time frame and context.
Conclusion
Overall it was one of the most rewarding educational experiences in my professional career, and I’m looking forward to putting what I’ve learned into practice. Security practitioners would be well advised to include such SANS training in their budgets; the world needs a lot more of the good guys!
Written By: Jeff Murphy, Security Engineer
