| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Nov 23 23:07:09 2005 From: cdupuis at cccure.org (Clement Dupuis) Subject: Hacking Boot camps! Good day InfoSecBOFH, Hum... It seems like you have something to settle with SANS, I really do not know what they did to get you this mad or what negative experience you had to go through but they definitively are not on your white list. > - Their training is out of date I guess this is the growing pain. It becomes an unbelievable challenge to maintain over 20 tracks. I do not believe they are all outdated as you claim; all of tracks are usually updated a couple times a year. > - Most of their instructors are unqualified to answer any questions > that are not in their training books. Most of their classes have outstanding instructors such as Ed Skoudis, Mike Poor, Eric Cole, Chris Brenton, Jason Fosen, Joshua Wright, Bob Hillery, Marcus Sach, William Stearns, etc... These instructors will not only answer questions on security topics but have also written the training books and have been published in magazine and books as well. They are well respected in the community and very competent. If you would dare to call any of these instructors unqualified, you must have a very demanding level as far as an instructor is concerned. I totally disagree with your comment about them being unqualified, they are the best, and they are the people delivering a lot of the live classes. I have heard of some negative comments related to their other delivery mechanisms but their live classes are being done by great instructors. > - Most of their instructors will feed you with a marketing pitch for > their own consulting or product companies. Most instructors will introduce themselves within the first few minutes of the class and this is the extent of it. I think it is only fair to give your company credit as well as yourself. After all, it is your company that gives you time to attend and teach in many cases. If any instructor goes above and beyond this, they are out of line and not following their own code of ethics. > - The so called "SANS What Works" program where they endorse vendors > who have products that actually work and help with infosec issues is a > sham. They will list any vendor that pays their 25K "fee" to be > listed. I must agree with you on this one, people think that the products featured are endorse and recommended by SANS but this is not the case. SANS is only showcasing a company and what they have use with success or what has work in their very specific case. The company has you have said has to pay a fair amount of money to have their case and product showcased. It is people reading about it that takes for granted that the product presented is endorsed by SANS, it is stated clearly on the SANS website that it is not the case. Of course, nobody from SANS has attempted to dispel the myth (to the joy of the people who have paid to be part of the program). I guess they see no reason to attempt doing so because it is stated clearly on the web site what the program is about. The name "SANS What Works" is somewhat misleading I must admit. A bit more information could be provided on what the program really is, what it stands for, and what is the endorsement being made. > - Here is how the pyramid works. You have Northcutt and Paller on the > top of things as the creators of this so called non-profit (yet they > have multi million dollar homes in Hawaii). They *USE* volunteers to > come up with training material and to run their "mentoring program". > Then, they take the volunteer work, hand it to their close friends who > also happen to be their full time instructors let them take credit for > it and have them deliver the course and of course pay them very well > for it. Nothing like making money for your 'non profit" on the backs > of volunteers who you still charge to attend the training BTW. Both Stephen Northcutt and Allan Paller have never claimed to be non profit because they know that they are not. Their web site and documentation does not pretend to be non profit either. Somehow there is this myth from the early days that has been going around about SANS and GIAC being non profit. On the training material side: The training material being developed for the past few years has been done by people who were compensated for their work and NOT free work as you claim. The local mentor are paid as well, they are not doing volunteer work. I have heard good comments and very sad comments about the delivery of the program. I guess you mileage will vary depending on who is the mentors. I do not know of any regular instructor who has taken someone else material and claim it was their own. There is no volunteer that I know of, producing training material without getting paid for each slide if it is being used for training. In fact SANS has one of the most generous royalty programs out there. None of the large training organization out there will pay you royalties the way SANS does and the amount SANS does. I must give them credit on that side. You are right: SANS has the best pay in the industry. Do you have a specific example of someone who has developed a course, a short class, or anything for free and the material got used and abused as you claim by SANS or an instructor or SANS? I know SANS is not perfect, they are not what they use to be as a community, but they still deliver quality training and credit must be given to them where it belong. Other training vendors are doing nothing to give back to anyone. At least SANS are giving back to the community through many projects. Take care Clement
Powered by blists - more mailing lists