lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Nov 24 17:36:36 2005
From: srenna at lcssecuritygroup.com (srenna@...securitygroup.com)
Subject: Hacking Boot camps!

I have to disagree in part about SANS being shit.  I personally hold two
GIACs that I had written extensive papers on to attain.  I learned a
good bit while writing the two; however, it was through personal
determination and grit that enabled me to do so, not through any SANS
training as my employer had sent about 7 people to get theirs and none
had successfully completed it.  I never received any training from SANS
so I can't comment on how effective it is; however, I used real world
experience to gain my own certs, so I presume others are capable of
this as well.

SANS is a good concept in theory, lets make it easier for those that
have an interest in IT Security to learn.  However, their exhorbitant
fees and the mentoring program need a serious retooling.  When I was
doing my challenge options, only about 1.5-2 years ago, the price was
$450.  Now, it has been elevated significantly to $800.  The
explanation for this is that instruction materials are being taken by
others and utilized in their own classes, hence, SANS must charge more
to protect Intellectual Property(yeah, doesn't make the most sense). 
The mentoring program is BALLS and I agree that SANS puts the "honor"
of being a mentor onto a certified individual, yet pays them next to
nothing to perform the task of devaluing ones certification.  I was
about to serve as a mentor, until I realized how much work is required
for the person who is serving as the mentor and the amount of money
they are paid for their hard work.  I think I worked out something like
3% of the total a student pays to SANS goes to the Mentor, while SANS
collects nearly 3k on each student, the instructor gets paid next to
nothing.  Then I realized that ignorant fools could take a SANS class,
take two EASY exams and become a GIAC, without the need to write a
paper.  Eliminating the paper requirement, in my mind, is just a ploy
to get more folks to fork over cash to SANS.

With the new distinction between GIAC and GIAC Gold, we're set for a
flood of underqualified applicants being sent to class by employers for
those that really have no desire to learn.  SANS gets paid, qualified
individuals become further devalued as more "boot campers" get GIACs
and everyone lives happily ever after

> -------- Original Message --------
> Subject: Re: [Full-disclosure] Hacking Boot camps!
> From: InfoSecBOFH <infosecbofh@...il.com>
> Date: Thu, November 24, 2005 4:43 am
> To: full-disclosure@...ts.grok.org.uk
> 
> Bottom line is... and you can ignore the SANS instructor/SANS zealot post...
> 
> SANS = SHIT.
> 
> Now that I am in a position with my employer to hire and fire
> people... I will not even consider an applicant who touts his SANS
> certification as something to be proud of or something to make him
> more skilled than the next.
> 
> And, now that I am in a senior position at my employer, I am doing
> everything I can to stop my employer from paying the EXTORTION fees to
> SANS in order to be a part of their what works program and any of
> their training.
> 
> You know what makes me smile everyday... the knowledge in knowing that
> I am not the only senior infosec person at a major corporation who
> feels this way about SANS.
> 
> Fuck SANS.  FUCK EM ALL!
> 
> http://dictionary.reference.com/search?q=sans#without
> 
> sans    ( P )  Pronunciation Key  (snz, sä)
> prep.
> Without.
> 
> 
> --------------------------------------------------------------------------------
> [Middle English, from Old French, blend of Latin sine, without, and
> absenti, in the absence of, ablative of absentia, absence from absns,
> absent- present participle of abesse, to be away. See absent.]
> 
> On 11/23/05, senator.crabgrass@...cast.net
> <senator.crabgrass@...cast.net> wrote:
> > Maybe it is not what you know but who you know.  Best of luck with that grail thing, finding it is veiled, holding it is easy, keeping it polished is where the work is.
> >
> > --
> > vote for me
> >
> >
> > > On 11/23/05, senator.crabgrass@...cast.net
> > > <senator.crabgrass@...cast.net> wrote:
> > > > ... the cert game is nothing more than  a lucrative revenue generator. For
> > > either the test givers or the vender pusher or the land of test king.
> > >
> > > a few respectable names in their roster[1]; i wonder why they don't
> > > name the instructor giving each presentation on their conference
> > > schedule[2]...
> > >
> > > i have a theory: the more legitimately skilled you are, the less you
> > > instruct and the more you are paid.  a nice way to convert reputation
> > > into ca$h!
> > >
> > > [maybe i can get in on this racket once i attain the holy grail of
> > > CPA, GCFW, CISSP, CISM, CISA, CCNA, CCSE, CCSA, GIAC, GCIA, GSNA,
> > > GCFA, GCIH, GCUX, GSEC, QUE, WTFBBQ]
> > >
> > > 1. http://www.sans.org/instructors.php
> > > 2. http://www.sans.org/index.php
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ