the most trusted source for computer security training, certification and research

SANS Training & GIAC Certification Updates

SANS Newsletters Home
Dear Colleague,
I want you to get the most out of SANS and GIAC and that is the purpose
of this note. While I do have friends and coworkers double-check what
I write for accuracy, please understand that this is a personal note
from me and may not accurately reflect the philosophy and thoughts of
the other 48 employees of the SANS Institute. S. N.
CONTENT:
1. Recertification for GIAC
 2. Sarbanes Oxley
 3. Research programs
 4. Preliminary Call for Demonstrations
 5. Call for Authors
 6. Seeking Partnerships
 7. Awareness Update
 8. Update on the GSNA Adjustments
 9. New Practice Tests Now Available
 10. Instructor Led Online Training
 11. SANS Bootcamp
 12. Stephen's pick for small class sizes
1. Recertification for GIAC
GIAC certification is valid for a two or four year period and is
designed to expire so employers can be assured a certified individual
really knows a subject matter and stays current in that area. The time
period in which students can register for recertification has been
increased from 3 months before certification expiration, to one year
prior to expiration. This change will allow for better time management.
Certified professionals can look-up their expiration information at
http://www.giac.org/cert.php. Renewal notifications are emailed
approximately 4 months in advance of the expiration date.
Please keep your email address up to date via the "Update Personal
Info" link in your curriculum page
(http://giactc.giac.org/cgi-bin/momgate), so that we have a current
email for you.
Recertification candidates receive access to the current courseware for
a ten week period along with the recertification exam, all for $120 USD.
This single amount ($120 USD) covers multiple recertifications in a
calendar year. Individuals needing recertification for more than one
subject area will benefit from this offer. For further information
please go to http://www.giac.org/recert.php. If you have forgotten your
login information, please contact info@giac.org for assistance. You'll
be asked to provide your old email address for verification.
2. Sarbanes Oxley
Why doesn't SANS offer courses in Sarbanes Oxley, FISMA, GLBA? Why did
we create a HIPAA course when we didn't create the others? These types
of questions are asked quite often. By the end of the calendar year,
Robert Happy Grenent and his merry band of researchers and writers will
have enough pragmatic HIPAA implementation examples to create a truly
useful body of information that will give guidance to small, medium,
large, enterprise, research, critical care, and general population
organizations. (Can you tell that one size does not fit all with
HIPAA?) I do not feel we can do that with SOX or GLBA at the moment,
perhaps in about a year from now; however, we do have research programs
for all of the above. Someday we might be able to offer SOX and GLBA
courses and know they really empower you to implement systems that are
true to the spirit and letter of regulations. Most of the current
industry courses I have audited or sent to people, are not just bad,
they border on harmful and SANS will not join in that crowd.
3. Research programs
SOX - LAMP 2.0 (Linux, Apache, MySQL, PhP - an electronic storefront)
will be equipped with SOX COSO style controls. If you are a coder in
that environment and are interested in working on the project drop me
a note: Stephen@sans.org.
GLBA - GCIA is leading this effort. If you are interested in
contributing to this project, please send an email to Kevin Bong,
kbong@johnsonbank.com.
HIPAA - We have a need for more pragmatic audit checklists and
procedures for the HIPAA project. All folks that certify with the GIAC
HIPAA Security Certifiate (GHSC) will be completing a checklist as part
of their certification. If you have one you are willing to contribute
please send it to Stephen@sans.org. If you need HIPAA training that will
give you the opportunity to earn certification, try SANS Computer
Security Bootcamp in Baltimore, MD, May 15.
http://www.sans.org/bootcamp04/description.php?tid=51
4. Preliminary Call for Demonstrations - Network Security 2004,
Sep. 29 - Oct. 4,Las Vegas.
A number of people have asked if we were issuing Call for Papers at
Network Security. While there will be some evening SANS@Night talks,
we will not be running a major program. Many SANS courses are taught
bootcamp style. (Bootcamp includes evening programs for additional
focused instruction.) Since so many students are in the bootcamp
courses, there is not enough draw for a large number of evening
technical talks. This means that once again SANS is changing!
We will do short focused demonstrations before bootcamp begins at the
end of class in the evenings. Demonstrations will be focused around
the Intrusion Prevention (IPNET) on the floor but will be located in
the skyboxes above the show floor. Giving a presentation at a
prestigious conference like Network Security can be one of the best ways
to get the boss to approve a trip to Vegas. If you are skilled with a
tool or technique that does something with network traffic, whether
generating or analyzing, and you are interested in giving a short
presentation followed by a demonstration to 30 - 50 people, then please
give me a shout, Stephen@sans.org.
5. Call for Authors
In last month's status report, I sent out a call for authors to help
with writing SANS Operations Essentials, which is the rollout,
configuration management, performance tuning cousin to SANS Security
Essentials. To be candid, it did not go well. Most of the outlines
looked like they were lifted straight out of the CISSP study guide.
So, here's a thought, if you are on the operations side of the house,
(not security, operations), have a technical, pragmatic view of life,
you are willing to write original material based on your experiences,
and are interested in being part of the research and writing team drop
me a note. Perhaps the best way to approach this is to think about a
procedure you currently have in place, if you think we could expand on
this procedure so that we may help others, please contact me and let's
give it a try Stephen@sans.org.
6. Seeking Partnerships
SANS is looking to offer a new series of classes on vendor specific
training and certification this fall. We are also looking for a
training partner in India who is well respected in the local area. If
your are interested in either partnerships please write to
brian@sans.org and tell us about the training courses/certifications
you currently offer along with the number of students trained yearly.
7. Awareness Update
With your feedback, new features are continuously being added to the
SANS Awareness On-line Training & Certification Program. We are
currently developing a train-the-trainer class that will include steps
on developing, implementing, and measuring the effectiveness of
specifically tailored security awareness program within your own
organization. A live version of the awareness training will be
available via our Local Mentor Program within the next month, check out
a demo of SANS Awareness On-line at
http://www.sans.org/awareness/demo.php. Feedback is welcomed! Please
email us with your suggestions or interest: securityawareness@sans.org.
8. Update on the GSNA Adjustments
We recently reported that the failure rate on the Track 7 practical
assignment was statistically out of adjustment and we were revamping
the process. Under the leadership of track chair Gary Anderson, the
graders and board have worked together to make sure the process is as
accurate and fair as possible. We have completed reviewing all practical
assignments and are now bootstrapping a new grading procedure. On
behalf of SANS and GIAC we would like to take a minute to thank the team
for their extraordinary efforts.
9. New Practice Tests Now Available
GIAC Practice Tests are a proven aid in helping to master material
covered on the GIAC exams and earn the valued certifications. Why worry
about retakes when you can take a practice test beforehand at a fraction
of the cost of the actual exam. Practice tests now available are SANS
Security Essentials, Firewalls, Intrusion Detection, Intro to
Information Security, and CISSP. For more information please go to
https://store.sans.org/store_category.php?category=tests
10. Instructor Led Online Training
Instructor Led Online Training is a product to help you learn without
having to travel. Frankly, is it a bit boring than being in a
conference hotel classroom, so we only use our most entertaining
instructors! So far it seems to be working pretty well, the
satisfaction rates are high. But, we will only run this if you want it
- Help us help you! We're getting ready to schedule the next SANS
Security Essentials ILOT course and need to know what time frame you
would like to see this training. Please send your emails to
amy@sans.org with your input.
11. SANS Bootcamp - May 9 - 16 Baltimore Maryland
Bootcamp courses are the best investment for your training dollars.
These are instructor led classes during the day followed by additional
hands-on related materials at night. It is tiring, but if you are
really trying to master a subject area, this is the way to go. Both
SANS Security Essentials (Track 1) and the Hacker Techniques, Exploits
and Incident Handling (Track 4) have sold out in Baltimore. However,
other tracks are still available.
12. Stephen's pick for small class sizes
Outside of the national conferences we are offering very reasonable
class sizes in most of the tracks. The exceptions are SANS Security
Essentials (Track 1) and the Hacker Track (Track 4), they still tend to
be pretty large class sizes. The thumb up has to go to SANS Vancouver
Retreat Style conference, Canada, May 3 - 9. We are offering E-warfare,
SANS Security Essentials (Track 1) and The Hacker Track (Track 4).
Great class sizes, buffet lunch and the hotel is included in the
tuition. A great value for your money:
http://www.sans.org/vancouver04/
If you can't make the retreat in Vancouver, the next best opportunity
would be Kansas City, May 18-23, 2004, we are offering SANS Security
Essentials (Track 1) and The Hacker Techniques, Exploits and Incident
Handling (Track 4) in a small class size setting.
http://www.sans.org/kansascity04/
***************************************************
To change your subscription, address, or other information, visit
http://portal.sans.org

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC

Network Security 2008 :: Las Vegas, NV :: Sep 28 - Oct 6, 2008

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT