7

I am a programmer, doing mostly web development now, dealing also with securing the web applications in my line of work. I have reasonable knowledge of security matters, though not always staying up-to-date on the latest developments (mainly due to laziness and lack of time). I'm not doing any pen-testing and not plan to specialize of security only, though I of course want to keep my projects secured.

So, from this point of view, is it worth for me to do SANS training - I specifically mean training courses like DEV522 or SEC542? Would they add enough to my knowledge that it would justify a week spend on them (and the money of course :)? I took their free assessment test and made 92% without any preparation and in half of alotted time (missing ones I suspect are some acronyms that are outside of my line of work), but not sure if that means anything.

Especially interesting would be to hear from people of similar background that went to one of these courses or similar ones.

P.S. I understand this is somewhat subjective, but given the info on the background I think there are many people with similar background that may use such information. I just want to try and estimate the level of the course against the level of average security-conscious programmer.

P.P.S. For suspicious minds: I have nothing to do with SANS and don't know much about them, I'm posting the links only so it will be clear what is being asked about. But I like the way you think :)

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
StasM
  • 1,841
  • 2
  • 15
  • 23
  • 1
    Hard to say if its worth it, without knowing your intentions. What do you want to do with it? Do you want to work in infosec, are you hoping this help you get a job? Are you thinking this will help your projects be secure (it wont, you'd be better off just learning the stuff without the cert...)? – AviD Jul 24 '11 at 00:47
  • @AviD As I said, I do not plan to specialize on infosec. I already have a job. I am hoping to upgrade and update my knowledge of security matters as it pertains to creating secure web applications. I am however not looking for certs and not looking for basic "what is XSS" type of courses, but rather in-depth stuff that would tell me something I didn't know before - new techniques, new threats, etc. So my question is are these ones worth it for expanding my knowledge - and maybe if not, what one would recommend instead. – StasM Jul 24 '11 at 05:19

2 Answers2

9

My subjective opinion is that these particular courses are not worth it for you.

These courses are expensive at $4,000+ per course. They are highly structured and compacted into a short time period. These courses are perfect for someone who needs to learn a lot quickly and will do well in a structured intense formal environment.

Based on the assesment test you appear to know a good bit of material. You don't seem to be in a hurry, and it looks like you are more interested in learning how to write good software than earning a certification or writing security papers. (I have a security certification, and I like reading security papers.)

In my opinion learning to write secure software is best done by writing software, having peers review it, testing it, discovering vulnerabilities, and fixing the vulnerabilities. Don't assume that it all has to be done for your employer. Follow announcements and news at OWASP or CERT.org or Dark Reading. Contribute to a honeypot project. Read and answer questions at security.stackexchange.com

It takes time for security knowlege to be collected, ordered, and formatted for classroom teaching. While some instructers will throw some of the 'latest developments' into their classes, most of the class will be well vetted security knowledge.

I think that the classes have value, just not for you.

this.josh
  • 8,843
  • 2
  • 29
  • 51
1

I've taken SANS courses, they are fantastic assuming you have the proper foundations going into the particular course.

Not worth $4000+ of your personal money, but definitely worth campaigning your manager or company to pay for.

sambron
  • 39
  • 1