Get busy training, or get busy dying

At the Jewish Mother in VA Beach...yes, it's called the Jewish Mother.

Let's get this link party started!

To be a total copycat of my former boss and current badass, I wanted to gain some more technical and operational training in the field I have fallen in love with. Then again, a lot of folks of the liked mindset are doing the same thing. So, let's go get certified!

The visit was to a lovely beach venue which was a disconnect for my self-discipline. Why pick beautiful locations where it is very difficult to focus? Can't SANS hold training in Detroit or Fargo or Cleveland? Can't get distracted there.

To break it down to all my non-techie readers (all two of you), SANS is the quintessential training organization specializing in Information Security and technical controls. It's a destination for most worker bees like me. I ended going the introduction-to-intermediate route taking SEC401 Security Essentials. It's the intermediate school for GIAC, which I though would be a good fit.

Some notes for my techie readers (all four of you): if you are thinking about acquiring your CISSP, this course covers seven of the ten disciplines within the exam. It's not a bad review. Granted, CISSP is more of a leadership certification as opposed to the technical nature of the GSEC (certification from SEC401). It's an argument that will be fought back and forth with ISC2 and SANS, but it's really trying to compare limes and lemons--both are good in your professional margarita, but what is your preferred flavor...

If you have already have your Security+ from CompTIA (vendor neutral): this is a great refresh. Granted, I am blessed with a company that allows me to run away for the training I think is needed personally. However, if you are pressed for cash and time and you already have your Sec+ gunning for your CISSP, you might want to uptick to Certified Incident Handler (GCIH) or Certified Intrusion Analysis (GCIA). I know the dollar bills are a big deal with a lot of companies and training regimens. So, bang-for-buck ratio is huge. My current InfoSec mentor mentioned that 401 might has been a bit remedial. However, for people that have little to no background on Linux/Unix and cryptography, this class hits the mark for level of challenge.

It's hardcore training. It's ten hours for six straight days. And it's classroom training, a la lecture and slides. That might not be the flavor of training that some people prefer, but I can dig it. Besides, it's no where near the braincrusher that is MCSE bootcamp. Eff me.

Of course the side story was: I'm at a beach. What could go wrong? Well, if you answered "absolutely nothing", you were correct. My feet, covered with Vibrams, touched East Coast sand only once. That's how focused I was. And that's how important this post-graduate study is. The tech field is so fluid and the use of legacy and revolutionary technologies (mainframe systems trying to support iPad updates...it's not as crazy as you think) it's imperative to stay mentally sharp.

Admittedly there are two arguments I have with SANS. As awesome and powerful of a name SANS has within the tech market, why price the items so high and why not aim for accreditation. I know it's cheaper than a semester in Austin...the really big school in Austin, but if it's upward to 4000-big every class, why not aim for education accreditation as a bona fide post-graduate program that is a total hybrid? Hell, it's the University of Phoenix can collect accreditation (along with quite a few other web-enabled institutions), why can't SANS do the same thing, especially if they are pushing the product.

So, who's up for DEF CON?

Lessons Learned, my three things.
1) No matter how warm you think a venue is, pack sleeves. Beaches are seasonal, but hotel rooms and conference quarters can be ff-ff-f-f-freezing.
2) Never...ever...run in swim trunks. I would show a link or a photo, but yeah, that's just not right.
3) Yeah, no one asks me anymore about joining Facebook anymore. Mmmm, I wonder why?

Next up for the mental gymnastics is the actual GSEC exam. I have 120 days to shut this door, but it will probably be wrapped up sooner than that. After that, it's going to be the physical challenge. Beach to Bay was only part of it...Harbor Half and White Rock, here I come. How do I plan do balance shift work and a marathon workout? Talk later.