SANS GMON / SEC511 Review

I completed my SANS GMON / Continuous Monitoring certification. I’m pleased with the process.

My training history is a web app course at DerbyCon (amazing for the cost) in 2011 or so, Tao Security‘s old Black Hat course on security monitoring and the Black Hat version of Offensive Countermeasures, both at Black Hat 2010? Offensive Countermeasures was interesting, but I’ve never been in an environment I could apply any of it.

SANS SEC511 felt like a five day version of Tao Security’s course. I wish this course had existed when I was new.

SEC511 covered a wide range of tools you’d likely encounter in an enterprise and the labs covered some of the more functional open source alternatives. It just seemed to make sense. BroBro is a must for security monitoring while ModSecurity is a bit of a bastard to work with and less likely to provide value in most environments.

The exam was more tailored around understanding the tools and designing a functioning environment for monitoring. I was concerned the test was going to be a memory game of understanding the various flags in tools.

If you’re reading this and are concerned about the test, @Hacks4Pancakes guide for SANS on her website is fantastic.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s