Hypothetically - and only a opinion:
- When you have known top notch instructors controlled by others GREED that hurts the students.
- When tests are set to fail people to drive profits higher - thats not cool if true
- When books are not easy to use for future reference - that is lame
- When other groups like Splunk have no problem plastering your name 1,000 times in your class PDF's SANS still gives you ancient media (paper) without most of them even being indexed
- SANS is nothing - it's the teachers and class authors they sometimes treat bad is the only reason they are on the map
- At the end of the day you get some immersion time but on a lot of crapware
- I have never seen a quality course update for a retake - EVER
- The original classes I have experience with are usually on older software and/or OS in the first place as that was what the labs were written around. SO memory shifting has messed up the lab lets keep talking about the old OS to look leet.
- If your in a shop that is based off old tools as they are open source and not updated in three years - SANS is the place to be. If you are in a modern shop , you wont be learning their stuff as much as your tool sets - which wont be in the most classes. SANS is becoming a dinosaur except for cert monsters that hang at local sec meets to be a hero to the newbs. It's time to move to tool specific knowledge not the crap they load your CD's with that will be closed sourced in a year or two or abandoned. I have stacks of useless SANS class CD's with most of the tools long since dead. All I am saying is if you make it you don't need most of these dinosaur certs and a CISSP can get you in if you are new then get admin on every tool you can then move up. Interviewer "so you can use insert good or bad Linux firewall here, we use checkpoint, do you know how to use that?" "Sift? whats that, I see it's that good, we use Encase here." "You use a open source SIEM, that's nice we use Splunk - do you know that?" "OpenVAS what is that? We use Nexpose." SANS will teach you a bunch of stuff that is killer or more specifically the instructors will but unless you land in a 50 seat company the larger companies will use other more modern tools than a lot of the SANS classes.
- in the end you are learning concepts and I say the web has passed SANS in many ways and can give you much of what you need in less time than phonebook sized ancient unsearchable un-indexed PAPER.
I'm not mad for myself - yea I hate them for the lame split of the forensics class and high failure rate they engineered for profits in my opinion dream, and lazy splitting up of the class questions and the bad things they have done to a few instructors I know. I cant say more specifics about my dream as it could lead back to sources based on a dream full of opinions. But in my opinion dream I was told clearly they made it a 75% failure rate to drive people to the intro class - sounds like greed to me. I don't care if you believe any of it - I don't it was just a dream.
If your not looking to be a cert groupie - consider how many classes are teaching crusty tech and pick other ones at least at SANS is advise I heard someone on a elevator give the other day.
Or take a bunch of them and in a few years remember I told you as you flip through you ancient paper as they don't trust you over profits and thumb through your stack of class CD's and see how many tools are still relevant or still updated.
If non of this resonates you are closed minded a newb or a cert groupie in my opinion. Do you put all your certs in your email sig? Are you a rock star? I didn't even tell my company about the last two I landed as in the end they want results. I cert up for the future if I am back in the market. I'll have two more in the next three months that also wont be in my email sig.
In the end know your market - all of this is just a opinion and I am a tard. fwiw I really like the SANS instructors I have met - every one of them.
I am not saying anything else as I am out of opinions and stuff I heard from strangers on elevators..