Monday, June 22, 2009


Just signed up to recertify for my GCIH. Of all the SANS certs, I'm thinking the changes in the material for this one will be huge (that's Certified Incident Handler).
Day one of the course covers the seven steps of incident handling, procedures, putting together your team, etc. The next six are all exploits. I certified back in January of 2006, which means I took the material mid-2005. And, as good a job as Ed Skoudis does keeping his courseware up to date, parts of it were probably dated as they came off the printing press. Things just change just toooo rapidly.
Recerts for SANS are every four years. Obviously this isn't often enough to really keep you on top of what you need to know. Listservs and web sites help some, like the Storm Center, Security Focus, Emerging Threats, etc. but it's mostly top level info.
You still have to dig further to really understand the mechanics. And it takes time. And there's a huge amount of it. How do you really keep up-to-date?

No comments:

Blog Archive