If you haven’t heard of Community SANS courses before, I encourage you to have a look at this new format (new outside the US, where it’s been running for years). This is a great way of bringing the popular SANS courses to your local security community at a reasonable cost, especially for those that can’t attend the major events.  It’s worth mentioning that unlike the SANS Mentor  sessions, these are delivered over a six-day period, just like it is at a larger SANS event, including the full set of books and access to audio files. They are just delivered in your own community, in a small classroom setting and at a discounted cost for tuition and travel expenses.

I’ve already described my experience with SANS, both as student and facilitator, so I won’t go over that again. Also, you can find a further detailed description of the Security 503 track on SANS website, an outstanding course that I’ve already described as the “most valuable course I’ve ever taken”. However, I want you to listen to Mike Poor, instructor at the SANS Institute and co-author of this course (along with Judy Novak and Guy Bruneau), describing it on YouTube. Mike Poor is both an amazing professional and a great guy that I had the opportunity to meet at SANS Sydney in 2008, when I took his Penetration Testing class. As Mike would say, this IDS course is simply “awesome”!

That’s been what I call my ‘SANS itinerary’ since I started this exciting journey back in June 2007. It all started at SANS Secure Europe, in Brussels, where I took my first SANS class with Jess Garcia, CEO of One eSecurity and a good friend of mine. It was SECURITY 508, System Forensics, Investigation & Response, an awesome track created by Rob Lee on one of the most interesting and hot topics of Information Security. It’s been almost two years since then, but now I realize the tremendous positive influence that event had in my career as a security professional.

Early on the first day, I could see that was a different kind of training, far different from all the training sessions I had attended before, including the well-known CISSP bootcamp and vendor specific training like Checkpoint‘s and others I took in the past. Unlike those, this was real hands-on training, with lots of exercises and challenges, including the use of several virtual machines and an arsenal of security tools you can take home with you. Also, the amount of material you receive throughout a 6-day course is awesome. Someone described it like “drinking directly from a fire hose”. Actually, I can’t describe it better.

Add to that a friendly, relaxed but yet professional atmosphere, and the multiple opportunities you get for both networking and sheer knowledge with attendees and instructors and you will understand why Brussels was only the start.

With Carlos Fragoso and Richard Fadul at SANS Secure Europe 2007 in Brussels

Next came London, in December 2007. That time I chose the challenging SECURITY 503: Intrusion Detection In-Depth. I don’t exaggerate if I say this is the most advanced course in network intrusion detection and traffic analysis that has ever been taught, and by far the most valuable course I’ve ever taken. The quality of the material is outstanding (I keep using it as a valuable reference) and the fact that I had Dr. Johannes Ullrich (Chief Research Officer for the SANS Institute and responsible of the Internet Storm Center) as instructor was really a plus. Even if you knew nothing about IDS I guarantee the first thing you will do when you’re back home is setting up a Snort sensor or even deploying a Sguil NSM System!

Last thing I can say about this course is that I actually enjoyed it three times: first at the live event, second when I went through the entire courseware and exercises again to prepare for the GIAC exam, and third, when listened to the mp3 files of Mike Poor teaching the same material in a different venue. Two instructors for the price of one!

The same was true of my third stop, SANS Sydney in November 2008. This time it was SECURITY 560: Network Penetration Testing and Ethical Hacking, delivered by Mike Poor (I was looking forward to meeting him!!) and authored by Ed Skoudis.

While this is described by SANS as “one of the most technically rigorous courses offered by the SANS Institute”, I had some advantage with this one. While my previous experience in areas like Forensics and IDS was limited, I had been doing penetration testing at different professional levels for more than 8 years. Although I was certainly familiar with many topics and tools like Nessus, Nmap, Metasploit and others, there were plenty of advanced tips and tricks that made this course worth the money. I will just tell you that the section on Windows command line kung fu for pentesters and the exercises on password cracking using advanced Netcat relays will leave you breathless!

Ultimate hacking with Damian Grace and Robert Di Pietro at Mike Poor’s class in Sydney!

Then again, I enjoyed listening to Ed Skoudis’ mp3 files while commuting to work for the last couple of months before I took my GPEN exam. Thanks Ed for making traffic jams a lot more bearable!

My GIAC Certs: GCFA, GCIA and GPEN. Watch the 99% score on the last one!

As I said before, so far this journey has given me the opportunity not just to receive top quality training from some of the best security instructors in the world, but also to meet great professionals, colleagues and friends that make you feel part of a unique security community. Some of the people I’ve had the opportunity to meet and even hang out with includes Jess Garcia, Mike Poor, Johannes Ullrich, Raul Siles, David Perez, John Fitzgerald, Pieter Danhieux, Richard Fadul, Carlos Fragoso, Almerindo Graziano, Jonathan Ham, Justin Clarke, Robert Di Pietro, Chris Mewett, Damian Grace, etc… and many others I am fortunate to keep in touch with.

Now, the next stop in my ‘SANS itinerary’ will be Amsterdam in May this year. This time I’m proud to say that I’ve been selected to facilitate at SECURITY 542: Web App Penetration Testing and Ethical Hacking, a new 6-day track written by Kevin Johnson and focused on finding and exploiting web application attack vectors. Seth Misenar will deliver this track at SANS Secure Europe 2009 in Amsterdam.

Best thing this time is that, in addition to attending the course, as a room facilitator I will have the opportunity to work closer with all the instructors (specially with Seth) and other fellow team members.

I look forward to that!