My overview of SANS Free Resources for the first #100daysofcyber
If you have scratched the tip of the IT security iceberg recently, anywhere on the Earth, you have heard of SANS Institute. If you haven't, it will be my pleasure to introduce and point you to resources that will get you started with SANS' tools, hands-on challenges, scholarships and training.
As synonyms for term SANS frequently mentioned are: cybersecurity training provider leader, most-wanted and highly regarded certifications in the IT security field, be it cyber defense, cloud security, digital forensics, industrial control systems or offensive operations.
It can be heard that SANS training is expensive. Bear in mind that some of the trainings and related certifications SANS offers is aimed at corporations that can afford to send, virtually or physically, an employee or part of their workforce as future experts of the company on a specialized training. I will here focus on resources SANS publishes on a regular basis and makes freely available to anyone who shows interest.
Do the free stuff first! Even if a company decides to send you on a training or you win a scholarship, it is wise to be prepared to ask instructors questions that are not already answered on the Internet and verified. Or, let's reverse it, if you know that you will send employees on a SANS training, equip them in a timely manner with an adequate pre-knowledge so the training with instructors can be fully utilized.
First things first, subscribe to SANS newsletters and create a free account on SANS Institute's WEBSITE. Just do it. You will periodically receive event reminders, news from the industry, information on relevant Slack or Discord channels of communication, and joining the SANS Community grants access to RESOURCES sorted by focus areas, webcasts, Tech Tuesday Workshops, CYBER42 Game Days, SECURITY AWARENESS PLANNING TOOLKIT and you can test-drive more than 50 courses with one-hour free course previews.
To get started with SANS courses, you can immediately take SANS Cyber Aces Online, a free online course that covers three foundation areas of information security: Operating Systems, Networking and System Administration.
Next, let's jump to SANS blog post TOP 5 STEPS TO IMMERSE YOURSELF INTO THE CYBERSECURITY FIELD. Some of here mentioned Holiday Hack hands-on challenges are also sorted by topic in a Google Sheets H2 MATRIX. Well, this should get you occupied for a while.
Maybe you noticed that most of SANS courses have three digits in their names, but how do they form a learning path that covers wanted skills for a real-world job role? Full list of courses and certifications can be found HERE, sorted by focus areas, training formats, with available syllabus. Use the TRAINING ROADMAP to see how individual courses lay out in learning paths.
To get a feel of how it is like to take a SANS course and eventually pass a certification exam, i will here mention:
- Stereotype Breakers founder Masha Zvereva who shares her ongoing SANS journey in vlogs available on Youtube, and recently had the opportunity to take FOUNDATIONS IN CYBERSECURITY and SEC401 courses;
- Andrew Roderos, an IT professional specializing in networking and security, who on his website shared how he PASSED GCIH, including detailed preparation, troubleshooting on the exam day, and tips on how to achieve a high score when the time comes. Bravo Andrew!
- Women in CyberSecurity (WiCyS) blog POST where Dominique Serna, a WiCyS member and a SANS GIAC scholarship recipient, talks about the scholarship, gives us insight in her progress and achievements so far.
Other than courses, there will be SANS tools you'll frequently hear about during the first year in the IT security field. There is a full list of SANS FACULTY TOOLS, but do not let the sheer amount of information overwhelm you, start with DEEPBLUECLI, a PowerShell module by Eric Conrad for threat hunting via Windows Event logs, and OLEDUMP, a python tool by Didier Stevens for analyzing malware in documents. These tools are well respected and used throughout the Community, to see them in action you could watch the video FREE ANALYTICAL TOOLS YOU CAN USE TODAY.... FOR FREE! from Black Hills Information Security and read the MALWARE ANALYSIS: PHISHING DOCS FROM HTB REEL from infosec practioner 0xdf.
In December 2021, SANS published a blog post TOP 10 MOST POPULAR FREE RESOURCES created by SANS Faculty and team, be it top 10 webcasts, blogs, open-source tools, Summit videos or whitepapers. Stay current.
You need an adequate virtual machine for work and practice? Check out SLINGSHOT, Ubuntu-based Linux distribution built for use in the SANS penetration testing class labs and beyond, available in Community and C2 Matrix Edition. SIFT WORKSTATION, with over 200 pre-installed DFIR tools, will be interesting to future Incident Responders and Digital Forensic Analysts.
Also on the hands-on subject, SANS CYBERSTART is a cybersecurity training with hacking challenges and puzzles. Right now, there are 12 challenges available to play for free. But, stay tuned and continue reading until the end, maybe you are eligible for more free training.
For the global cybersecurity community, SANS during 2022 offers a variety of free SOLUTIONS FORUMS and VIRTUAL SUMMITS, where you can register for attending, listen to industry's professionals, level up your knowledge, hands-on skills, industry connections, and eventually submit your first presentation.
SANS CYBER RANGES like NetWars Tournaments and Continuous are, in most cases, self-contained paid cyber challenges, but there are occasions when they are available as a course complimentary or even, as last year, free around some of the Virtual Summits if you register quick enough. Thus, i will repeat the importance of joining the SANS Community in-advance and registering for newsletters.
There is an annual competition of the top-scoring NetWars Core players from the past two years called CORE NETWARS TOURNAMENT OF CHAMPIONS. Recording of the NetWars Tournament of Champions 2021 is available on SANS YOUTUBE, and other than the competition for the best of the best and a live giveaway, it was filled with cybersecurity related trivia. I made the trivia available EXTERNALLY as flipcards, but you can view them in other forms: quiz, matching, bingo, or print them.
Depending on whether you take part of an interest group, are a VETERAN, HIGH SCHOOL or college STUDENT in the US, or other, you could be eligible for a SCHOLARSHIP, discounted tuition via WORK STUDY PROGRAM of even free training, so make sure you stay up-to-date with available options, their schedules, and engaged in the Community.
Hopefully, you found some useful information for yourself or someone you know. Let me know.
Do your own #100daysofcyber. You do not have to have everything sorted out from the get-go, just start. Create a new folder, and start filling it.
Godspeed.
Opinions expressed here are solely my own, this post is not sponsored by SANS Institute.
- Stereotype Breakers founder Masha Zvereva who shares her ongoing SANS journey in vlogs available on Youtube, and recently had the opportunity to take FOUNDATIONS IN CYBERSECURITY and SEC401 courses;
- Andrew Roderos, an IT professional specializing in networking and security, who on his website shared how he PASSED GCIH, including detailed preparation, troubleshooting on the exam day, and tips on how to achieve a high score when the time comes. Bravo Andrew!
- Women in CyberSecurity (WiCyS) blog POST where Dominique Serna, a WiCyS member and a SANS GIAC scholarship recipient, talks about the scholarship, gives us insight in her progress and achievements so far.