Search
  • Michael Weeks

SEC504 - Mentor-Class through SANS

Updated: Aug 13, 2019

Just wrapped up my first swipe at teaching my first SANS course and I thought I'd share my experience for anybody else out there who may be interested in going down the instructor route. If you're not a reader and would like someone to explain this to you with their vocal chords check out Eric Conrad's How to Become a SANS Instructor. However this entry is my experience with SANS starting out as a mentor.


It all Starts with GIAC Certification

At least it did for me - if you score well enough on the GIAC you will get the an email from SANS with the title "An invitation to join the SANS Instructor Development Program". The email let's you know your score and let's you know that the program is the first step in becoming a SANS certified instructor. For most of my classes I just ignored this email, but I finally decided to read the email with one of my newest certifications SEC560 or the Penetration testing class. I decided to do the CyberSecurity faux pas and click the link in the email to go to the site https://www.sans.org/teach.


Fill Out that Form

There is a pretty easy to see "Apply Now" button which requests multiple standard things like name, email, address and what not and there are some forms for "Why do you want to become a SANS Instructor?" and Certifications Obtained etc. - as well as a Biography and reference section. I recommend filling this out as thoroughly as possible - these sections feel as thought they'd be the most subjective and therefore read by the SANS reviewers the closest, in addition a solid Biography will be utilized when you start teaching because it will be added to your material to bring in students.


Wait for them to Reach Out to You

"Them" of course being SANS - where some actually very wonderful folks will reach out. I prefer not to name them here, but you will get to know them if you go down this road. They are all very responsive and will walk through the process. Mostly it is a heavily administrative exercise where you both identify what class you want to teach based on demand and your strengths and then pick a time-frame based on where when you would like to teach the course. After identification of the the class where/when the next step is to actually get students to come to class.


Grassroots Security Training

The mentor program is multiple things - primarily it is a way to identify those instructors who both have a innate ability to teach others, passion for the material, and the ability to generate a level of buzz around them that SANS can actually capitalize on. I know this is a bit rough to hear for some people, but the ability to be liked and personable is almost as important, if not MORE SO compared to the technical aspects of your ability. Remember you will be teaching people, so if you cannot identify with people you will not be as successful. However, if you are an introvert and don't like being the center of attention, I recommend you apply anyhow, it is worth having a small connection to the SANS organization, and even teaching to your coworkers will help you learn the material in ways you would not have thought about before.


Murder Board

After you have at least three students sign up you will be scheduled to complete your murder board. Three students sounds easy, but for my class I had to rely on my network in order to find students for the course. Apparently there is a saturation in Austin Texas for SEC504, but that's ok - I was able to work with my peers and find some folks that thought it may fill in some gaps. The next step is to schedule a meeting with a course veteran and a few other folks that are on the same path as you. During this process you identify a section to teach and you get to teach it. Usually this is all over telecom type of environment where everyone teaches their section remote. The veteran will then take lead and ask you to teach where he/she questions based on typical weird situations that an instructor may come up against. Being the know-it-all, the concerned student, or whatever else the instructor can come up with. After completing the teach the veteran will stop you and ask you how you did then provide feedback - usually doing the typical - "positive feedback first then proceed to tell you where you did everything wrong. You then get to wait for your results.


Results

Of course I failed my first Murder Board, I knew why immediately with the feedback so I decided to focus technically on my next murder board. I read on complex issues regarding buffer overflows and how to do next-level exploitation before I did my murder board. I then taught the material. Being able to describe ROP programming and material that was not even in the course solidified my ability to teach the course and I passed my murder board!


Actually Teaching

I was able to use a multitude of techniques to recruit students - being familiar with the location and knowing the facility was invaluable for me to be able to fill up my ranks of students that were ready to learn and were close to my office. Teaching in my employers office after-hours allowed me the ability to just work late and walk over to conference room. Walking the different students to the classroom allowed me to teach with a home-field-advantage. I knew the area, the technology, and the snacks I could steal from the break-room. Every lesson I read through the material and took the lessons I learned from the murder board to heart and ensured that I knew extra material that I could convey to the students above and beyond that was required. The baseline for instruction allowed me to be able to get excellent reviews every single class. I truly enjoyed teaching the Capture the Flag hands down the most. With this class I was able to walk the students through the exercise and not let them dwell on difficult problems. I've seen walls discourage even the best students in CTFs, students are busy they do not have time to bang their head against a brick wall until the problem is solved.


Completion

A simple check sheet is completed and passed to the same course administrators and you bill out as a contractor for your work. The pay is decent for the amount of work, and is based on the amount of students you have in your class. So it is very fair. It takes 2-3 weeks to get paid. I recommend anyone who may be interested in teaching a class for SANS take the plunge. I know I will be happy to teach for SANS again too, if I got the opportunity.


145 views

©2018 by packetaddict.com. Proudly created with Wix.com