Interesting comments from hellNbak@private Just one response to his comment about SANS training should be free to all... Apart from nothing is free in this world, it does cost money to provide SANS training to a large number of audience. It costs money to rent the venue (and all the equipments to go with it), to print the materials, and to pay the speaker and the proctors for those conferences. Yes, the volunteers plays a large role in SANS successes, but there are also some full time staff dedicated to run the organization and plan the events. Just look around the people wearing SANS staff badges in those conference, and you will see only some of them are "volunteers". Granted, some of the folks on this list self-taught everything they knew about this craft, but many still relies on top-notch trainings to know how to identify and to defend their corporate/personal information assets. If one is to measure the value of any commercially available trainings, SANS Institute, in my opinion, provides the best bang for the buck by far. Oh, perhaps everyone on this list will also be interested to know other options of receiving authentic SANS trainings: online self-study, online instructor-led, and locally mentored study sessions. All details are available at www.sans.org. P/S, I am not, in any way, defending Mr. Northcutt's statement, but simply want to clear up any misconception about SANS riding their success on the shoulders of an army of volunteers "suckered" into it. Cheers, Chris -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private] On Behalf Of InfoSec News Sent: June 28, 2004 5:45 AM To: isn@private Subject: [ISN] Stephen Northcutt is sadly mistaken Forwarded from: hellNbak <hellnbak@private> Cc: stephen@private I am not a US citizen but seeing how this got spammed across multiple mailing lists and seeing how the Internet is in deed a global thing I thought I would respond. > This note is intended for U.S. citizens and is a personal note from > Stephen Northcutt. For the past few weeks CERT and SEI, DoD > government funded organizations, have been purchasing google adwords > so that when people search for "SANS Training" they see an > advertisement for CERT/SEI's network manager course. So the purchase of Google ads by DoD funded organization is cause for a personal note from the great Stephen Northcutt? They have a service to sell so why is this an issue? Welcome to a capatilist society. You have to spend money to make money. Either that or you need to sucker a bunch of volunteers to work for free.... > I have a couple of concerns about this. The first is trademark or > brand related, when you search for SANS training, you should get > SANS training. Other competing commercial training companies have > also engaged in this behavior and when I have written them and asked > if this how they want to be remembered by the security community, > they have discontinued this practice. I wrote cert@private a > couple weeks ago and they continue this practice. So take the millions you have made on the backs of SANS volunteers and purchase your own Google adds or hell, purchase Google and fix search engines for all. Imagine the nerve of a search engine to give other results when someone searches for SANS traning. Why doesn't SANS purchase their own ads? I mean isn't this how Internet marketing / Search engine placement is *supposed* to work? > My second concern is that the government offering the course > violates the spirit and letter of OMB A 76. "Two of the key > principles of Circular A-76 has always been that "in the process of > governing, the Government should not compete with its citizens" and > that "a commercial activity is not a governmental function." Commercial activity? Correct me if I am wrong but isn't SANS a non-profit? Has SANS not enjoyed years of government support via attendance and government targetted events? Did SANS not once receive government funding or support? I read the PDFs you linked to and no where in those documents does it say that SANS should be the be all and end all of Security Training. > My third concern is the amount of tax we pay as citizens. The > government is in the process of authorizing about 481 billion > dollars for DoD spending. The Department of Defense clearly has too > much money if they can afford to create training that mirrors > material widely available from SANS, MISTI, CSI, Intense School and > other training organizations. I believe the money spent on CERT, SEI > and the Office of the Under Secretary of Defense for Acquisition, > Technology, and Logistics should each be reduced by at least 10% > immediately. Or perhaps SANS can help solve this problem by reducing the cost of their traning courses. I mean being a non-profit and all and with all the volunteer work -- courses should be free. > I would be honored if you would copy me, Stephen@private Consider yourself honored. > how you would feel if the government decided to compete in a > disreputable manner with a course that took you months to write, > SANS Security Leadership. After that, if you disagree with me, I > would love to hear what you have to say. So please help me and > write your congressman and tell them your home address, make sure > they know you vote and you agree that the government has no business > wasting taxpayer money competing with a course Stephen Northcutt > does a better job of anyway. Unless things have changed in the SANS world over the last year or so, many of the courses are the work of volunteers -- volunteers for a not for profit organization. So competition should not be an issue. In fact, eventhough I am not a US citizen, I support the government spending a little advertising money, perhaps they have noticed your paystubs and seen the potential of such courses as a very profitable business model. The government is doing nothing disreputable at all. If something as simple as purchasing search engine ads is disreputable perhaps you should look at the history of SANS. Hmmm, Hi pot, this is kettle... ummmm black! If SANS cared one bit more about security than their business model this would be a non-issue. The more training courses, and the more knowledge that people can obtain on this subject benifets the community in general. So there is one more competitor to SANS, that is how business works. I leave you with this definition of the word Sans from The American Heritage Dictionary of the English Language, Fourth Edition \Sans\ (s[aum]n; E. s[a^]nz), prep. [F., from L. sine without.] Without; deprived or destitute of. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- hellNbak at NMRC.org http://www.nmrc.org/~hellnbak http://www.vulnwatch.org "There are voices in my head and they don't like you" -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The standard this is my opinion and no one else's stuff applies to this and any email I send from this address. _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!) _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)
This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 07:08:08 PDT