The negatives on SANS and EC-Council

A simple search finds the following comments from those in the know:

Lack of communication. Toxic culture. Employees are generally overworked and stressed. If you live without anxiety, work for #SANS and that’ll change; guaranteed, or you’ll get your money back! Furthermore, a few employees have terrible attitudes and blatantly disrespect others, but are not reprimanded. This, understandably, lowers employee self-esteem and creates a serious feeling no matter what you do, it isn’t enough. Bullying should never be encouraged and/or ignored in the workplace, ever. Lack of opportunity for growth. You’re hired for a job and that’s about it. Unless, of course, you wait 3+ years for a promotion despite going above and beyond on a daily basis without hardly any recognition. Outdated mentality/processes and lack of innovation. The best way to describe the SANS mentality is “if it’s not broken, don’t fix it” and “we’ve always done it this way, let’s not change it.” Overall, the company has sky-high expectations of employees unless you’re buddies with upper management. Most are expected to handle two jobs in one, and in return, most work well over 40 hours. Forget actually using PTO – you’ll be receiving tons of emails while you’re out, and you’ll just be stressed out thinking about work. All the above is prevalent throughout, but is more severe amongst a few specific teams. The sad part is, if you work(ed) for SANS, whether you loved or hated it, you know exactly what teams I’m referring to.

Good old boys club stifles progress and not open to ideas. There is a toxic environment of silos with not a great amount of collaboration which creates redundancies and inefficiencies. There is not an effective or knowledgeable HR team which can even help move the needle. Not progressive in thought process and happy to just keep doing things the way it’s always been done or “we want it the way it used to be” which doesn’t inspire the company to remain competitive in the marketplace. No diversity or career opportunities. Salaries are not competitive unless you are part of the c-level. There are quite a few slackers and toxic individuals who never are reprimanded for their bad behavior which sets a very bad example and does not create a good culture or develop trust in leadership to do the right thing.

But that’s not what the question is asking. Instead, it’s asking superfluous information about the default behavior, namely about Linux defaults. It’s a trivia test, not a knowledge test. If you’ve recently studied the subject, your course book probably tells you that Linux traceroute defaults to UDP packets on transmit. So, those who study for the test will do well on the question.

Fox in the Hen house? If you cannot protect your own information, how can you teach others to do so?

SANS — It seems that SANS is very well recognized, but I am curious
about how it is you take a 5 day class and are now ready to test into a
cert. it also seems that they are far more granular, I don’t know if
this limited scope is what makes the 5 day class do-able, or if it is
simply a way to generate more revenue by offering more classes and more
tests (SANS classes are some of the most expensive I have seen)

Charlatans – EC-Council (ECC)

According to their ‘About Us’ page, EC-Council describes itself as:

The International Council of E-Commerce Consultants ( #EC-Council ) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs, that are offered in over 60 countries through a training network of more than 450 training partners globally.

EC-Council’s history is mired in controversy, with a wide variety of criticism coming from both the education and information security professions. The company not only runs an extensive certification program, they also operate a virtual university. This has not stopped them from taking shortcuts usually reserved for students, by plagiarizing content from other sources and including it in their commercial offerings.


Want to take any of these courses? (They are all online free via our adversaries – Iran, Russia, China, etc.)