SANS

SANS Technical Institute has been an eye-opening experience for me. I started my first program in March 2024 and completed it by December 2024. It took me roughly nine months to grasp the fundamentals of Windows, memory, networking, and cloud forensics. The program and its instructors captivate students with real-world examples and labs that closely resemble actual scenarios. If you have the means and the opportunity to attend at least one of their courses, I highly recommend it. You’ll gain invaluable real-world experience, knowledge, and resources that will benefit your career for years to come.

GCFE

This course was my favorite, mainly because the OnDemand Instructor began blowing the wall down. Elaborating on ATPs, TTPs, and personal stories made you want to start working on an investigation, and you haven’t even learned what the registry is yet.

GCFA

I found GCFA to be Overwhelming with information, in a good way, though. However, I did have more knowledge on many of the tools used in this course, so I found it less of a challenge and more of a fill-the-gap, but this course is also the same OnDemand Instructor as GCFE—still only positive feedback for this content.

GNFA

It is all about Networking, parsing, pulling, sifting, and searching through Network Flow logs, Files, and more through WebUI and cmd line tools. This course filled my gaps, reopened old ones, and allowed me to excel in understanding forensics based on bytes transferred.

GCFR

Logs, logs and more logs. This course introduces cloud logging and analysis, leveraging major cloud platforms to enhance logging and detection capabilities. You’ll learn to use open-source and proprietary tools, become familiar with SIEMs like the ELK stack, and analyze HTTP, network, and cloud-specific logs.

GRTP

If you’re looking to gain hands-on experience with traditional red teaming — including command and control, payload creation, initial access, and full domain compromise — this course is for you. It’s packed with adversary simulation scenarios and teaches the core fundamentals of red teaming. I highly recommend it to anyone looking to become a stronger blue teamer.

GCIH

This course covers a wide range of processes, tools, techniques, and areas of defense for identifying attackers within different stages of the attack cycle. Although most of the topics are at a basic level of understanding, it serves as an introduction to hacking and defending.

GMON

After completing the GCIH and pursuing the DFIR track, this course felt overly simplistic. However, it does cover solid foundational concepts—particularly around event logs, security tools, and command-line wizardry. It’s a valuable certification for those starting out, but may not be necessary if you’ve already gained experience in blue team or DFIR.