SANS Institute

Here's what I think generally. SANS is highly regarded because they've been around a while and cover topics that you can't really find easily otherwise. They also have tracks of content that if you stick to can significantly uplevel you and offer accredited degrees in those areas. Compare that to other training vendors. No one else is doing that as well as they are. They are expensive but that's because of how they pay their instructors; many of whom know the content before they take the courses due to being SMEs. Now, here's where if you know a bit about how they operate it starts to fall off, but I promise it will get better before the end. Not all of the training courses and certifications are difficult because the content is difficult. Some are difficult simply because of the amount of content covered in one cert and the way the tests write to it. You can have infosec guys with 15 years experience get low passing grades on a GSEC if they don't put the time in to properly index their book on an open book test. You will either think that's bullshit, or fair play depending on your point of view. Not all of their instructors are subject-matter experts. Some get a 90 on the test and go through a mentorship program to eventually become an instructor for that content. Part of that mentorship program involves setting up your own LLC or firm and marketing yourself so you look like a SME. You will either think that's bullshit, or fair play depending on your point of view. Once you become an instructor, it's common to get the courseware and exam vouchers for all of the other exams at significantly reduced rates if not free. This combined with the second point can create a quality of training issue. Like the other points so goes this one. Over time, the instructors if they stick around will get opportunities to work on some pretty cool stuff for some organizations that reach out for consulting reasons. While this isn't directly related to SANS, it's a side hustle. Those companies that the instructors have to set up eventually force feedback into becoming real SME. Here's where the real value is. So when you sit a course the best experiences come from sitting a course with a more experienced instructor. For most training companies that means someone who has simply taught the course a billion times. With SANS when you see a senior instructor or tenured instructor those guys are more than just teaching a course based on courseware and the void between them and the people usually in the seats learning is vast. Be humble, make friends and take courses wisely. Try to avoid entry level instructors. Fortunately those ranks are widely shared on the sans.org site. .. and lest anyone think I'm being lousy to new instructors, just know they have to go through a process where they teach a class with other instructors present and just get murdered at the end of it with the intention of quality control. It's not that they aren't good. They're just not yet what you'd expect to be paying for given their pricing. But they're way better than most everyone else. More on reddit.com

Remember that SANS is first and foremost an educator. Certs are awesome, but the education is why I'd ever recommend SANS. Go to sans for some of the best cyber education available...and renew the certs that apply to your niche, and the ones your future employer will pay to renew--work that into your salary/benefits negotiations. More on reddit.com

It's worth it. SANS training is hands on with lots of labs emphasized in their courses. The courses are also regularly updated to be at the forefront of technology. My iteration of the GSEC exam contained no cloud, the newest iteration has something like 40% cloud content. There is some foundational stuff required that not many employers are going to be too impressed by but three of the GIAC certs should move the needle in terms of employment, those are GCIH, GPYC, and GCIA. You also get three elective GIAC course which you could use to set yourself up for a career in DFIR, Pentesting, Cloud or even ICS. The $39K is a lot but if you're working in infosec while you're doing the degree most employers will reimburse $5250 a year so that could cover $10500 of reimbursement which lowers costs significantly. Factor in that those certs, and much more importantly the skills they teach, are highly desired by employers and a SANS graduate should have no trouble making back their investment in just a few years. More on reddit.com

Worth it from a cost perspective? Almost certainly not. You can get a BS for much, much cheaper elsewhere. But the content in the schooling itself is very good, better than anything else you'll find in the online sphere. If somebody else is paying for it and the content is more important to you than checking the box for a degree then it might be worth it. So if your goal is just the degree, I'd say go a different route. But if the degree itself isn't urgent and you can get somebody else to pay for it, it's a good option. More on reddit.com