We pay absolutely zero attention to certifications. I literally don't know what's in the SANS program.
Not taking Cody's classes wouldn't harm you here, or at any other high-end firm that I'm aware of. But actually taking it would signal a particular interest and engagement with appsec, which is something I would pay attention to.
If there is some other forcing function you have to get you to actually practice software security and find vulnerabilities, that too would be valuable.
I'm pretty familiar with the attitude among hiring managers that certifications generally don't signal anything useful; my boss and I also hold that position (I hold an MCTS that I was forced to get so my employer could get a better partnership status with Microsoft). So I'm curious why holding Cody's certificate might actually mean something where a more established cert would not.
Not taking Cody's classes wouldn't harm you here, or at any other high-end firm that I'm aware of. But actually taking it would signal a particular interest and engagement with appsec, which is something I would pay attention to.
If there is some other forcing function you have to get you to actually practice software security and find vulnerabilities, that too would be valuable.