Suggested Training Courses/Seminars/Conferences

Hi all,

So aside from a degree in Management Information System (which only had about three classes I have found truly useful so far in my career, but so it goes) I have zero formal training in information security work and am completely self taught. I have been through every how to, tutorial, etc that I can get my hands on. I have worked through some of the practice systems (De-ice, meta, etc) and been through Unleashed hundreds of times (exaggerating slightly, but you get the point). I consider myself at least slightly competent or at least enough to start diving into formal training and not be completely lost. My current job (system security engineer, whatever that means) allocates a fixed sum for training in the next fiscal year and I am looking for suggestions on what courses people have found helpful. Obviously the first course will be the "Pentesting with Backtrack". I have been dying to take that one for years but now have the (companies) money to do so. After the pentesting class I have around a $1,700 budget so any classes taught on the International Space Station about how to audit the alien mothership's security are sadly off the table.

So what have others found to be good classes/seminars/conferences that have found useful?

There are plenty of threads on this subject. Below are just two. Please use the search function, it's a rule you agreed to, thanks.
http://www.backtrack-linux.org/forum...providers.html
http://www.backtrack-linux.org/forum...g-courses.html

Further this question is really subjective, since it depends on what you want to learn, what you hope to achieve from said course(s) and how dedicated you are to attaining the certificate etc. Providing this information would really be better for us to help you. Otherwise you are going to get a bunch of different answers, and while none of them may be wrong, they may also not fit your case.

I made good use of the search function and saw both of those threads. I also read this one and this one. The reason I asked the question again was because the last thread was more than a year old and I felt the question stood to be asked again. There are new members that join the community and classes that are offered change.


I also realize the question is subjective and that's why I left it open ended. I am a year out of school and still don't have a great idea of what I want to do. I wanted a wide range of suggestions relating to the field of information security. My bachelors was general because I didn't really know what I want to do when I graduated high school. I am still not positive what I want to do but information security has always held a certain interest and I don't have any betters ideas. However, per your request, the area I am focusing in is the actual network analysis, auditing, and penetration. The CISSP route of management and policy isn't appealing for the time being.

As for my dedication to being certificated, that's a given. If I am going to take the class, I am going to pass (or at least try my damnedest).

So what about you Archangel? Which classes have you enjoyed?

There are actually 4 offensive security classes which you can take in a row and are designed to build on each other
1. Pentesting with Backtrack
2. Cracking the Perimeter
3. Advanced Windows Exploitation
4. Wifu ( this can be taken any time since it is a completely separate topic)

Just for reference, my opinions on the subject are pretty much unchanged from what I wrote in the other threads linked by Renek.

I know people with the following (personally have the ones marked *):
CISSP*
OPST*
OPSA*
CISM
CPP

I'd say don't bother with things like Security+ (the IT security industry's A+ equivalent), but that's just me. CEH seems to be requested/required on lots of Gov't contracts in North America, however I'd argue that OPST/OPSA are just as good or better. CISSP seems to have become an industry standard, however it requires prior experience (though this can be gained through SysAdmin type positions).

There are probably some SANS courses worth taking, as well as any courses offered via Blackhat/Defcon.

This is pretty old but might give you some good background/breakdown...danielmiessler.com | writing | infoseccerts

Personally I don't take a course or bother with a certification unless a lot of customers are asking for it or a number of people recommend it to me. (Edit: Or it's really cheap and a VERY interesting topic).

As for conferences I can't add much....I attend CanSecWest every year if I can get work to pay for it and it always seems well worth it.

You may also want to checkout the local chapters of:
ISSA
ISACA
HTCIA
OWASP

Hey Thorin i don't post at all but i read alot. My main goal here is to learn, not much i need to ask. I prefer to figure it out myself but from here and remote-exploit forums the links you post can help anyone learn for themselves. I respect that alot more than alot of other people that post replies. Google doesnt exactly work if you don't know what to look for. Other than you, Lupin's blog has helped me more than anything. Appreciate you guys.

Quote:

---

Originally Posted by blacksheep115

Other than you, Lupin's blog has helped me more than anything. Appreciate you guys.

---

Oh, so you're one of the 10 people that actually reads my blog ;)

Glad you have found it useful.