Last week, I mentioned an article in CIO Magazine that discusses several ways to hire and keep security personnel. The article suggests that companies can retain staff by offering incentives such as letting employees attend yearly training conferences. A lot of security conferences and seminars are available, and the number of new events continues to grow. The cost of such events isn't cheap, and determining which events to attend isn't always easy. This week, I describe three of the more popular choices: the NetSec conference, the Black Hat Briefings, and SANSFIRE training seminars.
Computer Security Institute (CSI) hosts NetSec 2002, which takes place in San Francisco June 17 through 19. The conference will offer more than 85 sessions on a wide variety of subject matter, including Internet and intranets, secure e-commerce, VPNs, computer crime, Denial of Service (DoS) attacks, forensic investigation, response teams, cryptography and public key infrastructure (PKI), intrusion detection, Windows NT, privacy, policies, awareness, remote access, and more. In addition to the learning tracks, an exhibition will feature products from more than 70 network security vendors. Just about anyone involved in network security should consider attending NetSec 2002, and CSI is expecting more than 1500 attendees this year.
Black Hat Briefings
The next Black Hat USA 2002 Briefings and Training is scheduled for July 29 through August 1 in Las Vegas. Windows & .NET Magazine and the Security Administrator newsletter are sponsoring this popular event that includes a series of informational briefings and a training series. The briefings include more than 30 talks by notable industry insiders covering a wide range of topics such as using biometrics, auditing source code, tracing anonymous users, securing databases, using second-generation honeypots, securing email, attacking wireless networks, cracking Voice over IP (VoIP) Cisco Systems router forensics, and more. The training series includes 12 sessions that cover security-related tools and toolkits, Active Directory (AD) security, advanced Internet Control Message Protocol (ICMP) scanning techniques, and a variety of hacking techniques (e.g., hacking into Cisco networks).
The System Administration, Networking, and Security (SANS) Institute hosts numerous training events each year. The Institute's SANSFIRE 2002 event is scheduled for June 25 through July 2 in Boston. The event is for new and experienced security practitioners and includes several learning tracks, including security essentials, firewalls, perimeter protection and VPNs, intrusion detection in-depth, hacker techniques, exploits and incident handling, securing Windows, securing UNIX, auditing, forensic investigation and response, information security officer training, and more.
If you're looking for a seminar to attend outside the United States, CSI, Black Hat, and SANS all host conferences in various countries. For information about these international events, visit each organization's respective Web site. Of course, you can perform a simple Web search to locate a variety of conferences and seminars presented by other organizations. My search results revealed dozens of interesting events. Although most security-related conferences are hosted by non-vendor-affiliated organizations, many security product and service vendors offer seminars to create a better understanding of how particular products fit into a given security strategy.