Security Gatherings for the Little Guys

NeedaFirewall writes: "With all of the recent vulnerability announcements and increased concern about terrorism, a lot of folks are starting to take security and privacy more seriously, both at the network and node levels. Large companies can afford to send their IT people to detailed technical security conferences offered by the likes of SANS, Blackhat, and others. Some of these cost thousands of dollars for a single seminar, class, or other event. Small companies and individual programmers, network admins, etc (like me!) often can't afford these. Where can they go to learn more about security? Are there quality security conferences, seminars, trade shows, and the like out there that the little guys can afford? Particularly broad-scope gatherings that can teach these 'security newbies' the basics and alert them to the most pertinent threats?"

Easy way...

[humor]
Just get yourself on an older copy of redhat, install, turn on as much as possible, then site back and enjoy! Within 15/20 minutes you should be able to learn many interesting things from your new box!
[/humor]

Check out your local 2600 chapter

I know, I know... these aren't the most professional organizations. However, you can often get a feel for what the current kiddies are up to. :)

Or try your local Windows/NT and Unix/Linux user groups. Security is a frequent theme of these groups' meetings.

Find your local Infosec groups!

[Garin]

The key to learning more about security and making connections is to get involved with your local scene (or generate one, if necessary).

Find your local ISSA chapter (issa.org),and in Canada there is the CIPS Security Interest Group (through cips.ca). Also, talk to your local VARs and express an interest in security products. Usually they'll invite you to free morning seminars pushing security products.

The point of going to these meetings is to find peers. Once you know a few people, swap email addresses and war stories, that kind of thing, you'll get a base.

I've used these groups to meet colleagues, put together CISSP study groups, discuss issues, and share job opportunities and the like. Once you get a critical mass of people, it becomes very useful and interesting. It's not the same as a conference, but it is far better than working in a vacuum.

ISSA

[splume]

Join your local ISSA group. Yes, they local chapters may vary, but on the whole I have found that is is worthwhile. In the Denver chapter we had some great speakers this past year. Plus, you get a couple of hours away from the office every lunch to network with others in your same position.

Or a Big University

[cyphixation]

i've seen a lot of excellent suggestions
to go to local small community colleges
for help, but might i also add, as student
of a large state university: come sit in
on one of our security classes too.

No one knows who the hell is supposed to be there anyway.
i do see a bit of an issue if the class is
small, but the feeling i get from most of
my professors is that the more people they
can speak to: the better (ego sometimes).

And thank you for posting this question...
it's the most useful one i've seen here in
quite a while.

cheers.

Software Developers, See HOWTO!

[dwheeler]

If you're writing software for Linux/Unix systems, go see my book, the Secure Programming for Linux and Unix HOWTO available at http://www.dwheeler.com/secure-programs. It's freely available and redistributable (GFDL license), and it's got lots of information on how to write secure programs. There's lots of information on the Internet on how to write secure programs, but this book gives a lot of information in one place. Enjoy!