Security Gatherings for the Little Guys

NeedaFirewall writes: "With all of the recent vulnerability announcements and increased concern about terrorism, a lot of folks are starting to take security and privacy more seriously, both at the network and node levels. Large companies can afford to send their IT people to detailed technical security conferences offered by the likes of SANS, Blackhat, and others. Some of these cost thousands of dollars for a single seminar, class, or other event. Small companies and individual programmers, network admins, etc (like me!) often can't afford these. Where can they go to learn more about security? Are there quality security conferences, seminars, trade shows, and the like out there that the little guys can afford? Particularly broad-scope gatherings that can teach these 'security newbies' the basics and alert them to the most pertinent threats?"

Re:Small budget security training

[Telastyn]

I'd also recommend spending some of the cash on a programming course if you've not taken one. Generally something in C would be best as it's one of the most common (and low-level and broken) languages. Understanding the bugs that can lead to exploits can help alot in understanding exploits themselves.

Intro Cisco courses are also a great help in the same vein as the first bit of the course goes over networking details if you're mainly a systems admin, and aren't up to snuff on the details of networking.

read some books?

[wobblie]

Well, first you must know tcp/ip very well. ORA's "Internet Core Protocols" is an excellent start and a very good book.

The "hacking unix exposed" series of books are also very good.

Forget windows. Get yourself a free unix and learn tcpdump and netfilter or ipfilter inside and out.

Talking about learning security by going to conferences is kinda ridiculous, like expecting to learn archeology by going to archeology conferences.