Security Gatherings for the Little Guys 187
NeedaFirewall writes: "With all of the recent vulnerability announcements and increased concern about terrorism, a lot of folks are starting to take security and privacy more seriously, both at the network and node levels. Large companies can afford to send their IT people to detailed technical security conferences offered by the likes of SANS, Blackhat, and others. Some of these cost thousands of dollars for a single seminar, class, or other event. Small companies and individual programmers, network admins, etc (like me!) often can't afford these. Where can they go to learn more about security? Are there quality security conferences, seminars, trade shows, and the like out there that the little guys can afford? Particularly broad-scope gatherings that can teach these 'security newbies' the basics and alert them to the most pertinent threats?"
rubi-con (Score:3, Informative)
Re:rubi-con (Score:2, Informative)
Re:rubi-con (Score:2, Informative)
The price is up $10 this year, but it's going to be well worth it. That and forno already said he'd be a speaker again next year (just not a keynote
I'd suggest if you live in the midwest, especially Michigan, this is the place to go.
Re:rubi-con (Score:2)
Just sneak into the conference (Score:5, Funny)
h2k2 might help (Score:5, Informative)
JMR
Speaking ONLY for myself, as always.
How about (Score:2)
(OK, I admin-- I find that site somewhat disturbing)
DefCon (Score:5, Informative)
If you're that concerned about getting info from Black Hat, talk to one of the people at DefCon who went and ask if you can photocopy his or her notes. They're the best thing you get for your $1000 Black Hat registration anyway.
Re:DefCon (Score:3, Informative)
Re:DefCon (Score:2)
How much can they afford to pay the speakers if the conference is $75?
I arrived at the WWW2002 conference this year to find that they charge speakers the conference fee! Fortunately I was giving a tutorial and got a free admission but some of the speakers I invited for my panels were somewhat put out.
I suspect that at that price the speakers are not getting much more than a cheap air fare.
I do charge for appearing at some conferences but DefCon is not the sort of place I would expect an large honorarium from.
Last year there was a fringe meeting held just before the RSA conference called CodeCon. The hook there was you had to have written code to speak. It was a reasonably good setup, only the venue was Jammie Z's nightclub which meant an ID check at the door (which kept out some of the cipherpunks) and there was no good place to network duing talks.
Next year I plan to skip the RSA talks, and do CodeCon and the RSA floor show.
Re:DefCon (Score:1)
Re:DefCon (Score:2, Informative)
A few things about Defcon... it's not at the same time as BlackHat, it's just following (which may be what you meant... just hard to tell). This year it's August 2-4. As someone else already mentioned, it's $75. It was going to be $100 but too many people complained or something (conjecture). The price increase was for two reasons: One, so speakers could be paid *iff* they have a good speach. Therefore, speakers who suck won't get paid. So, if they know they suck and won't get paid, they're not as likely to try speaking. Second, the price increase is an attempt to discourage script kiddies and other imbeciles (such as many on
More Information: The Defcon Page [defcon.org]
Also, check out this year's speakers [defcon.org] and this year's slogans [securitytribe.com].
Oh.... one other thing... DC, if you didn't already know, is held at the Alexis Park in Vegas.
Browse the news groups. (Score:1)
Post if you have questions, post if you have solutions.
Easy way... (Score:1, Insightful)
Just get yourself on an older copy of redhat, install, turn on as much as possible, then site back and enjoy! Within 15/20 minutes you should be able to learn many interesting things from your new box!
[/humor]
Re:Easy way... (Score:3, Funny)
Re:Easy way... (Score:1)
Re:Easy way... (Score:1)
DEFCON (Score:1)
Re:DEFCON (Score:1)
The male:female ration at defcon is probably something like 100:1. If you're going to defcon to get laid, chose one of the following options:
Re:DEFCON (Score:1)
people come running, and so do the womens. (they're the ones with beef with all the other people)...
ok so maybe that won't work. Maybe you'll get laughed at. Maybe none of the women would talk to you. Regardless, people will know you. (isn't all publicity good?)
--------
Experiencing the Slashdot effect now for 4+ years
What I do... (Score:1)
Mike.
There's always RTFL (read the friggin' literature) (Score:5, Informative)
Computer (esp. network) security isn't really something that can be learned in a class. It's more of an ongoing awareness of what the threat of the week is. If history has shown us anything, it's that any useful networked system has flaws and can be broken into. As such, it's important to always keep on the forefront of what the enemy is up to.
Irritatingly time-consuming? You bet. A pain in the ass to keep up with? Oh yeah. The only effective way to keep systems and networks secure? Unfortunately.
Re:There's always RTFL (read the friggin' literatu (Score:2, Informative)
Re:There's always RTFL (read the friggin' literatu (Score:2)
Re:There's always RTFL (read the friggin' literatu (Score:3, Informative)
I agree that the literature is a good starting point - the reading room [sans.org] at SANS is a mighty fine
resource.
When I'm ready (read "can do no more without expert help") I'll look into courses/conferences.
Re:There's always RTFL (read the friggin' literatu (Score:1)
I'm SO HAPPY
Re:There's always RTFL (read the friggin' literatu (Score:2)
>"Computer (esp. network) security isn't really something that can be
>learned in a class. It's more of an ongoing awareness of what the
>threat of the week is. If history has shown us anything, it's that any
>useful networked system has flaws and can be broken into. As such,
>it's important to always keep on the forefront of what the enemy is up
>to.
>
>"Irritatingly time-consuming? You bet. A pain in the ass to keep up
>with? Oh yeah. The only effective way to keep systems and networks
>secure? Unfortunately."
>
Are you out of your mind?! Keeping up with stuff is the
best excuse I ever found to lurk on (counts mail filters) Bugtraq,
Incidents-l, ISN, vuln-watch, nanog, SANS newsbytes, CERT, NTBugtraq,
sec-focus, (and even... Slashdot, 'cos you'll hear about the new IE/
IIS hole-du-jour faster here than anywhere
Seriously, I really enjoy following the changing scene, the constant
arms war between the kiddies and the defenders. I just wish *I* could
find someone to pay me to do it. As it is I'm off work this week and
spending most of my time catching up with list backlog. And loving it.
Re:There's always RTFL (read the friggin' literatu (Score:2)
Small budget security training (Score:3, Interesting)
To answer your question, how about asking a nearby college or computer company? I hit up SCO once about security (many, many years ago), and was invited to one of their "internal" security classes for under $500.
Re:Small budget security training (Score:5, Interesting)
Intro Cisco courses are also a great help in the same vein as the first bit of the course goes over networking details if you're mainly a systems admin, and aren't up to snuff on the details of networking.
Depends on what you do... (Score:1)
Unless you have the freetime to actively go scrounging through somebody's code that sort of knowledge probably isn't that useful to you. I have never, in my life, met a sysadmin who had freetime. Instead, I think the useful knowledge you need is closely related to the potential vectors of attack.
For example, one common vector is a network based attack. Thus you should have a strong knowledge of how the network works in detail. Knowing how to construct a solid firewall, and knowing how to limit your attack profile are all important. Knowing cisco stuff, yes, is probably useful here.
Another common vector is the inside job which, though less frequent is usually far more destructive. There you need to have a strong knowledge of what system you have, who uses them, etc. You need to actively manage what limits are put on the access of individual users, etc.
None of this really needs a knowledge of C programming. You need to know best practices like keeping your patches up to date, setting up intrusion detection systems, and teaching people the habits of good security (don't EVER tell somebody your password, etc).
Re:Depends on what you do... (Score:2)
As for inside jobs, it's actually 60% (give or take) of actual FBI cases...
Re:Small budget security training (Score:1)
I know people that have gone and they say its pretty good. The thing with DefCon/Blackhat and such people only talk about 0-day exploit of the day. The Ernst and Young class is more for corporate america and the complex IT enviornment that admins face.
Re:Small budget security training (Score:1)
I've actually dropped out of a local university (supposedly trying to be more up to date and technical) to attend a community college that offers more appropriate classes.
I would suggest books (which can get very expensive for the good ones), online sites have tons of info for a couple good ones check these out.
http://www.infosyssec.com/
http://www.whitehat
If all else fails check out the community colleges, they seem to be more closely tied to the IT corporations. My CC is the SouthWest hub for Cisco, Novell, and MS. Coolest thing is that they dont stop there, they offer classes on such things as perl, *bsd, solaris, security, etc....
Plenty of options.
Re:Small budget security training (Score:2)
Hey, go on a geek cruise! [geekcruises.com]. For $2000 you get a cabin for 2 and 7 days training!
I thought this was an incredible boondoggle until I looked at how much you would pay for a hotel for a 5 day course.
Check out your local 2600 chapter (Score:2, Insightful)
Or try your local Windows/NT and Unix/Linux user groups. Security is a frequent theme of these groups' meetings.
defcon - not just for the l33t (Score:3, Interesting)
2600 (Score:1, Informative)
They take place on the first Friday of every month and there is a list of them all here [2600.com].
Mailing lists (Score:1)
Or if you're really desperate, you could try #hack, #2600 and #trolls on IRC.
TrinityOS (Score:1)
Will help you secure your network.
DallasCon (Score:1)
Obligatory Karma Whore (Score:1, Offtopic)
Note this will only identify some potential holes in your firewall, and won't secure you against other vectors like email worms, malicious employees, nuclear weapons, hair gel, etc.
Try community colleges? (Score:3, Informative)
These are typically touted as free or very inexpensive. Not being a security guy I can't really comment on how good they are, but it probably could'nt hurt to check one out.
My guess would be many small community colleges offer something like this.
Re:Try community colleges? (Score:1)
Re:Try community colleges? (Score:2)
Not to take the obvious route.. (Score:1)
Also, keep up to date on CERT [cert.org] warnings.
Same as everything else though, the best tool is the machine you want to secure.. go play.
-Gih
The number you have dialed 9..1..1.. has been changed to an unlisted number, thank you
Find your local Infosec groups! (Score:4, Insightful)
Find your local ISSA chapter (issa.org),and in Canada there is the CIPS Security Interest Group (through cips.ca). Also, talk to your local VARs and express an interest in security products. Usually they'll invite you to free morning seminars pushing security products.
The point of going to these meetings is to find peers. Once you know a few people, swap email addresses and war stories, that kind of thing, you'll get a base.
I've used these groups to meet colleagues, put together CISSP study groups, discuss issues, and share job opportunities and the like. Once you get a critical mass of people, it becomes very useful and interesting. It's not the same as a conference, but it is far better than working in a vacuum.
And for those of us (Score:1)
Do Research Here. (the url...not slashdot :) (Score:2)
Re:Do Research Here. (the url...not slashdot :) (Score:1)
ISSA (Score:2, Insightful)
About SANS (Score:3, Informative)
SANS offers courses online so you would save on travelling fees. And yes, I would agree on the fact that travelling is expensive. I am going to a SANS conference next month and the hotels + travel + food is going to cost $2000+ and it's coming out of my own pocket.
Aside from that, SANS also have volunteer program that you can go for a conference for free (will be $500 in October) but they require you to do all the setup and monitoring for them (hard work, trust me). But you will still have to pay for your lodging and food.
In the end, just like anything else, there's really no free lunch. But if you are determined enough to learn, you will pay out of your own pocket to go. (like me)
Re:About SANS (Score:1)
For those of you that are considering the value of security conference, I can tell you from my first hand experience that it is worth every single pennies.
I was at one point of time like many of the readers thinking that I could learn a lot on my own and become an expert on a specific area. But after I went to couple of the security conference and sit in the class taught by some world foremost info security persons, I notice that it's an immediate boost of knowledge for me. Things that would take me a year to learn and try, I learned and experienced it within the few days of the conference.
For those who are going to SANS conference, don't skip the certification part. It really makes you learn a lot. (Highly biased) You would be required to write a paper on a specific area, it's not easy and it would mean practical experience for you (cause you have to do it first hand in order to write the paper).
Re:About SANS (Score:1)
SANS is worthwhile (Score:2)
I was surprised at the quality of the presentations. I attended Track 5 taught by Jason Fossen, and learned quite a bit that I had not seen before, especially with regards to configuring IIS and PKI.
I went on to complete the GCWN certification, which was also an interesting learning experience. It's one thing to talk about these various ideas, but it's quite another to try to formulate them into a cohesive paper and communicate it to others. I've used a lot of the knowledge from the class and the research I did for my practical to help secure our new desktop images for Windows XP, something that probably wouldn't have happened if I hadn't taken that initiative.
Very worthwhile, and worth every penny. Although I can see where an individual would have a hard time coming up with the cash, as I believe the conference, travel, lodging and so forth resulted in about a $5k reimbursement check. I think if you were in consulting this would be a valuable skill to sell yourself with and make back that $5k pretty quickly.
Re:About SANS (Score:3, Informative)
The courses tend to be top notch. But that is just part of SANS' value. SANS conferences also feature a series of night courses and informal Birds of a Feather (BOF) meetings (complete with snacks and refreshments). The BOFs cover a whole slew of subjects and if you wish to add to a subject (whether you are an expert or simply curious), you are welcome to sign up and form one and room / snacks are provided for you. These add incredible value to attending a SANS conference.
SANS also does a lot of other interesting things. They have a top-notch certification program (which has generated some interesting documents available to the public). And they are offering more and more of their certification tracks via online training programs as well as starting a localized mentor program to work with the online component.
Re:About SANS (Score:2)
Yes, a good part of the class could have been seen as an overview for an experienced webmin and one guy did seem unimpressed by what was offered (he left iirc), however, at the time I wasn't experienced. I came back to work with some good, practical knowledge and didn't have to spend an hour here and an hour there reading web pages offered by google. IMNSHO, best $300 bucks I've gotten the company to spend on me. Oh all right, second best. Best was the $150 bucks to attend a seminar by Radia Perlman.
Did I mention this course was just after 9-11 and SANS really worked their collective butts off to get him to Chicago? Dedicated, experienced instructors; decent course material; and good delivery of content. If work would pay for the travel expensives I'd gladly volunteer to help run the conference and wedge in a track.
So what did you find lacking when you attended?
Small Company Secutiry Classes. (Score:2)
seminars are overrated... (Score:2, Funny)
Helpout OpenSource Projects (Score:1)
Look into IPCop [ipcop.org] or come out to a local user group (LUG). Both have people with skills to and they want help out. At the same time, they and you will give back, by helping bring others up to speed with both knowledge and questions. So do a presentation, or start a security SIG.
Yes, joining CERT notices or Bug Track will be your first information feed, but it is putting into action by talking to friends, testing firewalls, and helping others gets the information in use.
2600 meetings (Score:2)
Basics (Score:2)
Start out by getting and reading a copy of "Practical UNIX & Internet Security" Oreilly Simson Garfinkel and Gene Spafford.
After that read the documentation on your tools, apache, bind, sendmail, etc and watch www.securityfocus.com
Re:Basics (Score:4, Informative)
1) "Computer Networks" by Andrew S. Tannenbaum
This will teach you what's really going on
2) "Firewalls and Internet Security" by Cheswick and Bellovin.
The BEST book on firewalls. Online version at
http://www.wilyhacker.com
3) "Hacking Exposed" by McClure, Scambray and Kurtz.
Not as systematic as the others, but this one has the specifics that let you see what the other books were talking about.
4) Run a GNU/Linux system and start watching logs, etc. I'm on a dial-up and get hit several times per week. Follow up and see if you can figure out what they're doing; hopefully they don't get in!
5) Keep abreast with CERT, SANS, BUGTRAQ, etc.
6) There is no Royal Road to NetSec; you'll just have to dig in and learn it the hard way.
Re:Basics (Score:1)
If you really want to get into how software can be compromised, start looking to learn about secure coding practices and learn how to audit code. If you want a job but have no formal training, being a recognized code auditor whose patches have been incorporated into open-source programs is a good way to get a positive reputation.
Re:Basics (Score:1)
RTFL (Score:1)
Read your log files! You do have log files don't you? They contain the best and latest information on the most common attacks in use today. If you see something there, and you don't know what it is Google [google.com] it!
USENIX Security is affordable for the lil' guys... (Score:2, Informative)
Re:USENIX Security is affordable for the lil' guys (Score:1)
what fubob said: usenix, usenix, usenix.
all tech, no suits, good location, heavy geek flux.
Low budget, but a lot of personal commitment (Score:5, Informative)
So, my low budget solution is the following:
- Lurk around in the newsgroups like alt.computer.security, alt.hacker, alt.security.pgp, alt.sources.crypto, comp.lang.java.security, comp.os.linux.security, etc, just a bunch of security newsgroups.
- Subscribe to security related mailing lists, like Bruce Schneier's Cryptogram.
- Buy and read a lot of security related books
- Download and play around with free and/or commercial (if available) softwares
- visit frequently security related web sites, e.g. linuxsecurity.com,rootprompt.org (they do have some security related articles),
Sure, sometimes I wish I could attend some of the training sessions at the conference, that'd have saved me a lot of time.
And this requires a lot of personal commitment, and a lot of time. But I've learned a lot, thanks to a lot of people who are willing to share their tricks of trade and their knowledge.
Note that this also takes up a lot of my time at work, but the manager is not clued enough to know that, just like she does not know that a lot of people would spend time doing what she tries to disapprove at work (like spending time learning a new tools/prog.lang/etc). Cost-effective-wise and employee-satisfaction-wise, it is better to spend $5K to send an employee to a conference/seminar/training. Unfortunately, most managers and executives can't figure that out, although they would throw at you all these buzzwords like ROI, CBA (cost benefit analysis), and other craps.
DNSCon (Score:1)
Security is an illusion ... (Score:3, Interesting)
I share the same opinion of others. The best way to stay on top of security is to subscribe to Bugtraq. Other subscription lists like CERT and vendor specific lists, are always lagging behind (sometimes as much as WEEKS) since they tend NOT to announce a security issue until the vendor has a fix/patch available. Bugtraq is pretty close to zero day disclosure and is not vendor specific, thus you have to wade through the subjects to see if anything applies to your site. Additionally, BUGTRAQ is moderated which cuts down on the quantity and noise, unlike other sources which can become excessive.
To subscribe to the list, send a message to:
bugtraq-subscribe@securityfocus.com
This is my securty mantra, "security is an illusion".
If you are connected to the Internet, you can be hacked. All humans make mistakes and all code is written by humans. The best you can do is manage your risk and increase your odds of not being a hackable target by staying informed and being proficient in application configuration.
My advice is to spend your training money on the specific applications that are Internet facing e.g. (RedHat, Apache, Sendmail, DNS, POP3S, IMAPS, Oracle, MySQL, CISCO IOS), make sure you understand the security configuration and hit it hard in the class. Application Security Mis-configuration and weak passwords are probably the number one source of Internet compromises. Often times if you have your applications locked down and secure, the security exploit of the day may be a non issue.
Good Luck!
BugTraq (Score:1)
BugTraq [securityfocus.com]
Cheap security option... (Score:1)
securitygeeks (Score:1)
Affordable computer security conferences (Score:1)
Entrance costs about £15 (around $30 dollars)
It's run by a very knowlegeable guy called Jonathon Wignall.
Its open to all (both security professionals and members of the public.)
Sorry if this doesn't help you.
read some books? (Score:5, Interesting)
The "hacking unix exposed" series of books are also very good.
Forget windows. Get yourself a free unix and learn tcpdump and netfilter or ipfilter inside and out.
Talking about learning security by going to conferences is kinda ridiculous, like expecting to learn archeology by going to archeology conferences.
Free seminars (aka. security sales pitches) (Score:2)
Cheapest.. (Score:2, Informative)
Subscribe to mailing lists like Bugtraq [securityfocus.com] and NT Bugtraq [ntbugtraq.com] and any other OS or application specific products you are supporting. Not bleeding edge but not worth ignoring either.
Vulnerability notification service (Score:1)
We looked at several providers such as Securityfocus ARIS and Vigilinx, but we soon found out those cost very big bucks.
But then we found a cheep alternative at www.securitywarnings.com [securitywarnings.com] and it was exactly what we was looking for.
Cheers
How About Books? (Score:4, Informative)
You asked about conferences, but it seems like what you're really looking for is education in general. Especially as a "newbie," conferences aren't going to be your best bet anyway: They tend to cover what's new and particular topics of interest, but can't and don't provide general background knowlege.
You can get a lot of good books for the price of a conference admission, and that's probably a better way to get started, anyhow. Here are a few recommendations from my bookshelf:
Best way to learn about security (Score:2, Interesting)
Re:Best way to learn about security (Score:1)
IBM.Com is a good place to start (Score:1)
I'm going to H2K2 (Score:2)
Newbies? (Score:1)
That's bullshit, as I'm sure many people who consult or work for smaller companies can attest.
USENIX!!! (Score:3, Interesting)
In contrast, USENIX is actual security technology. Take the tutorials [usenix.org] for in-depth learning on important issues, and the technical sessions [usenix.org] for cutting-edge practical security research. We have a paper this year on the LSM (Linux Security Modules) [immunix.org] project.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. [wirex.com]
Immunix: [immunix.org] Security Hardened Linux Distribution
Available for purchase [wirex.com]
Re:USENIX!!! (Score:1)
what crispin said! usenix! usenix! usenix!
and you get to rub elbows with celebs like the great and powerful crispin cowan, the stackguard guy!
Security skills (Score:1)
One of you emulates the attacker, investigating the tools and mindset the intruder may take, and the other, investigate security tools to investigate better lock down policy's.
You then swap notes, and then hats and start again.
Computer and network security is a long and involved process, but perhaps one of the most interesting.
It's also the most misunderstood field and sometimes, profession.
InfraGard, HTCIA (Score:1)
For HTCIA (HighTech Crime Investigation Association), the atmosphere is similar as there is a lot of info-sharing between HTCIA and InfraGard. HTCIA does require annual dues and per-meeting dues (self-sponsored organization).
You can visit InfraGard [infragard.net]'s main site to see where you and your local chapter are. Then find the next meeting time and follow any applicable directions to get there and show up! I'm a member of our local chapter, and we welcome anyone and everyone dealing with InfoSec, Technology, and general Security. InfraGard is a bit more popular due to the local law enforcement participation (at least in our chapter). Our local chapter is here [ncinfragard.org] for anyone in the North Carolina RTP area.
Check out your local OpenBSD Users Group (Score:1)
If none exists, start one.
Just put up a default RedHat install (Score:1)
Now, count the hours/days until you're compromised. Watch how they did it so easily, learn how to stop it next time. I couldn't think of a better way to start...
My Security HOWTO (Score:1)
A few bible-books in my library include:
Install more than 1 linux box (and RedHat, SuSE, Debian [and anything else that's popular] DOES NOT count. Use Slackware so you can have some semblance of control and learn how things work).
Don't install X; tough it out with the shell. <elitism>We all did.</elitism>
Grab your hands on a Solaris machine, x86 will suffice but try to get a Sparc. That way you'll understand how to do things across multiple platforms.
Setup a network and a routing firewall inside (ie: no masquerading). Then learn that and setup a masquerading firewall for all that to get to the Internet through your gateway.
Oh, Get nmap! [insecure.org] And learn how to use it SAFELY and WISELY on your own stuff.
Read Read Read Read Read! Drop your girlfriend. Sex is good but if you wanna learn it hard, she'll have to go. If she's a geeky girl, have her help you out. She can learn too.
After that, let us know how you did. Take a security test somewhere. Online or Real World, it don't matter. It's fun shit! We love it. But it's hard work to learn it. Once you do, you'll never be the same again and you'll be very very l33t.
BOF at O'Reilly (Score:2)
Software Developers, See HOWTO! (Score:3, Insightful)
SANS on the cheap...$500 (Score:2)
Delivered-To: dcooley@panicdump.org
Date: Wed, 5 Jun 2002 18:34:16 -0400
From: Beth Corcoran
To: dcooley@panicdump.org
Subject: Re: Payment Options
In-Reply-To:
User-Agent: Internet Messaging Program (IMP) 3.0
Quoting Don Cooley
> SANS folks,
>
> I don't know how exactly to ask this so I will just explain my situation.
>
> I currently work at a startup dot com.
>
> They have cancelled all training and let go of everyone in IT except me.
>
> I am the lone Windows/Solaris/BSD/Linux admin. (I am learning wireless/Cisco
> also)
>
> I live in Denver. I would really LOVE to go to SANS this year.
>
> Do you have any scholarships for systems/security admins?
>
> I would also be willing to do data entry, technical reviews, (I have done one
> for O'Reilly)
> etc... "insert odd job" for the chance to go the SANS conference this year.
>
> Please let me know if there is any way I could *work off* the price of the
> tuition.
>
> Thanks for your time.
>
> Don Cooley
> Systems/Security Administrator
> http://www.panicdump.org
Hello! We do have a Volunteer program where you help the SANS staff "run" the
conference. You are required certain things, time, labor, etc., that other
attendees are not obligated to do. For more information, please visit
http://www.sans.org/conference/volunteer.p
Rocky Mountain is July 1. Please let me know if I can be of further
assistance.
Sincerely,
Beth Corcoran
Tuition Office Manager
The SANS Institute
tel: (540)548-0977
fax: (540)548-0957
beth@sans.org
www.sans.org
Just look for a SANS coming to a city near you and be a slave for a week.
Hope that helps
Computer Conferences are *TOO* expensive! (Score:2)
SF Fans don't have any "sugar daddies" to pay for their memberships, as is expected by the various Computer Conferences, and thus cannot charge large fees. And we are about community, not making money.
About the only event that has crossed the SF con with the Computer con is Andrew Hutton and his Ottawa Linux Symposium. But then again, he has attended a number of SF cons, including a few I helped run (Can-CON). More people need to learn how to run SF style cons, and run Open Source gatherings on the same format. SF fandom has a model that works, and all it takes is a few people in some of the larger population bases to put together SF style cons to get this going. And seek out your local SF con, and volenteer...it's the best way to learn how to run these things!
ttyl
Farrell J. McGovern
Staff for:
Maplecon, Pinekone, I-Con, Ad Astra, Concept, and Can-CON.
Re:Computer Conferences are *TOO* expensive! (Score:2)
Vortran out
Re:DefCon 10 is coming soon (Score:1)
Defcon MIGHT be a good bet (Score:4, Informative)
The last year though the topics really didn't seem to be quite as good and there were endless mindless pranks going on. I'm all for clever interesting pranks, but this was dumb stuff like smashing hotel lights, etc. I mean, the prank hilight was dry ice in the pool. Neat effect, but hardly breaking new ground
That's the only problem with Defcon is that it tends to attract a certain anti-establishment sophmoric crowd (because unlike most similar cons, they can afford to get in
It's sorta well suited to vegas. You put down your money and take somewhat of a gamble on what you are going to get. I'd suggest checking the website for the speaker list and see if they have things that interest you. If it looks good, then go for it, give or take airfare and hotel it's a bargain.
Re:DefCon 10 is coming soon (Score:1)