Saturday, February 21, 2009

SANS Orlando 2009

So, next week I'll be attending the SANS Orlando event, and for the first time not taking a Security related course during the day. This being said, I do plan on attending the security talks in the evening, as well as the 'Wireless Intrusion Detection Tactics - Hands-On Workshop' being hosted Thursday evening by Paul Asadoorian (he co-hosts the PauldotCom Webcast <http://www.pauldotcom.com/>). The previous SANS event I attended was SANSFIRE in DC last year, which was a great time - I'm looking forward to this upcoming event!

Why take management classes instead of the security courses? Well, I had a tough time deciding on what I would like to attend, and this coupled with the fact of what I thought work might pay for, I decided to take a few Management courses. In my opinion, whether or not you aspire to be a manager, being familiar with the business/management needs of your organization is crucial to every IS/IT professional out there. Having the ability to discuss matters in business terms brings much more value to your career and helps to bridge the gap between the geeks and management. I know many times the geek in us would rather be sitting in the corner cranking out code or analyzing juicy logs, but being able to convey the importance of this to management enables us to not only keep our jobs, but also to be able to convey and leverage the importance of IT/IS in the workplace.

OK, enough of that for now...so your asking, "What are you going to be taking?" Well, see below for my schedule:

Monday March 2nd through Saturday March 7th:
Management 525: Project Management and Effective Communications for Security Professionals and Managers (Instructor: Jeff Frisk)

Sunday March 8th
Leadership and Management Competencies (Instructor: Stephen Northcutt)

SANS Evenings:
Sunday March 8th (1900-2000):Privacy Loss in a Pervasive Wireless World
Wednesday March 11th (1800-2100):The Enemy Within - Detecting Suspicious Network Traffic via Security Visualization Techniques
Thursday Night (1800-2100)Wireless Intrusion Detection Tactics - Hands-On Workshop

I'm still waiting on a confirmation for the Wednesday evening event - since it has a limited amount of seats - but if it doesn't work out, there are a slew of other good presos taking place in the same time slot. For those who have never attended a SANS event, it's a great time, and with all the cool events and luncheons taking place - it's intense and can be draining, due to information overload! I've met a lot of really cool people from these events, and hope to meet some more at this upcoming conference. If your going to be there, and happen to stumble across our blog, dart an email my way as I'd love to meet ya.

Link for the Event: <http://www.sans.org/sans2009>

Cheers,

Matt

Tuesday, February 10, 2009

ShmooCon 2009

A friend of mine asked me a few questions about the recent ShmooCon V conference I attended (so did Steve) in DC, and I wanted to post the excerpt from the email below. This is the first ShmooCon I've attended, and it goes w/o saying that I enjoyed myself far too much with the evening festivities, and more so enjoyed the presentations and atmosphere during the day at the conference. For those of you looking to attend something like this "A Hacking Conference", I HIGHLY recommend it. I've been to DefCon, and it's fun as well, but Bruce Potter and the ShmooCon Team really do one heck of a job with ShmooCon, and the attendance is limited, so it isn't too crowded.

My 2 favorites from the con (this was tough): Next Generation Wireless Recon, Visualizing the Airwaves and The Fast-Track Suite: Advanced Penetration Techniques Made Easy. The information below is solely my opinion, and I can post additional comments if you would like more specifics on a preso I attended.

"As for the way this was laid out, here is a link to the schedule: http://www.shmoocon.org/presentations.html . This is simlar to DefCon - or pretty much any other hacking con I can think of - where you have to choose which presentation to go to. Aside from the first day, you have 3 options to choose from, more or less. Since I had also went to the DC BSD Conference as well: http://www.dcbsdcon.org/talks.html , which ran from Thursday and Friday, there were some talks, as well as the closing ceremonies which lasted longer than scheduled by a bit - so I didn't have a chance to check out everything from the 1st day...Anyhow, the presentations I attended:

Saturday:
1000: Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us
1100: Building an All-Channel Bluetooth Monitor
1200: Next Generation Wireless Recon, Visualizing the Airwaves
1500: Building Wireless Sensor Hardware and Software
1600: All Your Packets are Belong To Us: Attacking Backbone Technologies
1700: The Fast-Track Suite: Advanced Penetration Techniques Made Easy


Sunday:
1100: RFID Unplugged
1330: Closing Plenary - Are bad times good for security professionals?

Also, there were a few presos that I really wanted to see, but due to the room being packed and other scheduling screwups on my part, I didn't manage to attend. Overlapping presos can be a problem too...here are some of those:

Saturday Missed:
1400: Man in the Middling Everything with The Middler
1500: 802.11 ObgYn or "Spread Your Spectrum"

Sunday Missed:

1000: Ten Cool Things You Didn't Know About Your Hard Drive

So, I missed more than I wanted to, but given the presentations I did see, I will surely try to get tickets for next year. These cons offer an opportunity to see new and cool things people are doing out there. I definitely want to try to attend at least one per year, and maybe more if I can manage it (like Shmoocon in the Spring/Winter, Defcon in the Summer and Toorcon in the Fall). The cost is low, and the experience is unforgettable."

~Matt

Purpose

Steve and I created this blog in order to have a forum for sharing rants and raves concerning "var"ious security related topics. Both of us have been working in the IS/IT field for quite a few years, and look forward to using this forum to help and encourage others aspiring to be an IS/IT professional, or for those already working in the field. Please post any comments, questions or items which you would like us to discuss in the blog.

~Matt