evilrouters.net

I’ve been on what seems like a virtual scavenger hunt today. For some reason, I feel like going to some more conferences. A few months ago, I went to the Security 505: Securing Windows course put on by SANS (yes, I passed the exams).

I’d like to take the SSCP exam sometime within the next few months. It’s actually being offered in Indianapolis and Louisville in May, so I may try to do that. For less than $400, the price isn’t bad and should be an asset, until I meet the experience requirement for the CISSP.

A number of universities host the SANS courses, often at great discounts to employees of the government and educational institutions. Since I fall into the latter category, I can get excellent discounts on them. For instance, the SEC 505 course I went to cost $750 for .gov and .edu employees, and nearly $3,000 for everyone else. Virginia Tech is hosting the SEC 504: Hacker Techniques, Exploits, and Incident Handling course in a couple of weeks. The course is $600 and the exams are $300, so that’s only $900. Since I know $boss can’t really spare the $900 out of our budget (which is sad), I’d just about pay that out-of-pocket. I’m not sure I can get the “okay” to go on such short notice, though.

Oh, I’m going to be speaking at Notacon 2006, can’t remember if I’ve mentioned that before or not. That’s four days or so that I’ll be out of town. I’ll be speaking about Patch Management in a Windows environment. Nothing spectacular, will just demo deploying Service Packs through GPOs and managing Windows Server Update Services in large(r) environments. Anyways, it gets me in free.

I came across the Defcon web site as well. Though I’ve wanted to go to Defcon for years, I’ve never managed to make it. This year it’s August 4-6th (in Las Vegas, of course), and I’m definitely going to try to get out there for that. Never been to Vegas, so that should definitely be fun. I suddenly have this feeling I’ll be broke when I get back, though. Hmm.

About two weeks ago I was in Muncie, Indiana for the “Cooperative Computer Incident Response” conference put on by CERIAS of Purdue University. It was pretty interesting and we got to hang out and exchange info with a number of law enforcement guys (Indiana State Police and FBI guys). Oh, that one guy from the ISP didn’t wash his hands after taking a leak, but I can’t remember his name…

Anyways, I’m always on the lookout for good security conferences to go to. Let me know if there are any good ones coming up that I’m missing out on. Bonus points if they’re in the State of Indiana.