There are lots of expensive security conferences and training classes out there that can deliver certifications and skills. But if money’s tight, you can find free classes and lower-cost local conferences that might be worth investing some time in. Here are two such options that come highly recommended from those who have participated in them.
First is the website OpenSecurityTraining. It offers dozens of lengthy and well-crafted tutorials on a wide range of topics including introductions to network forensics and trusted computing, and also covers such things as software exploits in depth. All of the classes are online, self-paced and free. They come from well-pedigreed instructors who will also visit your shop if you want to pay them to travel.
For example, the Introduction to Vulnerability assessment is based on materials from Dr. Steve Gosnell, Nate Adams, Jose Cintron and Chriss Koch. You download a deck of nearly 500 slides, which will probably take at least three days to work your way through. However, it isn’t just a bunch of slides — it includes a series of hands-on lab exercises that you run in tandem using a series of Linux and Windows VMs.
For events, check out the free Bsides security conferences. They claim they are the “first grass roots, DIY, open security conference in the world.” Held in more than a dozen cities around the world, they offer a combination of scheduled and crowd-sourced materials that is solid as well as informative. The conference website promises an intense event with discussions, demos and interaction from participants.
Check the website for the links to conferences (such as the Los Angeles events, held in a community center on the beach not too far from LAX). If you’re looking to network with other security professionals in your community, these are good places to start.