You are currently browsing the category archive for the 'External Training' category.
I read this book to prepare re-certify my CWNE (Certified Wireless Network Expert).
This is an *excellent* read, especially for seasoned wireless LAN engineers. It goes into a lot of the “beeps and squeaks” of wireless networking. It takes an in-depth look into the MAC and PHY layers, including all the bitwise fields of the 802.11 MAC header. A well written book that I have gone through at least 3 or 4 times.
There are not too many books that go this in-depth on Layers 1 and 2 of wireless networking. The IEEE 802.11 Handbook is the “official” study guide for the CWNE, but I don’t think it is a clear as the CWAP Study Guide.
It isn’t a book that I would suggest for beginners. For those folks, I would suggest either the McGraw Hill or the Sybex “CWNA Study Guide”.
Happy reading!
I admit it, I am getting jealous with all my colleagues Twittering about the RSA Conference this week at the Moscone Center in San Fransisco. While the idea of heading to RSA hit me too late to make the logistics work, something that I am planning ahead for is Sharkfest 2009. What is Sharkfest, you ask?
Sharkfest is a conference dedicated to the optimization of the Wireshark Protocol Analyzer, which is now owned and managed by CACE Technologies. It is a 3 day conference being held near San Fransisco at Stanford University. The official dates for the conference are June 15th – 18th, 2009.
The conference has three tracks – one for basic users, one for advanced users, and one for developers. I am pretty sure that you can mix and match sessions from all three tracks. The cost of the conference is only $695 per person, and each paid attendee gets a free AirPcap Classic adapter ($198 value), which lets you do 802.11 b/g packet capture in Windows, directly through Wireshark. Groups of 3 or more are also eligible for a 10% discount.
If you have been following my blog, you know that I am a wireless packet junkie. I am attending Sharkfest with a couple other Principal Technologists from Xirrus. It looks like they have a great speaker lineup with Mike Kershaw (Kismet creator), Fyodor, Laura Chapell, etc. Of course, they will have Wireshark engineers and developers on-hand as well.
If you are interested in registering for Sharkfest, I would suggest doing it soon. This is the second year for the conference and the conference organizers told me that they are limiting the number of attendees so that it doesn’t grow out of hand too quickly. As someone who attended the first several Shmoocon conferences, I can tell you that you want to get in on the ground floor.
Related Posts:
This was the last day for the Management 512 “Security Leadership Essentials for Manager’s” course. Day 5 was a Management Practicum.
The Day 5 material was the most focused on pure management with less attention on technical information. The topics included understanding legal liability and managing technical employees.
As a management “practicum”, I was hoping for more scenarios, role-play, or exercises. That being said, the class did have an outstanding discussion on the topics at hand.
MGMT 512 uses a trademarked feature called “Knowledge Compression”. Most of the full length courses are 6 days. There are also a handful of one day courses that are being offered, so the conference runs throughout this weekend.
I had a GREAT time participating in the SANS work-study program. One of the most memorable moments was when the hotel staff asked if we wanted to jump in a bounce house they set up. Apparently they had it set up to model to a different group and thought someone should get some use out of it before they deflated it.
We collectively thought it would be a good idea to get a picture of us all jumping around with and post it on the website with a caption of “Volunteering at SANS is fun!”. Well, the bounce house had a “structural failure”. To make a long story short, I ended up folded like a taco in a corner of the bounce house with everything collapsing around me. Needless to say, we were all laughing pretty hard. Hopefully, I can get a copy of one of the pictures taken. Check out the SANS website if you are interested in their work-study program - I highly recommend it!
Related Posts:
Insider’s Guide to a SANS Conference – Day 4
Insider’s Guide to a SANS Conference – Day 3
Insider’s Guide to a SANS Conference – Day 2
In today’s MGMT 512 course, we discussed “the value of information”. My favorite part of the course material was a discussion about intellectual property. I will have to write a full length blog post on the topic in coming weeks – the topic and discussion were simply fascinating!
We also had a session on IT ethics. I really like the printed course material for that section because there were a number of different ethical scenarios, along with a conservative opinion and a liberal opinion (not using conservative/liberal in the political sense). I thought it offered a lot of value to look at both sides of the issue.
As you may have seen in a previous post, I have been planning a short interview with Stephen Northcutt about the state of wireless networking, social media, etc. We were able to conduct that interview after class, and I will have it posted to my blog as quickly as I can get it transcribed.
Tomorrow is the end of the MGMT 512 course. I believe it ends with a Management Practicum, although I am not sure. Check back tomorrow to hear all about it! 
If you have been following my Twitter hastag for the event (#SANS_PHX), you probably realized that this was my favorite day of course material simply because this is the day we covered WIRELESS. wOOt!
SANS should really have a six day track focused on Wireless Ethical Hacking, Pen Testing, and Defenses… oh wait, they do have that and I have already taken it. ;-)
At any rate, the Security Leadership Essentials course material focused on “Communications Security” today with sections on wireless & bluetooth, cryptography, steganography, OPSEC, etc.
One question that the wireless module brought up in my mind was “how many organizations audit for Bluetooth?” My guess is that few organizations even scan for Bluetooth. Even if they do, I think that only a handful doa complete audit that includes more advanced sniffing, pen testing, or vulnerability assessment/exploitation.
The MGMT 512 course also had a bonus talk from Rich Mogull about the current state of the industry – good stuff!
Lastly, today’s conference also included a vendor fair. Michael Farnum just wrote a blog post about how much he enjoys working “booth duty” at such events because it allows him be more of a security evangelist. As a vendor, I can relate to Michael and his feelings of working the booth. I also enjoy being a conference attendee on the other side of the booth as it allows me to expand my knowledge and participate in meaningful discussions with people who share my passion for networking & security.
Sorry, no conference pictures today. Someone should send me a tweet mid-day to remind me to grab a few for tomorrow’s blog post!
Related Posts:
Insider’s Guide to a SANS Conference – Day 2
I’ll cut to the chase and give you the bottom line up front…
My favorite part of today’s conference were the SANS @night presentations. These are optional (and free) presentations that the SANS Institute supports on selected evenings of their conferences. One of today’s @night talks covered Web App Security and the other covered Man-in-the-Middle Attacks.
SANS @night Talk
Web App security was given by Rich Mogull (@rmogull) and the MitM Attack talk was given by Bryce Galbraith. Saying that they were *PACKED* with information is an understatement. There are many intangible benefits of attending a SANS conference, and the @night presentations definitely top that list!
I also enjoyed my “normal” course, “Security Leadership Essentials for Managers”. I particularly enjoyed the conversation around malware and endpoint security. My take-away is that white listing is the future in this area. I Tweeted about this realization on my Twitter timeline (@wifijedib).
There were also a few logistical challenges today – the first was that one of the instructors came down with bronchitis and lost his voice. The SANS conference staff were able to schedule temporary work-around and work in a backup instructor in an incredibly short amount of time. Also, there was an internet outage at the conference hotel. Again, the conference staff worked tirelessly to resolve and developed an immediate work around. I was impressed with their ability to handle these situations – how strong are your business continuity processes?
Related Posts:
If you are reading this, it means that we both survived Day 1 of SANS Phoenix. :-)
My favorite part of the day was helping everyone at the registration desk. It was fun meeting so many different people. There seemed to be a good mix of people returning to SANS as well as first time conference attendees.
Stephen Northcutt gave a short “Welcome to SANS” briefing this morning. I wasn’t able to attend as I was at the registration desk (see above).
Classes kicked off at 9AM and most ran until approx. 5:30-6:00PM. I know that we covered a TON of information in the MGMT 512 (Security Leadership Essentials for Managers) course. We talked about budgeting, project management, vulnerability management, and vendor selection processes.
Even though I am in a Management course, there was a great deal of technical information covered in Day 1. We discussed the TCP/IP header, ports/protocols, and packet analysis. At one point I felt like Neo in The Matrix – (paraphasing more than an exact quote…) “what do you see in the matrix? ones and zeros? I see a blonde. I see a brunette.”
Logistically, everything seemed to run smoothly. As always with big conference rooms and theaters, the temperature runs cold, so don’t forget to bring a sweater or light jacket with you tomorrow. :-)
There was a SANS@night talk regarding Honeypots, which I missed. I am excited to see Rich Mogull’s SANS@night talk tomorrow night as he and I are connected on Twitter (@rmogull)
Speaking of Twitter, I “tweeted” about the conference at least a half dozen times today. You can search for the hashtag #SANS_PHX or follow me (@wifijedi) to see the updates.
As many of you already know, I am taking the SANS Security Leadership Essentials course at the upcoming SANS Conference in Phoenix, Mar 23-30th. It is being taught by none other than Stephen Northcutt, President of the SANS Institute.
I caught up with Stephen earlier this week on LinkedIn and told him that I will be blogging and Tweeting about the event in near real time. I also asked if I could interview him for WiFiJedi.com, to which he agreed.
Please leave me a comment or send me an email, Tweet, etc. if you have something specific that you would like me to address in the interview.
Related Posts:
A couple weeks ago, I wrote a post announcing that I will be taking the Security Leadership Essentials course at SANS Phoenix, 2009. The conference is being held March 23-30, 2009.
I will be blogging about the event, so check back around that time to hear my thoughts on the course! As I said in my previous post, I am participating in the SANS Work-Study program, which I think is a tremendous value.
I am excited about two updates to my conference registration. First, I am also taking the SANS 2 day course on the Payment Card Industry (PCI) Standard. Second, I am getting access to the SANS On-Demand training for both of these courses. On-Demand is another cool option for training in this economy – solid computer based training with no travel costs! Both of these are included with my registration under the work study program!
Have you taken a SANS course? What did you think? What do you think of SANS? A couple of years ago, there was a session at ShmooCon entitled Anti-SANS (or something of the sort). It was a very spirited debate to say the least. I would love to hear what you think of SANS – good, bad, or indifferent!
I am excited to announce that I will be attending the SANS Conference here in Phoenix March 23rd – 30th, 2009.
I have taken several SANS Courses before, including “Wireless Ethical Hacking, Pen Testing, and Defenses” and “Securing Windows”. This go around I will be taking “SANS Security Leadership Essentials for Managers“. The course is being taught by the President of the SANS Institute, Stephen Northcutt.
They are actually running 9 different courses in the areas of Management, Audit, Security, and Development. No promises, but if you are interested in joining me at the Phoenix conference, send me an email at douglas.haider@xirrus.com and I will try to hook you up with a 10% discount!
I am taking part in SANS work-study program. It is where I am going to help them set up the conference, assist with on-site registration, help monitor the book store, and serve as an in-class volunteer. In exchange, SANS is offering a steeply discounted tuition rate – a great program, especially in this economy!
I plan on blogging about the course, so definitely check back to hear my thoughts on the good, bad, and the ugly! Have you taken a SANS course? What did you think? If you haven’t, which of their courses sounds the most interesting to you? Sound off by submitting a comment below!
![[LinkedIn]](http://farm4.static.flickr.com/3477/3463037125_247575d1f3_m.jpg)
![[LinkedIn]](http://farm4.static.flickr.com/3598/3463037145_924738ec38_m.jpg)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
