By Don Parker
19th July 2007
Since computers became mainstream in the early to mid-nineties, a whole
ecosystem has developed around them. The various parts of that ecosystem
range from the companies who make computers to the software companies
who program for them.
In between those two linchpins, though, are many other components which
have now become a fixture on the landscape that we now know as the
internet. For example, you have the computer certification industry, a
myriad of computer magazines, a vast array of websites, and computer
conferences, to name but a few parts of this very large pie.
One of the biggest parts of the computer industry as a whole is that of
training. This training comes in many forms from a large variety of
vendors. That training then in turn pretty much spawned the
certification industry. Not long after that came the computer
conference, be it a sysadmin oriented one, or that of the computer
security themed one. While the training industry as a whole has evolved
rather well to suit the needs of their clients, the computer conference
- specifically the computer security conference - has declined in
relevance to the everyday sysadmin and network security practitioners.
Many would beg to differ with me on that last statement I am sure. Let
me expand upon this before you render judgment. We go to training
vendors who offer courseware on Cisco and Microsoft technologies, for
example. By and large the course offerings are quite good, and just as
importantly, relevant to the task at hand ie. maintaining your computer
Today's computer security conferences no longer offer relevant or
practical knowledge to the attendee. Be honest. How many recent computer
security conferences did you come away from with several ideas to
implement immediately onto your networks? I would wager none. The same
can not be said of the training tracks now offered at most of these
conferences. This training is offered by experts in the field and is
quite good. Furthermore, it is one of the few places to find advanced
courseware on such subjects as reverse engineering, to name but one.
There is an important point to be made before I go on further. I am in
no way impugning the talent or skill of the people who present at
today's computer security conferences. I myself have submitted talks
only to not make the cut. Truth is, I don't feel too bad at losing out
to the likes of those who ended up giving the talks. What my not making
the cut drove home for me though was that there are precious few
practical talks going on today at computer security conferences.
Throughout my time spent as a freelance writer and courseware
developer/instructor I found that there is a very real demand for
practical knowledge. This is why SANS still reigns supreme when it comes
to computer security courses. One could argue that some of their
courseware is dated, however, it is very much practical knowledge that
one can implement immediately.
So why are the conferences still packed?
Well, with the arguments I have just made one would think that computer
security conferences would be empty. The reality is that these
conferences are pretty much always sold out or close to it.
Why is that, you ask? All IT managers have budgets, and that is no
different for those IT managers in the employ of .gov .mil and other
large government departments. What these managers must do is expend
those dollars, and an excellent way of doing that is sending employees
on a computer security conference. So what we now have is a company
funded junket. Nothing wrong with that at all. I enjoy having a beer
with friends that I meet at these conferences, and picking up some
knowledge as much as the next guy. Problem is that even though I think I
have a fairly well balanced skillset, a lot of the topics being offered
are of no interest to me. This is due to the simple fact that they are
not all that relevant to the network(s) that I work in.
Does this then mean it is a total waste of time to attend the cutting
edge computer security conferences? Not at all. Just realise what it is
that you are going to get out of it ahead of time. There are excellent
speakers there with what is quite often cutting edge research. The
question you need to ask yourself is whether or not you or your company
will benefit from any of those talks. One of the best things to come out
of these conferences is the training that is offered. That in itself is
worth the attendance. It is not every day that you can receive training
by some of the best minds in the business today.
Is there a solution?
Well, what we need to find is a happy middle ground. A conference that
caters to the large mass of sysadmins and network security types who,
while competent, still have not mastered their craft. After all, being
the sysadmin in a large Microsoft Windows network is no easy task. There
are a myriad of practical skills that one needs to attain, and ideally
master. How many people can say that they reached a comfort point in the
application and maintenance of Group Policy Objects (GPO)?
This and other like minded topics would make for some great conference
talks or mini-workshops. That kind of practical knowledge is something
you can readily implement on your networks. The example of GPOs is but
one small one. What it exemplifies though is that there is a definite
gap in the market.
What is missing today on the network security conference front is
practical knowledge. It is not everybody who can attend today's cutting
edge security conferences and actually walk away having learned
something. Was it me being asked by an employee to attend a conference
today, I would have a few questions to ask. What is it that you are
going to get out of it, and just how will it benefit our network? If the
answers aren't there, you're not going. Practical knowledge is where it
This article originally appeared in Security Focus.
Copyright 2007, SecurityFocus
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com