Monday, April 09, 2007

SANS 2007 San Diego

First a little professional background information and what I do for a living...

I work in the IT department for a medium size retail chain who specializes in computers and electronics. My responsibilities include managing a team of system and network administrators. This also includes managing the IT security for my organization. Security is my true passion. Unfortunately, like most mid-sized IT shops it is not a primary focus and my time is split between keeping the wheels turning (i.e. making the co. money) or doing what is 'right' from a Security perspective.

So back to SANS... In February of 2006 I attended a small SANS class for MGT414 (CISSP Certification Preparation); I later gained CISSP certification in August 2006. So attending SANS 2007 San Diego was my first real security conference and it was amazing! Anyone interested in IT security should seriously consider attending a SANS event. The conference was very eye opening, so many people talking and working on security. Some of the people I talked to are from organizations that are very similar to mine; they wear several hats and are all playing catch-up while still trying to shoe-horn in Security wherever they can.

I enrolled in two tracks at SANS: i) AUD521 (PCI Compliance) and ii) SEC504 (Hackers Techniques, Exploits and Incident Handling). What follow are my opinions on each of the tracks.

AUD521 (Meeting the Minimum Standard for Protecting Credit Card and Other Private Information PCI CISP: The Visa Digital Dozen):
I enrolled in the two day AUD521 track because my organization is a level 2 merchant and the PCI standard is a very interesting animal that I wanted to learn more about and see how other IT folks were working with/through it. This track was taught by the courses author, David Hoelzer. This was a two day course which worked its way through the 12 steps of the PCI Data Security Standard. It was great to talk to the other students and see how their organizations were working toward becoming PCI compliant (or in some cases not doing much about it).

SEC504 (Hackers Techniques, Exploits and Incident Handling):
This was the real meat and potatoes... Six days of non-stop drinking from the security fire hose. The track was taught by it's author, Ed Skoudis; the man was non-stop from beginning to end. I honestly do not know how SANS fit so much information into this course, it covered everything from old school viruses to cutting edge Virtual Machine (VMWare) hacking. Anyone who is interested in system and network security will love this course. The final day of the track involves letting us, the students, hack eight systems and capture the flags to unlock the 'secret'. It was awesome! Some of the class formed teams and went after it while I decided to go at it alone. In the end I placed 3rd overall and 1st as a solo. The prize... an autographed copy of Ed's Counter Hack Reloaded. I was going to buy this book once I got home so winning it was great.

In summary... SANS training is really worth it. The tracks are great and at a large conference you will also get the benefit of attending many BOF's (Bird of a Feather) sessions in the evenings.