tag:blogger.com,1999:blog-4088979.post3719122214562978687..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Brief Thoughts on Security EducationRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-4088979.post-52567506087711965602007-04-14T19:07:00.000-04:002007-04-14T19:07:00.000-04:00Anonymous,I really don't know. I restricted my co...Anonymous,<BR/><BR/>I really don't know. I restricted my comments to venues with which I had recent experience. I haven't taught for Foundstone since 2003 so I don't know what the story is now.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-15194431450205297422007-04-14T17:56:00.000-04:002007-04-14T17:56:00.000-04:00Hey Richard, I was wondering: I took Foundstone tr...Hey Richard, I was wondering: I took Foundstone training around 2000 (and I attending Advanced Hacking that you taught) and was impressed. How does Foundstone training stack up now as compared to the earlier days when the company was just starting? Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-56108986505458092672007-04-14T11:58:00.000-04:002007-04-14T11:58:00.000-04:00I'd second pretty much all these observations, Ric...I'd second pretty much all these observations, Richard (except I haven't attended USENIX and couldn't comment one way or another on that one -- ironic since I work for a university)<BR/><BR/>Another suggestion I'd make is Cansecwest -- it feels a lot like BlackHat except that it's much smaller, more intimate, and yet the presentations are even better, and there's an even higher concentration of interesting people. I won't be going this year, unfortunately, but the past two years I've attended, I've loved it.Jordanhttps://www.blogger.com/profile/08341608982649448622noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-39355315494090996452007-04-14T08:19:00.000-04:002007-04-14T08:19:00.000-04:00I understand about the training, and I've taken a ...I understand about the training, and I've taken a different approach. One of the things I find about the public training is that folks will go away and them come back and not be able to perform to the standard of the training...and I have to wonder why. <BR/><BR/>Some training is vendor specific, and even though the individual goes off to the training, when they return, they may not have access to the vendor's product itself. I know what you're thinking...but I've seen it. <BR/><BR/>Another issue with this scenario that is pervasive through others, as well, is that the training is done via a GUI or some other abstraction layer, and the trained IT staff member knows some of what he or she was taught, but not what goes on "under the hood".<BR/><BR/>Other training offered is too far off from the individual's "home environment" that they aren't able to make the leap to incorporating the training in their environment. I've taught at the RCFG/GMU conference and saw LEOs taking a Linux forensics course, and during a break some said that they weren't actually going to be using the training, but it was nice to know. Also, sending someone from a Windows shop off to Linux-based training isn't very effective.<BR/><BR/>What I've developed, based on the content of my new book, is a series of hands-on, functional workshops that can be easily configured to meet the needs of the attendees. Better still is that they can be configured to meet the specific functional needs of a particular infrastructure or environment. I do this by working with the customer to identify systems architecture, what keeps them awake, what issues they've had, etc. <BR/><BR/>These workshops are publicly available through my employer, and are designed to provide training in IR and CF techniques for Windows systems. We also have modules available in incident management, acquiring images, etc.<BR/><BR/>One of the benefits of this is that our delivery strategy is flexible, as well. We can come on-site and provide the workshops right there in your facility, training 20+ people for less $$ than it would take to send 1/4 of them to SANS or other publicly-available training.<BR/><BR/>It's another option, it's not vendor-specific, it's not a sales pitch, and it is valuable to LEOs, public/private/govt sectors alike.<BR/><BR/>Harlan<BR/>Author: "Windows Forensic Analysis"<BR/>http://windowsir.blogspot.comH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com