Friday, 13 August 2004 14:51 EST

Forum Cross-Trains Hackers with Managers

August 12, 2004, Las Vegas, NV, USA

As part of their mission to promote security and privacy awareness, the non-profit ISECOM is bringing its week-long forum and cross-training event, ISESTORM, to the University of Nevada, Las Vegas from October 16th to the 23rd with support from UNLV's Rebelcard Services.

What sounds like social welfare for hackers is actually a successful series of free and low-cost programs run by the open-source group, ISECOM. Hacker re-training is the concept of a cross-over of the positive elements of hacking with business disciplines to benefit both hackers in need of professional skills and managers, internal auditors, and even school teachers in need of hacker-like testing and analysis skills.

"You can read websites or buy a book if you want to know what tools and techniques a hacker uses," said the ISECOM Managing Director, Pete Herzog. "But you really need someone with experience, a mentor from the trenches of the business and government sectors, to understand why you should use certain tools, why a best practice may not be best for you, and why the reported security results are right-- or wrong."

ISECOM is the international non-profit "Institute for Security and Open Methodologies" whose open, grass-roots approach to security standards has made them a progressive center-piece in the world of security and security testing, commonly known as penetration testing or ethical hacking. This is all because of a little book (now over 200 pages) they maintain for free called the Open Source Security Testing Methodology Manual (OSSTMM) which became the defacto re-training manual using hacking in a professional setting.

ISESTORM is in its second run and it has grown since it's Barcelona debut. Starting ISESTORM with the Open Source Security Exhibition, ISECOM provides a free forum for the open source security and privacy community and an opportunity for anyone to meet the developers and project leaders where they can get together, share ideas, and showcase their hard work. The exhibition combines the exhibitors with the forum to promote interaction.

"I found the Open Source aspect most appealing, as a small business owner I can't afford to pay the tens of thousands of pounds required for commercial tools. To listen to experienced professionals hints and tips for maximizing the use of these free solutions was worth the event cost alone," said Simon Biles, a UK IT consultant who attended ISESTORM Barcelona earlier this year.

After the exhibition follows 6 more days with 7 master tracks to choose from. This brings security awareness and hacker re-training with a combination of over 70 classes. ISESTORM promotes the professional and business sides of security tests and audits to teach better security management, avoiding security solution snake-oil, and to develop secure software. It is not about teaching anyone how to hack according to Herzog. "It's to teach you to look at your infrastructure and know why it's insecure." ISESTORM guest lecturers include consultants and managers from IBM, Symantec (SYMC), Foundstone, Tripwire as well as various universities and open source community leaders.

The Open Source Forum on October 16th is only $9.95 ($7.95 if you use your RebelCard) but attendance is limited to 2000 tickets. Educational Tracks start at $600 for a mini-track, $1000 for an evening track, and $2500 for a full-week track with one of the OPST, OPSA, BS 7799 Lead Auditor, and Hacker Highschool Teacher certification exams included.

Only 20 people per Master Track will be accepted. For those with a tight budget, ISECOM provides internship opportunities as a work-for-training proposition.