HITB SecConf2011 Malaysia (October 10 to 13)

Run as a not for profit, community backed effort, the Hack in The Box Security Conference (HITBSecConf) series has become the ‘must attend’ event in the calendars of security professionals from around the world.
Having started as a small gathering of Malaysian security specialists in 2002, the event has since expanded out of its home base in Kuala Lumpur to Dubai and in 2010, The Netherlands. Our events are put together by a team of dedicated crew and volunteers and through the continued support of our sponsors, HITBSecConf has grown into the largest network security conference in the Asia Pacific and Middle East region!
The main aim of our conferences has always been to enable the dissemination, discussion and sharing of deep knowledge network security information. Our main focus is on new and groundbreaking attack and defense methods that have not been seen or discussed in public before. HITBSecConf events bring together a unique mix of security professionals, researchers, law enforcement and members of the hacker underground under one roof and our flagship event in Malaysia sees over 1000 attendees.
The event runs over a 4 day period with 2 days of intensive hands on training sessions followed by a two-day conference with either three or four concurrent tracks inclusive of a hands on lab session (HITB Labs) and 15 minute lightning talks (HITB SIGINT). The HITB Labs caters for only 50-100 attendees and these sessions are intensive, hands-on presentations that require audience interaction. The HITB SIGINT (Signal Intelligence/Interrupt) sessions on the other hand, are designed to provide a quick 15 minute overview for material and research that's 'up and coming' - stuff that isn't quite ready for the mainstream tracks of the conference but deserve a mention nonetheless.
In addition to the conference tracks, our events are also further enhanced with an open-to-public technology and exhibition area, lock picking villages, hackerspace villages and of course, our ever popular Capture The Flag competition (CTF) !

For more information about agenda and speaker, please see the link below:
http://conference.hitb.org/hitbsecconf2011kul/

How to choose your Information Security Training

Article taken from: http://www.offensive-security.com/blog/offsec/questions-information-security-training-provider/

In the past couple of years, the economy has struck hard on organizations seeking to educate their employees. Training budgets have been cut down, and choosing the right course that will give you real Return on Investment is not an easy job. This is especially true in the offensive InfoSec arena, where training standards and qualifications are weakly defined. So how can you make sure your getting your money’s worth ?

Welcome to our “10 questions you should be asking your InfoSec Training Provider“.

1. What are the objectives of the training ?

What will the training do for you ? Anyone promising you that you will be a “hardcore penetration tester” or a “security expert” after their 5 day class has never run a pentest, or otherwise has no clue what they are talking about. Learning *any* profession in 5 days is unrealistic, let alone one as complex as IT Security, or penetration testing. This is one of the first questions I ask before attending a training… its allows me to set my goals for the course and gives me a baseline for my expectations.

2. What topics does the course cover ?

Always read the syllabus of the course you want to attend, before you attend it.  Try finding other people who have taken the class, (if possible) and get their opinion. Try to see if the syllabus follows a reasonable methodology, or if it’s just a collection of topics. If you see a list of 1500 tools on the syllabus – expect to spend around 0.6 minutes per tool. 

3. Who is your trainer ?

Are they well known in their field ? Do they have training experience ? Are they involved in the security community ? Do they practice what they preach? Although these are 4 separate questions, they all relate to one thing – the ability of the trainer to provide the goods you paid so dearly for. Finding a GOOD InfoSec trainer is NOT easy. Most computer genii are usually lacking in their social skills – something a good trainer must have.

4. What previous reviews does the class have ?

Running a few internet searches for the name of your class, or the name of the trainer is a must. Find out what people have to say about their experiences – during and after the class. Although you can’t believe *everything* on the internet, taking an average of all the reviews will usually give you a solid idea of what you are getting into.

5. What is the ratio of students to trainers ?

How many students will there be in the class ? Some training providers cram more than 30 students in one class – often with a single instructor. During a 5 day period, a trainer can’t give personal attention to 30 people, no matter what. In general, smaller classes mean a more intimate environment, more attention from the trainer, and a more productive and engaging experience.

6. What is the ratio between theory and hands-on exercises ?

Remember the famous saying “In theory, there is no difference between theory and practice – But in practice, there is”. If you don’t exercise what you learn, you are less likely to retain or understand it as nothing replaces practical experience. Ask for a rough ratio estimate for “theory VS exercise” for your class – anything above 40% class-time spent on exercises is a good sign. Of course, this greatly depends on the quality of the exercises too.

7. How often is the course updated ? Is the material relevant to modern day situations ?

Learning methods and techniques on antiquated systems will bring you little benefit in the real world. Hacking a Windows 2000 SP4 machine with RCP DCOM doesn’t cut it any more. On the other hand, don’t expect to learn “Bypassing Windows 7 Stack Protection” in an introductory buffer overflows course. You need to gauge the balance between these two elements carefully.

8. What are the pre-requisites for the class ?

How should you prepare yourself for the class? Do you need to refresh your knowledge on certain topics? Nothing is more frustrating than coming to a class, and then lagging behind because you are not up to par with the class requirements. Not good for your learning experience, and not good for your self esteem – on the other hand “no pre-requisites required” might indicate lack of depth. If the pre-requisites were defined well by the training provider, it’s definitely a good resource to use to evaluate the relevancy of the course to you.

9. Is there a certification involved ? What is it’s value ?

The “value” of a certification can be measured in the real world using two main indicators:

• The “market value” of the certification – how popular is this certification in the workforce ? Is the certificate recognized and appreciated by the industry ? And of course, will it help you get a (better) job ?

• The “practical value” of the certification – or as Eddie Murphy would say “WHAT HAVE YOU DONE FOR ME LATELY?”.  What real world skills does the certificate prove? If it proves you can memorize 100 questions, you might not be up to the job when confronted with a real world scenario.

10. What post training benefits are provided?

What ongoing benefits will you get from the training provider, if any ? Is there a continuation path for the training ? Will the trainers be available for future questions or issues that may arise ? Is there a student community you can join, to discuss the course with other student ? Or in other words, what kind of “post customer service” can you expect ?

These 10 questions should cover all the important elements you should verify before committing your valuable time and limited training budget to any service provider. The average person only gets a limited number of training opportunities per year, therefore you should always maximize the return you receive.

FOSS.my 2009 (24-25 October 2009)

FOSS.my 2009 is Malaysia’s premier Free and Open Source Software (FOSS) event. FOSS.my 2009 is our second such conference, we aim for this to be an annual event bringing together professionals and enthusiasts from Malaysia, Singapore, Asia and the rest of the world for a two day grassroots driven FOSS conference.
http://foss.my/2009/schedule/

Hack In The Box Security Conference 2009 - Malaysia

Date: 5-8 October 2009
Venue:Crowne Plaza Mutiara Kuala Lumpur,Jalan Sultan Ismail,50250 Kuala Lumpur

HITBSecConf is the premier network security event in Asia and the Middle East. The main aim of our conference is to enable the dissemination, discussion and sharing of deep knowledge network security information.

You can see details here:
http://conference.hitb.org/hitbsecconf2009kl/

HITBSecConf2008 Kuala Lumpur, Malaysia

Event Details:

Venue: The Crowne Plaza Mutiara Kuala Lumpur

Date : 27-30 October 2008

For more details about this event, please visit:

HITBSecConf 2008 Website