One of the questions to come out of the Rats and Rogues Career Panel podcast was what as an industry can we do to help those coming up in the ranks behind us. At the time Security Moey and Elisabeth Martin announced Mock Infosec Interviews [1].

That was great, I think helping people with interview skills is a big plus. But it doesn’t solve the first problem. Getting or having the skills you need to get the interview. So how do we fix this?

Michigan Security (aka MiSec [2]) has and answer for that. MiSec is starting a series of workshops / classes. Some of these will be open source based, which should be able to be taken by any Information Security group and taught at there location without the original instructor.

The first of these will be held at 10am on August 11^th, and should last for about six hours or so. During that time attendees will be installing and hardening a Linux system from scratch. When we are done, an attendee should be able to install a Linux distro from a network install media, harden the disro, configure Apache, Mysql, and PHP to be secure, set up a mail server, know how to read the related logs, and install a CMS system.

Hopefully we can get someone to help us pentest the systems, so the users can read the logs and see what an attack is like.

Students need a computer with a virtualization software installed. With a 10 gig hard drive pre-configured. I suggest Virtual Box (since that is what I will be teaching from). Sadly due to the lack of time, we will not be covering Full Disk Encryption or centralized logging. Those maybe future classes if there is desire.

Stay tuned for more information.

1: http://mockinfosecjobs.blogspot.com/
2: http://michsec.org/