5:05 PM -- Did you know October is National Cyber Security Awareness Month? If you didn't, don't worry -- you've got 30 days left to do something in your organization to promote security awareness for both your users and other IT workers.
I know what you're saying: "Awareness campaigns don't work" or "users just don't get it, so why bother?" That may be true in some cases, but not always. Even if you can't change the mindset of all of the users in your organization, if you at least get through to a few of them when you teach a class, send out an email, or post flyers for security awareness, it will make a difference for your entire organization.
If you're not quite ready to jump on the awareness bandwagon for your users, you or your security team may need some additional training. The National Cyber Security Alliance has a calendar of events for October of security conferences taking place all over the U.S. Take a look and see what may be in your area.
The SANS Internet Storm Center will be posting daily security tips all month long. They've got a list available online and are still accepting suggestions, so if you see something that's missing, let them know.
Don't have the time or money for the typical corporate security conference? A hacker con might be helpful: DayCon 2007 is in Dayton, Ohio, on October 12-14. The presentations are all scheduled for October 13, but it looks like it could be a worthwhile venture for anyone within a few hours' drive. Presentation topics include advanced protocol fuzzing, visualizing entropy in logs, and virtual insecurity.
There's also PhreakNIC 11 in Nashville, Tenn., on October 19-21. It includes presentations on things like intrusion analysis, cryptanalysis with FPGAs, AJAX, pen-testing labs, and vulnerability analysis.
Oh, and beware: These hacker shows ain't your daddy's conferences, so be prepared for anything.
Now finish up your cup of coffee, get off your duff, and plan some training events for you, your team, or your users. It's time to celebrate National Cyber Security Awareness Month.
John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading