I too am considering a TN subscription so I can learn some of these technologies and keep myself valuable should I need to move. You can read about stuff all you want, but there’s nothing like doing it yourself.

Anyone have any suggestions for a small cheap machine I can use for testing? Must support hardware virtualization.

Peter

Well… when it comes to technical stuff itself… I read Safari Books Online stuff. – Research about topics I like to know more about. It’s a nice repository. Has got some videos and articles.

This is also something I have been pondering as of late. Even though I am employed by a relatively stable employer with no intent on leaving, I am still concerned about staying on top of my game and positioning myself such that I could move if I needed to.

I have invested heavily thus far in my career in becoming trained and certified. I now feel the need to branch out more and look for ways to strengthen the community. My motives are mostly noble in this endeavor, but I also hope it helps build my career network somewhat. I believe this potentially helps the security community at large, myself, and my employer.

So what are these career strengthening activities? I don’t think I am really pioneering any of them. Rather I am foolowing in the footsteps of those like yourself who have came before me. Adding one more voice to the blogosphere, twittering when it feels productive, joining professional organizations and providing pro bono security awareness training. Individually I dont believe these actrivites provide great value, but collectively I hope they do.

I am also attending more and varied security conferences. The quality of most conferences seems jaggedly inconsistent though. I am hoping to find the ones that are more about the security conference and less about the party after the conference. Perhaps the economy will winnow them out some.

Tom

I’m beginning Master’s classes next month and have also been looking at taking some legal courses. I’m not sure I want to totally get my JD, but I think part of the future (just like the past) will be determined by the laws and regulations that are passed. I’m hoping a larger legal foundation might assist in that respect.

This is a great question and a very timely one. Beyond it being important to keep our skills up-to-date just as a general tenet to follow, today’s economic uncertainty is probably an even more imperative reason to do so.

I do several of the things you have already mentioned, read blogs, write my own, read books, etc. I have also invested in an pretty beefy server at home so that I can support multiple virtual machines for experimentation and learning purposes. Being active in conversations on twitter and other avenues like the Security Catalyst Forums also helps keep me sharp.

I am not self-employed and for the first time this year I did something I didn’t think I would ever do. I paid my own expenses to attend a security conference. Granted I didn’t have to cover the cost of the conference itself since I had a press pass, but it was still a significant outlay. I anticipate doing the same thing in 2009 as cost containment efforts are in full swing at my company. I feel strongly enough about needing to network and keep current that it is worth me paying for things out of my own pocket.

Independent of information security specific topics, I also participate in Toastmasters to increase my speaking and presentation skills. These types of skills can be just as important to furthering you career as keeping your infosec specific knowledge current.

Finally, I am a member of ISSA and Infragard. Both offer opportunities to further you knowledge in a fairly inexpensive way.

Kevin

Add any Visualization Tools, VMWare, VirtualBox, etc to help you load up images from TechNet – I have a technet subscription for different Windows Servers and Applications – both for a “security test lab” as well as for product development and testing purposes. Also dabble with other OS’s and apps in Virtualzation – Linux, BSD, – webservers, databases, etc and all their services. this let’s you play with a suite of security tools if you do much technical security assessments.

I’m a newbie to the P90x group as well – mostly because of your post on it – so I have and a similar outlay of cash to fund that.

Most recently I attended the Agenis – CPISM Training – and became a CPISM and CPISA – which was both a great networking opportunity as well as more PCI based knowledge – which was a welcome refreshing for a former QSA.

Lastly what I recommend, it is schedule time for your self, to engage in these activities, so other tasks don’t commandeer time that you had wanted to spend on these activities. I have a daily block of time in my Calendar that I’m “Busy” daily for P90x, and a weekly R&D time slot of a few hours to learn and play.

Additionally, I’m trying to delegate some tasks that I do, I find that as I explain or teach others, I learn myself, as others approach and see things differently or from a different angle, and this exercises your mind a bit.

I also buy and read a lot of books, and try to pick educational items for CPE requirements for my certifications, I find local “chapter” meetings some what boring, but I suspect that is more to do with size of these groups and my locality.

–DB