Without knowing where you are in your career and what skills you already have, I have a hard time recommending specific classes. In terms of enhancing technical skills, I've heard great things about the trainings offered at Black Hat prior to the briefings. I've also heard great things about the SANS security training classes, especially with regard to forensics. If those classes are outside your budget, there are lots of great websites and blogs you can study from, not to mention books. Check out the Security Bloggers Network and the Team Cymru News Feed. Both are great sources of information and will give you a fantastic overview of the best blogs in the industry to pick and choose from. Finally, you could try to set up a study group with other security professionals in your town to discuss a particular topic, sort of a book club for infosec pros. There are a number of national and regional information security user groups as well.
If you are interested in pursuing (or are already on) the security management track, I would avoid security classes altogether and instead consider business classes. A stronger understanding of how businesses work (and, in particular, how your employer works) will be a great benefit to your career. Such understanding can enable you to communicate with the business in terms that they understand; having a common language will give you the ability to get a lot more done. In addition to general management classes, it would be useful to take classes on finance -- at least enough to understand balance sheets, 10Ks and what not. Classes like this are generally available in the evenings at local universities and community colleges.
Finally, regardless of where you are in your career, I recommend that everyone work on their presentation skills, whether though formal classes, semi-formal organizations like toastmasters, or even by speaking regularly at local groups. Without the ability to communicate effectively to business executives and your security team, the rest of your training will go to waste.
For more information:
- Check out our security career advisor tips.
- The vendor-neutral information security certification landscape: What you need to know.
This was first published in August 2009