A few years ago I took the SANS GIAC Security Essentials Course on-line. Included in it was an attempt at the GSEC certification itself, something which I finished up.

The GSEC certification is SANS' entry level certification, but it isn't

an industry entry level certification, if that makes sense. I have

found that information provided in the coursework for that

certification has proven valuable in my day-to-day job working with

servers and server security. This is definitely a course I recommend

for anyone who is serious about hands-on security, not a management

focus on security, like the CISSP. For those who aren't able to attend

a class, there still exists the online option through SANS' OnDemand program. The GSEC coursework is found under SEC 401: SANS Security Essentials.

But what if you're not interested in a hardcore security course but you

did want to become more knowledgeable on the subject? You may want to

take a look at SANS' SEC351 offering, Computer and Network Security Awareness. It, too, is available on-line.

The course is inexpensive and includes a free attempt at the SANS Stay

Sharp Program - Computer and Network Security Awareness certificate

(SSP-CNSA). This is a course you can go through in a few days without

too much trouble and most certainly learn something from. When I took

it as a member of the GIAC Awareness Council, I learned a couple of

things myself. I will advise that the certificate attempt isn't

required. And before you attempt it, review your notes from the course

itself. Not all of the questions in the attempt were easy.

By the way, this course is good for any end user who wants to becomes

more security aware. If you have someone in your family who doesn't

understand phishing attacks, basic social engineering mechanisms, and

the importance of keeping systems up-to-date with antivirus definitions

and security patches, this course helps teach why. It is as applicable

to the home user as the business user, possibly even more so.