I’m fresh off of a couple of weeks of getting new data and new perspectives from “herds” of security people by spending time hanging around their watering holes.
For example, I spent some time at Black Hat, hearing from others on what they are doing to improve security. I have been spending time with a couple of ISACs (Informatino Sharing and Analysis Centers).
I have been lurking on a listserv of risk analysts to hear the latest views on infosec risk frameworks. And so on. Next month, I will be hanging around some different watering holes, this time in groups oriented and comprised of C-level security executives.
The interesting thing to me is how little overlap there is between these groups, and how limited the “senior executive” involvement is in these groups. This feels like missed opportunity to me.