Based on your experience and knowledge, what would you say is the BEST Information Security event to attend and why?
Over the last 30 years I have attended multiples of security events all over the world, including those I managed in my time as the Chair of the ISO17799/27001 DTI UK Steering Committee, BCS events, and even some of those early Hacking start-ups which ‘never’ happened, such as ‘Access All Areas’, and a few other successful notables, not to mention some flops.
Now having recently criticised InfoSec 14, I did get some stick from a few readers, but nevertheless picked up on a very strong theme that this is, and I quote, the ‘same ole’ churning out some glowing nuggets of inspiration, but which are sadly trapped between a deluge of duplicated opinions from the past, with an absence of looking forward and taking risk of a futuristic-vision. And here I comment as one who has been involved in the past in ‘trying’ to drive the event to new horizons, but clearly failed. In fact when it comes to infosec, I feel that it is time for this, once shiny event to change and consider new options for 2015 – and I would be happy to see that happen.
Again, with the aforementioned event, it does tend to be driven by the vendors, and that is where I have my deepest reservations. For instances with the recent announcement from Symantec that AV is dead – many professionals have known for years it has been ‘dying’, but just because there is a brand new commercial solution to sell to the awaiting public, this is no basis to leverage such a scare tactic – agreed AV is dying, and needs to change to keep pace – but right now, there is still life in the old gal to provision some protection – so keep it installed.
So having declared my hand with the vendor position, back on track and here are my top three favourite events:
1) My most favourite event is Defcon US, as it brings together so many different, and at times whacky people, opinions, and presents futuristic crazy stuff, next generation prospects of insecurity, right through to some thought provoking and fascinating mind bending presentations and papers – where I feel, if you can cut through the tangled conversations, geek speak, you may just start to see the roots of what Back-to-Basics Security really is all about.
2) At number two it has to be ‘any’ Black Hat event, but in particular my preference is the US version – why? Well it is led and attended by passionate people, looking at security from the ground up, top down, and in fact any other angle they can think of – which is complimented, and not dominated, by vendor speak.
3) The last events may surprise you, but it is the ISSA – why? Well, whilst I am a member and supporter of ISACA, they do tend to follow the very soft line of Compliance and Governance, and as I know from experience are not ready right now to change that direction. However the ISSA does tend to get more close to infosec-tech security, and present some articles, presentations and papers which are looking at some of those new, imaginative tools, methodologies, and ways of underpinning the practical operational security mission with what can be at times deep tech-savvy insights, and in my experiences, can provide some very high value to the long-in-the-tooth [AKA Me], and Fledgling Security Professional.
There are of course many more amazing, high value events which deserve credit ranging from the SABSA World Congress to those hosted by focused groups in Egypt – but I can’t simply fit them all in, but do add no matter the badge, if its focusing on futuristic and pragmatic security, and removing that limitation of imagination to maintain an open mind – they have my support.’
John Walker | Integral Security Xassurnce, Ltd | @SBLTD
To find out more about our panel members visit the biographies page.
