Based on your experience and knowledge, what would you say is the BEST Information Security event to attend and why?
Security events, like any industry-driven event, tend to start with a very clear focus and, over time, evolve into a more general free for all. Consider RSA, for example. Over the years its grown from a small, focused conference to an event of epic proportions, recognized on both sides of the table as being an important event to attend.
And it still is, certainly. But the focus has expanded, necessarily, and while it provides a very good overview of the current threat landscape and a wide variety of solutions, there are always vertical industry-specific considerations that may or may not get the attention you need. That’s because different industries standardize on different protocols and architectures, and each have unique security implications that are not always recognized by someone in a different industry. While nearly every security practitioner will nod their head at the importance of PCI DSS, the discussion may not get any deeper than that. Those who are impacted or have their architectural decisions impacted by regulations or industry-specific considerations will not necessarily dive into the technical weeds, as it were, or be aware of requirements issued by regulatory commissions and councils.
For example, the Federal Financial Institutions Examination Council (FFIEC) recently issued a notice requiring banks and financial institutions to not only monitor for DDoS but to have plans in place to mitigate such attacks. While certainly every organization should be following this seemingly common sense advice, they are not necessarily required to prove compliance. Organizations falling under such requirements no doubt seek out the opinions of others in their industry facing the same challenges to brainstorm and compare notes with respect to implementation.
These kind of deeper, focused discussions often occur more informally at self-organized “summits” or “conferences.” These events serve the same purpose as large, industry events once did and, in fact, it is often the case that targeted summits often crop up at broader events as killing two birds with one stone is desirable for many organizations.
It is these focused summits and un-conferences that are the best to attend, because they provide interaction with peers in your industry who face similar challenges and have similar questions. They provide the opportunity not only to compare notes but to commiserate on those challenges unique to the industry with which others may not be able to relate. Being able to reach out to a peer that understands the crazy ask from a regulatory commission as defined by Article 2, Section 3, Paragraph 8 in the Unicorn and Rainbow Security Guide can be helpful not only in solving the technical problem but in having a contemporary able to empathize with the need to comply in the first place.
That’s why I highly suggest seeking out summits and un-conferences attached to industry events, as well as local or regional events focusing on security as it relates to a specific industry. While the big conferences can give you breadth of understanding of the security landscape, it is the smaller, targeted events that will give you the depth necessary to go forth and do good security things.
Lori MacVittie | F5, Sr Product Manager | @lmacvittie
To find out more about our panel members visit the biographies page