Security's Everyman

Security's Everyman

Tuesday, March 18, 2008

CSO Perspectives Day 2 and 3

I think one of the aims of the conference was to make us feel right at home. What I mean by that is for most of us our days start early, end late and we are always on the go. That is exactly how day 2 was. Breakfast was at 7:00 AM and the day ended (officially) at 9:30 PM and just about every hour in between was filled with something. Even lunch was done in table discussion format. The last 3 hours were geared more towards the "fun" side of things. There was a big St. Patrick's day party open to all. I missed out on it because I had been invited to a dinner that IBM was sponsoring. After the dinner was over and we all parted ways it was pushing 11:00 and we had to start again at 7:30 the next morning.

I'm not going to bore you with all the details of the day. The main thing that I want to stress is that this is a quality conference. It's not geared towards the technical side of life but towards the business/operational side. It's not big and it's not super sexy like some of the larger conferences but it is done right. In talking with lots of attendees I discovered that the reason many of them choose this conference is because it is small and it does offer what the CSO needs. Many people that I spoke with have been to CSO Perspectives at least once before and some were on their 3rd or 4th conference.

What did I like? Pretty much the same things. Not too many people so it was overly crowded. Good content in most of the sessions. Vendors were there but they participated in the conference as both vendors and participants. It wasn't pushy and it wasn't filled with sales pitches. The opportunities to network with others in similar situations was really great. I spoke with guys very much like me who were fairly new to the world of being a information security officer to those who had been doing it for years and who worked for some of the worlds largest companies. The thing that really got my attention is that all of them acted just like they were "real" people. No egos, no "look at what I've done". Just "Here I am. What can I do for you?"

Several times during Q/A sessions I'd ask a question and almost every time someone would approach me afterwards and give me a card and tell me to get in touch with them if I needed any thing.

Just a quick rundown of some of the highlights of the conference and who some of the speakers were.

  • Eric O'Neill - Former FBI Operative. The movie "Breach" is about his role in bring down one of the foremost spies in recent history, Robert Hansen.
  • Dave Morrow - CSPO, EDS - spoke on the topic of monitoring employees
  • Milton Ahlerich - VP Security, NFL - talked about the challenges of security when dealing with "stars" and very large venues.
  • John Stewart - VP & CSO, Cisco Systems - John spoke about the value Security adds to an organization and how to sell that value to management and the users.
  • Andrew Nash - Sr. Dir. of Information Risk Management, PayPal. Andrew talked to us about the growing threat of malware and what companies like PayPal are doing to fight it and help make us all safer.
  • Louis Freeh - Former Director, FBI - This is a guy who's shoes I wouldn't have wanted to be in. He was put in the undesirable position of having to conduct multiple investigations into the actions of his boss. The President of the United States, Bill Clinton. He spoke to us about leadership keys that can make or break your career.

There were also "break out" sessions that touched on different concepts and strategies to help us do our jobs better. There were lunch sessions around various topics of interest and there were other "Hot Topic" sessions for the whole group. The only thing that I would have done differently was to reduce the number of "break out" sessions and increase the amount of time for these sessions. Each as 30 minutes long and that's just not enough time to do much more that get going good. Other than that I think the team at CXO Media did an excellent job in planning and executing the conference. If you have never been I'd make a note to attend next year if you are a CSO or in a position of security leadership with your company. It's worth the investment in time and money.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.