Security's Everyman

Security's Everyman

Friday, November 07, 2008

ISD Wrap-Up

I had planned on doing a Day One and Day Two post but that didn't happen so I'm gonna do a all in one summary. Things started on Tuesday when I met up with Chris Hoff in the Hotel fitness center for a workout. After that was over I hooked up with Adrian Lane, Adam Dodge and David Mortman for dinner. After that there was a informal meet-up back at the hotel with some of the Tech Target team.

Things really got going on Wednesday morning.  The day started off with a talk by Kevin Mandia talking about Incident response. He shared some stories about cases that he had worked on and talked about trends in what he has been seeing and where he thought it might go. Unfortunately they didn't have paper for us and I didn't bring any so I was unable to take notes to give more detail.

Next up was the ear bleeding "4 Horsemen of the Virtual Apocalypse" talk by Chris Hoff. Why do I call it ear bleeding? Because he had a lot of info to cram into a 45 minute talk. Chris is the man when it comes to virtualization and security (or the lack there of). Unfortunately even though he talked fast he still didn't get it all in but he has the slides and notes available for download. I recommend getting it if you want to learn more about virtualization and security.

After that I had a hard choice. David Mortman and Mike Rothman were both speaking at the same time. I decided to listen to Mort's talk on Web 2.0 in the enterprise.  He talked about how it's here whether we like it or not and that as consumers of it we have to demand that the vendors/creators do it securely. He also went over the importance of secure code delivery across the board.

After lunch there was a Panel Discussion from this years winners of Tech Targets Security 7. They break the world up into 7 verticals and choose someone from each vertical who has made significant contribution to the world of information security during the last year or so. This years winners are Bill Boni, Mark Burnette, Michael Mucha, Marc Sokol, Eugene Spafford, Martin Valloud and Mark Weatherford.

Next we were treated to one of Joel Snyder's informative and entertaining talks on Security Agility.  Joel spoke about the need for IT and Security to be agile and why it is important. Joel's mantra is that it's better to be innovative than efficient. This goes against a lot of what is preached by many others. Joel believes that when we are innovative then we are agile and are better prepared to face the challenges that we come up against daily. Not only that but by being agile we can stay ahead of the curve and when business units come to us with a need or problem we are better prepared to help them.

Day two was a little slow (or maybe it was me) and by far the highlight was the Security Researchers Panel that included Thomas Ptacek, Billy Hoffman, Dave Aitel and Alexander Sotirov. They talked about SDLC, attacks, breaches and such. It was refreshing to hear guys of this caliber giving their insights into what was going on and possibly where we were headed. This panel was actually my favorite session of the whole conference.

I'll stop here. It's been a long post already and I've probably lost most of you by now.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.