I attended and spoke at the Information Security Decisions conference in Chicago.

We started off with round-table discussions for an hour Tuesday night for the early-arrivers. We had 60 minutes or so. The topic was IDS/IPS. The first half, the moderator, Andy Briney, presented questions for us to discuss. Second half we reported on our discussions and then kicked around a group topic or two.

All of the break-out sessions during the 2 1/2 days were lecture-style. There are some plenary sessions: lecture and Q&A/interview.

There were vendor exhibits, all in 10x10 booths. The vendor hall was only opened 4pm.6pm on the two full days (Wed/Thu). They served beer, wine, hot and cold hors d'oeuvres. There were sponsor give-aways (Ipods, memory dongles, and a 2 year lease on a new Mercedes convertible.that last from Symantec).

During the vendor exhibit hall time, vendors delivered solution briefings for all who want to attend.

The attendees were all pre-qualified. I heard that over 1000 applied to attend. Only 300 were selected. The vendors paid for the exhibit and show. (Attendees had to provide a credit card number at the time they applied. The conference charged $300 if they failed to attend.) The pre-qualification seems to work; the vendors I spoke with were happy with the attendance.

The main event started with a plenary session by Professor Eugene Spafford entitled, "The Future of Security." There were 3 parallel (concurrent) tracks: Perimeter Security--Advanced Intelligence and Threat Response; Infrastructure Security: Identity and Access Management; and Security Management: People, Process and Technology. I spoke in the first track. My topic was "How to Achieve Rock-Solid E-mail Security." (I later gave a "webinar" on the same subject. You can find it at http://searchsecurity.techtarget.com/webcasts/.)

[UPDATE: It is no longer there. Download the presentation from here.]

I really enjoyed the presentations by Dr. Joel Snyder (Defense-in-Depth, Part 1 -- Architecture Strategies, Defense-in-Depth, Part 2 -- Building Intelligence, and 6 Top Strategies for Wireless LAN Security), and Dan Houser.s Submarine Warfare -- Perimeter Defense without Walls.

Would I have gone if I was not presenting? Probably not. Was it worth it to me to go? Yes. While I did not learn many new ideas, I did learn a few new ways of looking at security problems through discussions with some of the other speakers. I hope they invite me next year.

Sometimes we can get away with lax computer security for a time. Some might call it luck (or dumb luck), others call it divine favor (Matthew 5:44, 45; Luke 6:35, 36). Eventually, there is judgement day. Let me illustrate by pointing to a recent traffic catastrophe in my home state.

On October 18 in the late afternoon, "Dozens of vehicles crashed Saturday in separate accidents on Interstate 95 as a storm blew through a Baltimore suburb, injuring at least 49 people and forcing authorities to shut down the highway." (See a news story at AP News (or search for "49 Hurt As Storm Triggers Md. Accidents"). Two people involved commented, that "the road wasn't slippery but the glare was unusually strong from sleet on the road, even while wearing sunglasses," and "Everybody stopped because of the glare and the sleet."

You see, on the highways in Maryland, traffic typically moves at the posted speed limit or above. In addition, the cars and trucks -- moving at 60 to 75 MPH do not maintain what the driving books all call "a safe stopping distance." When I drive the highways during morning rush hour the speeds average 10 MPH over the limit (for example, 65 on US 29, which has a 55 MPH limit) with a car length or less between vehicles. And that works just fine ... usually. But when one or more drivers have to lay on the brakes, this starts a chain reaction. Still, sometimes we get away with it. Other times we get what is depicted in the WBAL-TV11 photo, below.

What is your network going to look like?

I have written for LURHQ Corporations's On the Radar newsletter. Pointers to them can be found on my site at www.avolio.com/columns/lurhq-index.html.

The headline caught my attention: "Ancient fungus 'revived' in lab." Just what we need... old mushrooms.

On October 13 at 16:00 GMT, I'm doing a "webcast." According to Searchsecurity, I "will look at trends in e-mail threats, and then focus on best e-mail security practices and technical countermeasures."

Sounds interesting. I'll also be takibg questions and giving answers. You can register at this really long and ugly URL. If you miss it, you can catch it "on demand" at searchsecurity.techtarget.com/webcasts/.