Fred Avolio's Musings

iChat Status

musings on security and other topics topics archives
October
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
most recent headlines other links, other blogs  

:: home :: security :: InfoSecDec04.html ::
Thu, 28 Oct 2004
Trip Report: Information Security Decisions October 6-8, 2004

I attended and spoke at the Information Security Decisions conference in Chicago.

We started off with round-table discussions for an hour Tuesday night for the early-arrivers. We had 60 minutes or so. The topic was IDS/IPS. The first half, the moderator, Andy Briney, presented questions for us to discuss. Second half we reported on our discussions and then kicked around a group topic or two.

All of the break-out sessions during the 2 1/2 days were lecture-style. There are some plenary sessions: lecture and Q&A/interview.

There were vendor exhibits, all in 10x10 booths. The vendor hall was only opened 4pm.6pm on the two full days (Wed/Thu). They served beer, wine, hot and cold hors d'oeuvres. There were sponsor give-aways (Ipods, memory dongles, and a 2 year lease on a new Mercedes convertible.that last from Symantec).

During the vendor exhibit hall time, vendors delivered solution briefings for all who want to attend.

The attendees were all pre-qualified. I heard that over 1000 applied to attend. Only 300 were selected. The vendors paid for the exhibit and show. (Attendees had to provide a credit card number at the time they applied. The conference charged $300 if they failed to attend.) The pre-qualification seems to work; the vendors I spoke with were happy with the attendance.

The main event started with a plenary session by Professor Eugene Spafford entitled, "The Future of Security." There were 3 parallel (concurrent) tracks: Perimeter Security--Advanced Intelligence and Threat Response; Infrastructure Security: Identity and Access Management; and Security Management: People, Process and Technology. I spoke in the first track. My topic was "How to Achieve Rock-Solid E-mail Security." (I later gave a "webinar" on the same subject. You can find it at http://searchsecurity.techtarget.com/webcasts/.)

[UPDATE: It is no longer there. Download the presentation from here.]

I really enjoyed the presentations by Dr. Joel Snyder (Defense-in-Depth, Part 1 -- Architecture Strategies, Defense-in-Depth, Part 2 -- Building Intelligence, and 6 Top Strategies for Wireless LAN Security), and Dan Houser.s Submarine Warfare -- Perimeter Defense without Walls.

Would I have gone if I was not presenting? Probably not. Was it worth it to me to go? Yes. While I did not learn many new ideas, I did learn a few new ways of looking at security problems through discussions with some of the other speakers. I hope they invite me next year.

Comment on this.
[/security/] permanent link