A lot of good stuff has already been written about this last week with regards to BSides London, InfoSecurity Europe and the Security Blogger awards, so this post is a personal recollection after the haze of too many late nights, early mornings and good times.
Tuesday 29th bought BSides London, and once again the volunteers surpassed themselves; it retained two tracks but definitely felt expanded with the workshops and a new location for the rookie track. The organizers should feel rightly proud of what they have done, and those of you who didn’t turn up on the day (and therefore denied others of a ticket) should take good long look at themselves in the mirror.
I had to spend the afternoon over at Infosecurity Europe as I was on a panel titled “One big threat to cyber security: IT Geeks can’t talk to management” alongside Dwayne Melancon and Stephen Bonner. It was only 25 minutes long but I felt we managed to push a lot of good advice and takeaways into it, and the conversations continued afterwards in the hallway. I even managed to get a reference to Kenny Loggins into one answer, something I feel rightfully proud of.
Then back to BSides to see Joseph Gwynne-Jones speak on the rookie track. I was mentoring Joseph this year, and to be honest I found it very challenging as Joseph is profoundly deaf; we couldn’t speak in the run up to BSides and could only communicate over email and Twitter. I advised as best I could, reviewed slides etc, but what was crucial was the ability of his interpreter being able to effectively communicate the jargon etc on the day. Given Joseph wouldn’t meet him until the morning of the conference this would be quite a challenge. As it turned out Ian Hodgetts did a marvelous job, and was also on hand to interpret into British Sign Language (BSL) of all of the talks Joseph went to. We believe this is a first for an info security conference. Joseph obviously did an absolutely cracking job and I was able to spend some time with him and Ian afterwards talking about what else we could do in the future to improve further. It was an eye opener for me, and an absolute education in how important it is to communicate clearly and effectively in these kinds of conferences to absolutely everyone who attends. At the after party I was able to wear the hoody that was generously given to me by the Abertay Ethical Hacking Society, and feel like a student again (if not look like one).
Wednesday bought Infosec Europe again after a few early morning meetings, (including some scheming and rubbing of hands with invisible soap with the good folks of 44CON at the 44Cafe – I can’t wait for September!) but the highlight was of course the Security Bloggers Awards. Between me and Host Unknown I was up for eight awards in total, and came away with the award for Best Personal Security Blog, again! I was both surprised and touched that I was able to get this award again. Host Unknown didn’t fare as well unfortunately, but I can guarantee that the next twelve months will put us in a very strong position for next year, both at the European awards as well as the USA awards at RSA. Unfortunately Andrew was indisposed to help us collect a Host Unknown prize (that we didn’t win).
(I have said this before but will say it again, everyone who is not only involved but also nominated for the blogger awards represents the very best of our industry in that they are all contributing their time and expertise to the community; I can’t recommend enough that if you are reading this that you also read their blogs too. Also, none of this would have happened without Brian Honan, Jack Daniel, Tenable, Tripwire and Firemon; thank you all.
Thursday bought another panel, this time in the Keynote Theatre with a panel on “Risk and control: Effective risk assessment methodologies to drive security strategy and investment” (alongside Vicki Gavin, Paul Haywood and moderated very well by Dave Clemente. It was a good, vibrant session and with plenty of questions both during and after the session.
Finally for the afternoon I got involved in only what can be termed a “flash mob” for Twist & Shout (as soon as that is released I will show it here!) and then got engrossed in the hallway track with the likes of Shan Lee, Quentyn Taylor, Peter Stephens, Jim Shields, Dave Lewis, Wim Remes, of course my conference partner in crime Javvad, and the lovely folks of Eskenzi and Acumin.
If there is one thing that is apparent form the above it is that any conference week is only valuable from the people you meet there. This list must be barely 10% of the people I shook hands with, shared a drink or said hello to, all of whom influence me to one degree or another. Whatever your thoughts on the infosec conference scene, this aspect alone is what makes it worthwhile. Apologies to anyone and everyone I have missed out.
InfoSecurity Europe is a show that has gone from strength to strength over the last few years, with the education programme improving; combine this with an excellent BSides London Conference, this week in Europe is one to look out for (although next year Infosec Europe and BSides will be from 2nd to 4th June at Olympia).
But rather a heartfelt thank you and cry for your support! In exchange for not writing yet another piece on Heartbleed (enough coverage by me here from last week) I thought I would take this opportunity to talk about the European Security Blogger Awards.
In it’s second year only, the competition has certainly heated up with a large number of high quality blogs, blogs and podcasts on offer to vote for. There is a good commentary from IT Security Guru and Brian Honan on what it is all about here. I am thrilled, excited and pleasantly surprised to have been nominated in five categories this year:
- Best Corporate Security Blog
- Best Personal Security Blog
- Most Entertaining Blog
- Most Educational Blog
- Grand Prix best Overall Security Blog
(I’m not sure how I got into the corporate blog category, but it’s all good!)
Thank you to all of those who nominated this blog in all of those categories, but with the quality amount of the competition I shall have to start practicing my Hollywood Oscars “really upset but can’t show it that I lost to that charlatan” face when the winners are announced.
One of my other internet tenancies has also been nominated three time, Host Unknown:
- Best Security Video Blog
- Most Educational Blog
- Best New Security Blog
With less than a year in “business” it is great to be nominated here as well, and we have a number of very exciting activities coming up over the next few months.
I said this last year, and it is worth repeating again; this list of nominations represents the very best of what the information security blogging community has to offer. Some of it serious, some of it humorous and some of it acerbic, but all of it providing a viewpoint of one kind of another that is worth listening to, reading or watching. Use this as a shopping list for your RSS reader.
Voting closes on Wednesday 23rd April, and the awards will be announced on Wednesday April 30th at the Prince of Teck Pub, Earls Court.
Thank you again to those of you who nominated me, time for the voting campaign to begin!
I have recently returned from a conference that I might not have ordinarily attended or even been able to justify, namely the Information & Records Management Society (IRMS) conference in Brighton.
I had been invited to participate in a panel session on Monday morning entitled “Adapt or Die: Is Records Management still relevant in a World of Big Data” alongside Christian Toon (@christiantoon) and Phil Greenwood of Iron Mountain, and Sarah Norman of HM Treasury. Not only was it an excellent discussion, but it struck me quite how similar the challenges are between the IRM world and the risk management/CISO world.
We answered a question around how can the IRM folks avoid only getting funded and have attention paid to them after an emergency, and it immediately struck me that this is exactly what happens with security. Another related question concerned connecting effectively to the business and I was able to relate the tasks of the IRM function to the Confidentiality, Integrity & Availability (CIA) goals of the information security professional, and how the two goals are very similar.
Even the opening speech spoke about IBM’s Four V’s of big data (quoted), namely:
- Volume: Enterprises are awash with ever-growing data of all types, easily amassing terabytes—even petabytes—of information.
- Velocity: Sometimes 2 minutes is too late. For time-sensitive processes such as catching fraud, big data must be used as it streams into your enterprise in order to maximize its value.
- Variety: Big data is any type of data – structured and unstructured data such as text, sensor data, audio, video, click streams, log files and more. New insights are found when analyzing these data types together.
- Veracity: 1 in 3 business leaders don’t trust the information they use to make decisions. How can you act upon information if you don’t trust it? Establishing trust in big data presents a huge challenge as the variety and number of sources grows.
Isn’t this exactly the sort of thing that CISO’s have to grapple with every day?
The world of the IRMS and the world of the Infosec Professional are very closely related it seems, and I think this relationship is one that needs to be explored by both communities further to ensure mutual goals are more easily met.
On a personal side I had a great time speaking with the vendors, watching a few presentations and taking part in the pub quiz (we didn’t win..). There was even a black tie gala dinner on Monday that was an absolute blast that culminated in my friend, Christian Toon, being awarded a fellowship of the IRMS which was just fantastic to to be able to see.
I am sincerely hoping to go to next years event, and perhaps hoping even more that by then the argument to attend will be much easier as our industries begin to forge closer ties.
Just over a week ago the good, the awesome and the rockstars of the European blogging scene centred upon the the function room of the Prince of Teck pub in Earls Court for the inaugural European Security Blogger Awards of 2013. The atmosphere had a nervous tension and a strong feeling of anticipation (as well as a few bow ties for some other award going on immediately after that night!). These awards would not have happened if it wasn’t for two gentlemen in particular, namely Jack Daniel (@jack_daniel) and Brian Honan (@brianhonan) and without the sponsorship of Tenable (for the bar) and Qualys (for the trophies themselves). Both of them organised this off their own backs, were extremely gracious hosts and ultimately did this for the betterment of the European infosec community, and I wish to recognise that formally.
Thank you Jack and Brian, and to our sponsors.
But moving onto the awards themselves; after an initial round of blind nominations, the finalists were announced on Saturday 13th April and a no doubt frenzied bout of voting commenced, interspersed by all the finalists vying for your votes. My favourite had to be this one from Kai Roer (@kairoer), someone certainly not known for his modesty!
But aside from my evil twin shamelessly and quite rightly asking for votes (he has a great blog, check him out!) there were regular reminders and links from Brian and Jack to get voting and many retweets. I’m not sure how many votes were cast but I imagine they were well into the hundreds.
And so the night came, and after a day at Infosecurity Europe just over the road, and the practising of our “disappointed we didn’t win but SO happy for the winner” faces, it was down to Jack to announce the nominees and winner. They are listed below, but before that I want to move onto the tip I promised in the title…
Below are links to some of the smartest minds in our industry, and not only that, but they are willing to share their knowledge with you, for free. In any industry that is a rare gift to be given so I would like to encourage everyone who reads this to visit some of these blogs and follow them on Twitter, and also actively participate in the discussions, opinions and (dare I say it) thought leadership that is being presented. As a blogger myself I know the thrill of discussing a topic with someone, whether they agree with me or not. If you disagree with something that is being said, then politely and respectfully say so and put your point across. Even a simple message of support or a ‘Like’ means these people are going to be more likely to continue to blog and share their ideas with you in the future. And of course, if you think you can do better we would welcome you with open arms; this is not an exclusive club.
And so, without further ado, and a final thank you to Brian and Jack, here are the results of the European Security Blogger Awards 2013!
Best Corporate Security Blog
Malware Must Die
Sophos Naked Security Blog < WINNER!
F-Secure Labs Blog
SCRT Information Security
Security for UK Legal Professionals
Holistic Security Blog
Best Personal Security Blog
Chat Back Security
The Roer Information Security Blog
Make IT compliant – Security and Compliance
Thom Langford < WINNER!
Best EU Security Tweeter
@rik_ferguson < WINNER!
Grand Prix Prize for the Best Overall Security Blog
Sophos Naked Security Blog < WINNER!
Light Blue Touchpaper
Holistic Security Blog
Didier Steven’s Blog
If you made it this far you may have noticed I was very honoured and pleasantly surprised to have won Best Personal Security Blog, and against some real industry heavyweights too. My thanks to all of those that voted for me, it means the world to me.