
The Art of the Conference

A lot of good stuff has already been written about this last week with regards to BSides London, InfoSecurity Europe and the Security Blogger awards, so this post is a personal recollection after the haze of too many late nights, early mornings and good times.
Tuesday 29th bought BSides London, and once again the volunteers surpassed themselves; it retained two tracks but definitely felt expanded with the workshops and a new location for the rookie track. The organizers should feel rightly proud of what they have done, and those of you who didn’t turn up on the day (and therefore denied others of a ticket) should take good long look at themselves in the mirror.
I had to spend the afternoon over at Infosecurity Europe as I was on a panel titled “One big threat to cyber security: IT Geeks can’t talk to management” alongside Dwayne Melancon and Stephen Bonner. It was only 25 minutes long but I felt we managed to push a lot of good advice and takeaways into it, and the conversations continued afterwards in the hallway. I even managed to get a reference to Kenny Loggins into one answer, something I feel rightfully proud of.
Then back to BSides to see Joseph Gwynne-Jones speak on the rookie track. I was mentoring Joseph this year, and to be honest I found it very challenging as Joseph is profoundly deaf; we couldn’t speak in the run up to BSides and could only communicate over email and Twitter. I advised as best I could, reviewed slides etc, but what was crucial was the ability of his interpreter being able to effectively communicate the jargon etc on the day. Given Joseph wouldn’t meet him until the morning of the conference this would be quite a challenge. As it turned out Ian Hodgetts did a marvelous job, and was also on hand to interpret into British Sign Language (BSL) of all of the talks Joseph went to. We believe this is a first for an info security conference. Joseph obviously did an absolutely cracking job and I was able to spend some time with him and Ian afterwards talking about what else we could do in the future to improve further. It was an eye opener for me, and an absolute education in how important it is to communicate clearly and effectively in these kinds of conferences to absolutely everyone who attends. At the after party I was able to wear the hoody that was generously given to me by the Abertay Ethical Hacking Society, and feel like a student again (if not look like one).
Wednesday bought Infosec Europe again after a few early morning meetings, (including some scheming and rubbing of hands with invisible soap with the good folks of 44CON at the 44Cafe – I can’t wait for September!) but the highlight was of course the Security Bloggers Awards. Between me and Host Unknown I was up for eight awards in total, and came away with the award for Best Personal Security Blog, again! I was both surprised and touched that I was able to get this award again. Host Unknown didn’t fare as well unfortunately, but I can guarantee that the next twelve months will put us in a very strong position for next year, both at the European awards as well as the USA awards at RSA. Unfortunately Andrew was indisposed to help us collect a Host Unknown prize (that we didn’t win).
(I have said this before but will say it again, everyone who is not only involved but also nominated for the blogger awards represents the very best of our industry in that they are all contributing their time and expertise to the community; I can’t recommend enough that if you are reading this that you also read their blogs too. Also, none of this would have happened without Brian Honan, Jack Daniel, Tenable, Tripwire and Firemon; thank you all.
Thursday bought another panel, this time in the Keynote Theatre with a panel on “Risk and control: Effective risk assessment methodologies to drive security strategy and investment” (alongside Vicki Gavin, Paul Haywood and moderated very well by Dave Clemente. It was a good, vibrant session and with plenty of questions both during and after the session.
Finally for the afternoon I got involved in only what can be termed a “flash mob” for Twist & Shout (as soon as that is released I will show it here!) and then got engrossed in the hallway track with the likes of Shan Lee, Quentyn Taylor, Peter Stephens, Jim Shields, Dave Lewis, Wim Remes, of course my conference partner in crime Javvad, and the lovely folks of Eskenzi and Acumin.
If there is one thing that is apparent form the above it is that any conference week is only valuable from the people you meet there. This list must be barely 10% of the people I shook hands with, shared a drink or said hello to, all of whom influence me to one degree or another. Whatever your thoughts on the infosec conference scene, this aspect alone is what makes it worthwhile. Apologies to anyone and everyone I have missed out.
InfoSecurity Europe is a show that has gone from strength to strength over the last few years, with the education programme improving; combine this with an excellent BSides London Conference, this week in Europe is one to look out for (although next year Infosec Europe and BSides will be from 2nd to 4th June at Olympia).
But rather a heartfelt thank you and cry for your support! In exchange for not writing yet another piece on Heartbleed (enough coverage by me here from last week) I thought I would take this opportunity to talk about the European Security Blogger Awards.
In it’s second year only, the competition has certainly heated up with a large number of high quality blogs, blogs and podcasts on offer to vote for. There is a good commentary from IT Security Guru and Brian Honan on what it is all about here. I am thrilled, excited and pleasantly surprised to have been nominated in five categories this year:
(I’m not sure how I got into the corporate blog category, but it’s all good!)
Thank you to all of those who nominated this blog in all of those categories, but with the quality amount of the competition I shall have to start practicing my Hollywood Oscars “really upset but can’t show it that I lost to that charlatan” face when the winners are announced.
One of my other internet tenancies has also been nominated three time, Host Unknown:
With less than a year in “business” it is great to be nominated here as well, and we have a number of very exciting activities coming up over the next few months.
I said this last year, and it is worth repeating again; this list of nominations represents the very best of what the information security blogging community has to offer. Some of it serious, some of it humorous and some of it acerbic, but all of it providing a viewpoint of one kind of another that is worth listening to, reading or watching. Use this as a shopping list for your RSS reader.
Voting closes on Wednesday 23rd April, and the awards will be announced on Wednesday April 30th at the Prince of Teck Pub, Earls Court.
Thank you again to those of you who nominated me, time for the voting campaign to begin!
This time last year I posted a WordPress summary of my blog and stated I was going to focus on “growth” for 2013. Fortunately WordPress sent the same summary as last year and so I am very pleased to say that I have achieved that, certainly in regards to posts, content and followers.
It was a hugely busy year as regards me and this growth, with just some of the highlights including;
* Establishing Host Unknown alongside Andrew Agnes and Javvad Malik, and making a start in showing that security education really doesn’t have to be dull.
* The opportunity to be a mentor to Gavin Holt for the Rookie track at BSides. Gavin is an extremely talented and intelligent InfoSec professional and I was thrilled to have been able to help him present.
* The inaugral RANT conference and being able to play a part in the day for the lovely people at Acumin.
* Presenting at RSA Europe again.
* Getting involved with The Analogies Project, curated by the very talented Bruce Hallas, in addition to being asked to be a regular contributor to the Iron Mountain Information Advantage blog.
* Winning Best Personal Security Blog at the inaugral European Security Bloggers Awards.
Combine the above (just the tip of the iceberg) with a dramatic increase in followers of the blog and of Twitter and an increase in the number of requests to present I am extremely pleased with 2013.
The word for 2014 therefore is “maintain”. Much as I would like to grow last years levels of activity it did cut into my day job quite considerably so I need to be a little more selective in my activities. That said, I have already presented at Securi-Tay3 in Dundee and have another one for the 451 Group in a few weeks. I will post something about Securi-Tay3 in a few days time when the videos have been published.
There are so many people to thank for the success of 2013, some of whom are mentioned above, but there are many others out there to whom I thank; I have very much been fortunate enough to stand on the shoulders of giants, allowing me to grow as a professional in the infosec field.
(View the full WordPress blog report here)
Moving forwards I have plenty of thoughts for content for this blog over the coming months so stay tuned for more details, and thank you for following me in 2013!
Last week was a very busy week for me in the information security arena, which given not that long ago I said I was winding down for the end of the year into Christmas was a little surprising.
On Tuesday I was asked, somewhat last minute, to moderate a panel on Threat Intelligence at the InfoSecurity Leadership Summit. This is not a primary area of interest for me, but given I was moderating the panel and not on the panel itself I felt I had nothing to lose. With about 10 days notice, one short conference call and a rapidly drawn up set of notes the session went very well, although we had a very limited amount of time resulting in no questions from the audience which was disappointing. I do think I achieved my three key objectives for the session though:
Moderating a panel is somewhat less glamorous (if that is the right word) than presenting or being on a panel, but I like the good folks at InfoSecurity so was happy to help out. The experience was useful for me as well, as moderating is very different to being a talking head. The conference itself was also very good, especially given it was the first one the folks at InfoSecurity have done in this space. I look forward to next years.
The day after, on the 4th December I flew to Frankfurt to attend the World Class Mobile Collaboration conference, where I was asked to present an old favourite of mine, An Anatomy of a Risk Assessment. Due to some technical difficulties I had to present an hour before I was scheduled to which somewhat put me on the spot, but actually worked out rather well. I had some great conversations with people in the break afterwards and swapped contact details with a number of them too. It was a very enjoyable but exhausting day though as I had to return that evening to get back to my day job. They kindly recorded the presentation, below:
And finally, on Friday 6th a Christmas Message video was released that I was involved with in collaboration with Host Unknown and Twist & Shout. I blogged about it on the day but I wanted to mention it again as I do think it is a good example of putting points across in bite sized chunks that are memorable and effective (Twist & Shout are very good at this). There will be some behind the scenes footage being released next week, so look out for it on Twitter and the Host Unknown blog.
Back to work for a rest for the next two weeks I think!