And if that title doesn’t attract attention I don’t know what will…
Unfortunately (for you) while this title is accurate the rest of this post may not quite deliver what you are expecting or hoping for. Just a few days ago (Thursday 16th May) I attended for the first time an ISSA-UK chapter meeting in Bristol where Marcus Alldrick, Richard Hollis and myself were presenting (in that order) to the great and the good of the south west infosec community.
Marcus’ presentation of The EU’s Proposed Data Protection Regulation, It’s Life Jim But Not As We Know It was very well received with a huge amount of interaction to the point of a twenty minute overrun. I have tended to avoid expending too much energy on draft legislation like this as it often changes dramatically the closer it gets to publication (MA201 CMR 17 is a good example of this), and so the view that Marcus presented was a welcome one. Although his deck was content rich he put it across in his own inimitable style and I found it hugely educational. One point that came across loud and clear is that if it gets enacted in its current format one of the most sought after roles in any company will be that of Chief Privacy Officer for the job security alone (the role must be filled by the same person for a minimum of two years!).
Second up was Richard Hollis with his hotly anticipated Deep Threat – Top 10 Lessons to Learn from the Online Adult Entertainment Industry. While the expected jokes and euphemisms came thick and fast underneath it were some startling and very interesting lessons, but namely that the adult entertainment industry simply does information security far better than the rest of us; they are single minded, have a lot to lose, and ultimately see the “battle” with maintaining security as just that… it’s a war which they are determined to win. A fascinating insight into an often overlooked industry with some great lessons summarising the underlying security ethos of this industry.
Finally it was my turn. To be honest I was somewhat apprehensive following these two presentations; there was a huge amount of interaction to this point and while my presentations somewhat relied on audience participation the main points I was raising were quite high level and in some cases not often talked about. I shouldn’t have worried. I had an absolute blast talking about different elements of risk management and getting some excellent feedback, comments, questions and of course different opinions. My case was obviously helped by the fact that I was handing out prizes for each correct answer identifying a quote to a film! The presentation itself is below along with a few snippets of the presentation itself taken from the back of the room.
I have always been impressed with the ISSA-UK meetings, the quality of the discussion between people and to be honest the great value that membership of this association brings. I am very much looking forward to more of these, and if asked to present again at one of their sessions. My thanks to Alan and Gabe (@infoseccrow) for giving me the opportunity to present here.