Taking RANT to New Levels

Noise Next Door giving conferences a new twist

Noise Next Door giving conferences a new twist

For a variety of reasons I have been unable to post here as frequently as I have liked, but the great advantage of attending a conference is that it does spur one into action to get something written down. Tuesday Jun 11th saw a new kind of conference come to town, the RANT conference. Based upon the monthly RANT forum there were only three individual speakers with the rest of the sessions effectively panel debates but with significantly more audience interaction encouraged.

There were a number of highlights for me, not least all of the people I met there, new friends and old. One of the big surprises for me was the opening keynote from Mark Stevenson of the League of Pragmatic Optimists. I thought it an odd choice of speaker, a futurologist, but very much enjoyed his talk once I got over myself. he looked at (amongst many other things)  how the digital revolution is changing our lives daily. What it came down to though is that despite the massive amount of change that has gone before us, the digital revolution is merely the cocktail sausage of dinner; we cannot begin to imagine what is around the corner.

I also enjoyed watching Javvad play up to his InfoSec rockstar status alongside Neira Jones and the irrepressible Stephen Bonner. It was unfortunate that the final panellist, Ed Gibson, killed the dynamic of the panel dead, changing what should have been an upbeat and funny session into a monologue of personal dislikes that crossed the line into embarrassing.  I thought Javvad played to his RockStar persona very well, but also presented how he made his way to the level of industry notoriety he currently enjoys and the benefits it actually brings to the industry. The serious point of them actually being ambassadors for infosec was quite rightly made. Unfortunately Ed did the same for the next panel on state sponsored espionage, killing what should have been a powerful insight into the topic given his background. I understand Ed is a very highly rated speaker, but on the evidence of yesterday I won’t be rushing to see him speak, and how he handled himself was unfair on the other panellists and indeed on us as an audience.

The Boy Band Strikes back

The Boy Band Strikes back

The rest of the day went very well though, with plenty of laughs with the University Challenged pitting the grey hairs of the industry against the students of Royal Holloway, and a session on security awareness that I was invited to participate in alongside Geordie Stewart, Charles Clarke, Christian Toon and my old mate Bruce Hallas. The reaction from the audience was very positive, with some great questions and opinions. We didn’t all agree, which is exactly what needs to happen; if we all agree, nothing changes, but if there is dissent then that can finally lead to actually driving change in the industry. On the whole it was well received and moderated nicely by Jim Shields, although someone did tweet that he thought the conversation was “same old same old re training me thinks” which is actually fair enough; I do think however that we can only stop talking about it when it is “fixed” (whatever that means!).

Stephen Bonner’s presentation was a distinct improvement upon what he presented at BSides, and was a thoroughly enjoyable rant, replete with chocolate missiles for the audience.

The excellent Twist and Shout were managing the video and photography, and shared many of their corporate training videos in the breaks between sessions that not only gave a very polished and slick feel to the whole day, but also some light relief.

Networking drinks were copious and enjoyable, and the dinner was excellent with after dinner entertainment from Jim Shields in his stand up comedian alter ego and an improv comedy troupe Noise next Door. A fuzzy head this morning tells me I had perhaps a little too much fun.

It was an awesome conference overall, and I hope to see it grow and become part of the established circuit. The format can only get better as while there is a place for the traditional presentation of one person delivering content and then taking some questions has its place, there is a huge advantage to the RANT approach. It allows the audience to engage far more effectively and I would hazard a guess that the audience actually retains more than the standard 20% of content afterwards. Huge congratulations to Acumin for not only making it happen, but also for ensuring it was as free from the commercialisation of so many other vendor driven events, a hugely refreshing approach. The biggest congratulation of the day though must go to Gemma for making it happen.

photo[5]


RANT Panel Debate: “Should You Train Your Users on Security Awareness?”

I spent last night with five eloquent, passionate and above all opinionated colleagues arguing the pros and cons of security awareness training. We were doing this at the monthly Acumin RANT forum to a packed crowd who, as always, were not shy in holding back on their opinions.

The Crowd, who make RANT what it is!

The Crowd, who make RANT what it is!

We had two stand ins replacing Christian Toon and Kai Roer in the form of Bernadette Palmer and Andrew Agnes both of whom bought a huge amount of experience, opinion and humour to the evening. The lineup therefore was:

 For:

(The Award Winning) Javvad Malik, @j4vv4d

Bernadette Palmer

Andrew Agnes @sirjester

Against:

Myself

Geordie Stewart

Rowenna Fielding @infosecgeeklady

We did a standard pre vote just before starting (we garnered no votes and a lot of good natured laughs as expected!) and then we went straight into the standard For and Against cycle with me kicking off. Nobody had briefed me (or perhaps I hadn’t listened…) that we were reducing our standard six minutes each down to three! A quick reshuffle in my head and we were off. The photos may look like I am singing Karaoke, but beneath the entertaining exterior was my serious message!

I have posted my core arguments to this blog before so I won’t rehash them here again but what followed over the next eighty minutes was hugely interactive, passionate, thought provoking and hilarious! With a few dongle and fork gags thrown in this debate had everything! Of course there was no real conclusion but at the closing vote there was a small but very definite swing in our favour, hooray!

The Karaoke King!

The Karaoke King!

What I found the most interesting however was that on the whole our arguments converged; we all acknowledged that information security training as it stands now is simply not working. What we do with it however, was where the real debate lay. Do you throw the whole lot out and start form scratch or do you continue to try and fix what we have? I think this is the dilemma we need to face up to sooner rather than later in the industry, once of course we accept that our training programs don’t work. That part is where the industry needs the most help.

I normally try and stay around after these kinds of events and listen to other peoples opinions, gather feedback and generally mingle. Tonight however I had dinner with a few folks (@jimshout, @j4vv4d, @sirjester, @jee2uu) to discuss an upcoming project. More on that in the next few months but it was a productive and exciting evening overall.

Finally, there was some footage taken of the evening by Gemma of Acumin; like all my footage if it ever sees the light of day I will get it posted here as soon as possible! As always a huge thank you to Gemma, Simon, Chris et al from Acumin for not only making this happen but asking me to be a part of it.

Andrew Agnes

Andrew Agnes

Geordie Stewart

Geordie Stewart