Announcements, Presentations and Work!

Banyan tree, Bangalore, India

Banyan tree, Bangalore, India

It has been an incredibly busy five weeks since 44CON, with a lot of travel, projects coming to fruition, conference talks and preparation as well as more writing than is reflected in this blog.

I have spent three weeks (over two trips) in India carrying out five security risk assessments and hosting one three day client visit, and all I can say is that my India based colleagues continue to impress and amaze me with their knowledge, analytical skills and above all friendliness. I had the good fortune to spend some time with them at a team outing, discovered a mutual friend in London and also hit the dancefloor with them (if you have never danced in an Indian nightclub, you haven’t really danced!).

I was also able to spend an evening with the lovely folks of the Delhi chapter of NULL in Noida, and had a great couple of presentations (WAF and compliance) as well as an engaging conversation on interviewing in the infosec world. I had struggled for the last couple of years to find good conferences and forums in India, but apparently I missed an incredibly vibrant and widespread community. I’m glad to ay that is no more the case and I look forward to attending more in the future (along with my India based colleagues). On my return I attended the IT Security Forum and spoke on “Throwing Shapes for Better Security Risk Management” covering three ways to manage your security programmes more effectively.

A project I have been working on with my good friends and colleagues @sirjester and @j4vv4d finally came to fruition with the help of @jimshout, called Host Unknown. I am extremely proud of this project and we have spent many hours agonising over the details, honing the performances and getting website, YouTube and social media coordinated; in fact it was a lot more work than we expected! There is so much more in the pipeline, and if you would like more information please contact us, I promise you will only be mildly disappointed! (I am also legally obliged to point out that it was all my idea, despite what some of you may have heard.)

My other piece of news is that I have been asked to be a guest blogger for Iron Mountain, something I am absolutely thrilled by! I have already posted my first article, and I am looking forward to writing many more. As someone who can often struggles to  get down to the process of actually writing int he first place, (once I am started I seem to be OK!) I see this another incentive to flex that particular creative muscle more frequently, as well as getting used to writing on specific subjects, somewhat to order. I will of course be cross posting back to this blog, but I would encourage you all to head over and see what they have to say. My particular favourite is @christiantoon who is certainly one of the more prolific writer on the site (and a great guy to boot!).

It’s the RSA Europe conference next week, and I have been busy preparing my presentation “Playing the Game of Thrones: ensuring the CISO role at the King’s Table”. While there is an element of content that I have covered in other presentations before, this is nonetheless a new presentation with plenty of new content, somewhat more research based (although by no means academic) and very much pushing me out of my comfort zone. That said I think it is going to be a strong presentation which should generate some good discussion; here’s a podcast where I explain what I am going to be talking about, and I will of course be covering the conference in my next blog.

With all of this going on I haven’t been able to post as regularly as I would have liked, but I am building up a great stash of content that should see us through the winter months. Winter is coming after all!


That was the week that was – RSA Conference Europe 2012

Having arrived at the Hilton Metropole on Monday lunchtime and finally left the hotel (virtually for the first time) on Friday morning, I am left with a sequence of mad, fascinating, zany, intriguing, bizarre, educational, alcoholic and downright enjoyable experiences. I knew what to expect having attended last year. In no particular order (except by which they fall out of my head) here are my high points, and occasional low points.

Meeting Wendy Nather (@451wendy) of the 451 Group  at last and having lunch with her and Kai Roer (@kairoer, and a constant and welcome companion throughout the week);Dinner at The White Swan with my fellow panellists/debate team, Christian Toon(@christiantoon), Geordie Stewart, Rowenna Fielding (@InfosecGeekLady), Kai Roer, Javvad Malik (@j4vv4d), Gemma Paterson (@GemmaPats) and Chris Batten (@Acumin), and supposedly talking about our debate the next day but actually just sharing inapproriate jokes (mostly led by Chris…); The actual debate itself, not a massive attendance although not only were we up against stiff competition numbers were down somewhat anyway; meeting my first bona fide infosec journalist John Leyden (@jleyden) of The Register as well as my second, Dan Raywood (@DanRaywood) of SC Magazine; Meeting James Lyne (@jameslyne) who is not only a genius but also has the audacity to be charming, funny and an all round lovely guy, goddamm him; Watching Christian Toon bluff his way into the Media/Analysts party on Tuesday night, and watch Javvad have to do nothing to get into the IOActive party on wednesday night because everyone knows him; spending nearly an hour chatting with Javvad talking about blogging, public speaking, charlatans and heroes and being very pleasantly surprised at how much we have in common on these topics; walking out of Bruce Schneiers keynote because I found it dull and unengaging which was a real disappointment; finally making my mind up about Ira Winkler after watching his presentation; wishing I wasn’t late for Josh Corman’s (@JoshCorman) keynote, watching Hugh Johnson again, a master of working the room and engaging his audience, and marvelling at what a thoroughly lovely guy he was; spending time with Brian Honan (@BrianHonan) again and always enjoying his funny yet surprisingly modest company; Eating Schawama’s with Javvad and @sirjester, and subsequently meeting the aforementioned James Lyne and Dan Haywood; failing to win a single thing in any of the prize draws, yet still coming back with five t-shirts and a bag of booty; Watching Javvad and Emma Tweet each other whilst standing side by side; Being amazed, yet finding myself also tweeting almost every 10 minutes in synchronisation with everyone else you happen to be with – what has this world come to?; getting beered up with Chritian Toon on Tuesday and not being able to work out why I feel so drunk and he seems so fresh. The next day it turns out he is nearly 15 years younger than me! I obviously look young for my age, and he the opposite!; Spending a fascinating 90 minutes with Josh Corman on Thursday night and being impressed with how genuine, non judgemental and actually concerned he is about our industry; receiving my first ever Friday Five’s in Twitter and seeing it suddenly explode with activity as everyone joined in, for 10 minutes!; Watching Javvad being awarded his RSA Rockstar t-shirt.

There are many other people I met, chatted with and discussed topics raised in the presentations that are just too numerous to mention. If I have missed you out I apologise profusely and blame my poor memory and being inundated with great times.

The photos throughout this article barely scratch the surface of the fun and educational experience of the week, and I am already looking forward to RSA 2013 in Amsterdam next year!