SOURCE Boston — Day 1
Wednesday was the start of SOURCE, the highly anticipated security conference in Boston. Being the first year of the conference attendance seems to be decent, we are not maxing out capacity but enough people to stir things up. Overall I thought it was a great day, below is a quick recap:
We started off with welcoming remarks from Tito Jackson, Director of Information Technology for the Massachusetts Office of Business Development. He spent most of his time talking about how great the technology and security population is in Massachusetts. Dipped a little into the venture capital community discussing how MA is second only to CA in the amount of VC $$$ being managed.
Tito then handed things off to Richard Clarke to talk about “The Current State of the Wr on Terrorism and What it Means for Homeland Security and Technology”. I thought the first part of the speech was great. He was talking about government hacking and examples of countries supporting these types of attacks and what the US response is. He had some good nuggets of information about what is actually going on. Then something happened and I’m still not sure what it was but he started going down a dirt road to no where. There was talk of how ISP’s should never monitor internet traffic without a warrant but later he said that we need the ISP’s to monitor all traffic. He started talking about how we need regulations that require secure code…a path I don’t want to go down at this point.
The next session I hit was Mike Rothman’s “How Compliance Can get you Killed”. Mike is a very engaging speaker, and person in general. He went on about what a CSO does and the interaction you need with management to be successful. He dug into how compliance can help you in a security role by getting additional funding for security projects. Use compliance as a way to be more secure, dont just try to fill a checkbox. I recommend you check out more on Mike when you have some time.
Next up was Chris Hoff and Rich Mogul presenting “Disruptive Innovation and the Future of Security”. It ran a little long and was a little rough around the edges in terms of presentation but was full of content. I think if they chop out a few topics and tweak the style of presentation they will have a winner. A quick take-away was that you really need to identify what information needs protecting and start with making it secure, then work your way up through the other layers. It doesn’t make sense to protect your network if the data is sitting on a server for anyone on the network to access.
The next session for me was Content Awareness — A Cornerstone to Data Protection. This was put on by John Amaral from Vericept. This was all about protecting data as it flows across the network, across machines, and through your perimeter. Rather than just using IPS or IDS and constantly updating signatures Vericept has a similar approach that gives more control over what you are watching for and what you are protecting.
Last session of the day was “Telephone Defenses Against the Dark Arts” presented by James Atkinson. How could I resist a session with a name like that? It was EXCELLENT from start to finish. James went into depth about eavesdropping threats and other voice system insecurities. This guy knows his stuff inside and out. The session was only slated for an hour but he ran for over 2 hours but the best part was that no one left. That is when you hav a great presentation. I will have to do a seperate blog post about some of the stuff he covered, but be afraid, be very afraid!
Filed under: Uncategorized | 1 Comment