The Conference Season 2016: We’ve been expecting you.

2016 – what a year this is shaping out to be: The Queen reached her 90th birthday, the European Championships kick off shortly, The Olympics are around the corner and in a matter of weeks, the nation’s future as a member of the European Union will be decided – oh, apparently Jon Snow came back to life too.  The wave of optimism and excitement associated with these events surely pales in comparison to the start of the information security conference season.  Doesn’t it?  Perhaps I should get out more.

Joking aside, conferences offer a fantastic opportunity for our community members to catch-up with their peers, exchange ideas, listen to industry leaders and discover technological developments from some of the best vendors in the game.

The Conference Obstacle Course

Selecting which conferences to attend as a security leader is a challenge in itself.  In past roles I found myself being invited to an event on a weekly basis.  Once we’ve cleared out diaries, set our email to ‘out of office’ and committed to attending, we seem to have two diametrically opposite approaches to conference strategy from the CISOs I am friends with.  I won’t name names! 

We have the security guys who attend events and use their time as an audition for Supermarket Sweep.  They dash from stand-to-stand gathering freebies like there is no tomorrow.  How many USB dongles  and t-shirts does a man or woman need?

At the other end of the spectrum, we have the James Bond of the CISO world: stealthy traversing the exhibition centre avoiding their tickets being scanned at all costs.  The fear of follow-up emails being all-too-much for them.  *Note: I am disappointed with myself that I couldn’t find an Infosec ‘shaken but not stirred’ pun here.

I’ve polarised things, I am sure readers fall somewhere in the middle.  My point is that different people get different things from conferences; some come for an update on the latest threats and how to protect against them (on the subject of current threats, be sure to check out Zscaler’s Ransomware microsite.), some attend to meet with their vendors and suppliers, others for recruitment opportunities.  The t-shirts and stress balls simply add to the experience.  

This will be my first season with a role in the vendor space.  I am attending several major events, starting with Information Security Europe 2016 –  I have an action-packed diary for InfoSec and the event agenda looks great; perhaps I’m slightly bias as a member of this year’s advisory panel but I really do feel the organisers have struck the right balance across thought leadership, technical sessions and panel discussion.  Some good friends have slots speaking and I am looking forward to hearing from them.  I am also excited to catching up with customers along with several media engagements for Zscaler.

I spent last week overseas talking with security executives about how and where their organisations are adopting cloud services.  The approaches vary but the challenges do not: CISOs need visibility of all of their traffic, all of the time on all devices.  We can take one of two approaches to cloud:  Embrace the benefits and ensure our security solutions can scale and are appropriately placed or adopt the ‘security says no’ almost draconian approach to cloud which forces our businesses to adopt surreptitious roads to cloud which are generally without any form of security requirements analysis.

 If I don’t see you this week…

…then I hope to catch you at other conferences across the summer.  I am attending Blackhat USA 2016 and DEFCON 24 before returning to the UK for a series of local events and roundtables.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s