About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

03 March 2012

RSA Conference Day 4

I was surprised at the number of people who stayed for the last day, an even more surprised at the high quality of the talks. In the feedback form, I rated very session today highly.

The first two talks I attended revolved around hacking and application vulnerabilities. While I do not work much in the application space, most security attacks are based on application vulnerabilities, and thus highly relevant.

The first speaker, Jeremiah Grossman highlighted a particular issue with security spending in enterprises - the spending does not match the established estates or problem areas. I agree with his assessment and arguments, that it does not make sense to spend on firewalls or anti-virus when most attacks are due to bad coding practices.

The second talk, by Dave Aitel, argued that current arguments (both for and against) on cyberwarfare are misplaced, that it is not only about technology and tools, but about movements like Wikileaks and Anonymous, that the danger of cyberwarfare from non nation states are driven by profit and that the danger of cyberwarfare is not that Internet or power will be shutdown (since that would then stop the war also) but rather impact the logistical and economic infrastructure. And most importantly, Stuxnet was more than just a worm against nuclear infrastructure, it was proof that any industrial infrastructure could be targeted and shut down. It was the most rational discussion on cyberwarfare I have attended in the conference.

The last "talk" was more managerial in nature, looking at priorities of CISO's; I liked the practical nature of the discussion and the acknowledgement, that despite all the issues, only a few can be really addressed at a time due to resource limitations.

Hugh Thompson, hosted a more informal discussion on the psychology of decision making; it was entertaining, it was interesting but not very practical I suppose. Tony Blair gave the final keynote to close the conference; I thought it was too much of a political speech and not really relevant. It was very entertaining though.

The RSA Conference is the biggest information security conference in the world; and was definitely a great learning experience and I would be keen to come back next year.

No comments: