Last Saturday (3/13) was the first ever B-Sides Austin unconference event, and what a great event it was! We were able to successfully pull in excellent, engaging participants from across the state for a really fun and educational time.
The event was made a tremendous success thanks to the hard work of Jack Daniel, Todd Kimball, and unconference specialist Kaliya/Identity Woman, who joined us from Unconference.net and the Internet Identity Workshop (IIW).
Not to be outdone by Anton, I thought now was probably as good a time as any to finally sit down and knock out some of my quick reflective thoughts on the week+ of RSA 2010. For those who don't know me very well, my RSA week is always a long one as it's preceded by ABA meetings (InfoSec Committee and eDiscovery and Digital Evidence Committee - see my after report here), as well as now including the annual MiniMetricon on the Monday that the conference starts. Add to this blogger responsibilities for meeting with vendors, surveying the expo floor, and attending a few sessions, and, well, the week tends to fly by.
Overall, I found this year to be quite positive and energetic. People seemed to be moving so frenetically that we all shared a common complaint: "gosh we're tired!" In part, I have to think this exhaustion was cumulative, not just from the conference itself, but as a result of dragging our sorry tails out of a miserable 2009 through the break clouds into the emerging sunshine of 2010. Based on my observations, it seems like 2010 stands to be a very good year... but I'm getting ahead of myself...
Hey everybody! BSides Austin is almost here - are you ready for it?!? Here are a few housekeeping notes:
* Everybody is welcome - the event is free!
* If you're attending and have a talk you'd like to give, post it here!
* Please register for the event so that we'll have a better headcount.
* PLEASE pre-register for the special "Hackers on a Duck" evening event. There is a hard limit of 40 people, and we MUST provide them with a count first thing Friday (3/12) morning.
That's all from here. Hope to see y'all there! :)
This year's conference has been much lighter than last year. The dark cloud of last year has lifted from the expo floor. Delegates, vendors, and speakers all seem to be converging on a much healthier, less-hyped message. Despite all the todo over cloud and APT (which some of us hope to rebrand to Adaptable Persistent Threat), there also seems to be a healthy notice that holistic is a good thing. :)
There's really not a whole lot to say about things. I've seen a TON of business being done, which is a drastically marked change from 2009. Business deals galore mean good things in this space. Add in the apparent push toward increased government transparency, such as through this week's declassification of the Comprehensive National Cybersecurity Initiative (CNCI) and the picture looks increasingly positive.
I'll write more in a round-up post after the conference is done, but suffice to say, I now feel quite bullish on the industry, even if innovation is still trailing.
It's already Wednesday morning, which means the first full day of RSA 2010 is in the can and quickly receding into the past. Overall, things are fairly standard quo again this year. Sessions galore, vendor keynotes, and a busy expo floor. This last point is perhaps the biggest difference from 2009 in that the expo floor is, in fact, quite busy. My impression is that a lot of realistic networking and lead generation is happening this year.
Before I hit themes, one tidbit of interest. I spoke with a couple guys from Boston who specialized in financial fraud. One of the fellows had calculated the cost of doing a wholesale revamp of the card infrastructure to be about US$12B. That is far more than the card brands are eating in fraud costs today. Moreover, today the merchants bear most of the fraud burden, whereas the cost of a complete infrastructure overhaul would be primarily borne by the card brands (although these costs would obviously be passed along to the banks, merchants, acquirers, processors, customers, etc.).
Where has all the innovation gone? I was very much looking forward to talking to the startup vendors selected as finalists for this year's Innovation Sandbox at RSA. After last year, I suppose I should have set my expectations a little lower, although realistically it would have been impossible to set them low enough to avoid some level of disappointment. Because, quite honestly, I was quite disappointed.
Of the 9 finalists, 6 had "cloud" point solutions, largely targeted to the hypervisor, with one that did some funky inline crypto stuff that made me wonder. 2 finalists had "new" authentication approaches, which were sort of interesting, but they didn't solve the larger problems with authentication. The 9th finalist was also potentially interesting in that they provided a nice visualization dashboard for risk management, but the biggest downside was that all data had to be independently entered. There was no integration with any GRC products, and so while it looked pretty, it wasn't overly sensible. So, yes, I was a wee bit disappointed.
Continue reading "RSA 2010 - Innovation Sandbox: Not Really Innovative" »
The Saturday and Sunday preceding RSA has historically been set aside for the annual meetings of the American Bar Association (ABA) Information Security Committee (ISC), and now it's sister eDiscovery and Digital Evidence Committee (EDDE). This year we had very good discussions, particularly on the ISC side of the house (admittedly I spent more time there than with EDDE). There seemed to be some very interesting themes that were either new or escalated from previous years.
By the way of a little background... the ABA allows non-lawyer Associate members to join and participate in certain committees. The ISC is a perfect example where non-lawyer SMEs work directly with tech-savvy or tech-industry attorneys in partnership to help benefit the entire industry. EDDE is aligned along the same principles, but with a narrower focus.
Continue reading "Annual ABA ISC+EDDE Meeting After-Report" »
I had an interesting conversation on the plane last week with a retired choir director/professor who had recently experienced fraudulent charges on his bank account. As I had disclosed my profession, he wanted to know how this could have happened and I struggled to answer the question in a way the he - a non-techie - could easily understand.
The conversation made me wonder once again: what should/can we reasonably expect the average person to understand? Do we really need to reduce to the lowest common denominator, or do we at some point draw a line, with the caveat that a certain percent of the population will never "get it"? If so, what percent is reasonable and appropriate?
Continue reading "The Need for Consumer-Oriented Intervention" »
The 2010 RSA Conference (USA) is nearly upon us, kicking off next week Monday (3/1) at the Moscone Center in San Francisco, CA. I will be making the annual trek out there, with a similarly rigorous schedule once again (ABA mtgs Sat-Sun, MiniMetricon Mon, BSidesSF Tu-We, RSA Mo-Fr).
One major change this year (this week!) is that I'll be hopping on the LAW-401 panel at the last minute, substituting for a friend of mine. The panel is 9am Friday morning (I know, yikes!), but just in case you might be interested, here are the details:
LAW-401 Digital Forensics vs. Security & Encryption
Session Abstract: From self-encrypting drives to auto-wiping media, advances in data security present unique challenges to accurate and effective forensic evidentiary collection. Failure to anticipate the ramifications of encrypted or secured data can result in a complete breakdown of the digital forensic process. The panel will discuss current devices, legal challenges and capture solutions currently used in the field.
This is very cool. I've been saying informally for several years that I viewed micro-generation as the wave of the future. I figured that businesses would be the first to adopt technologies that go into buildings to make them essentially self-sufficient for power generation. Well, that ideal is now much closer to reality. Meet the Bloom Box:
