Fresh back from the conference, an interesting few days, but still came back with the feeling that I was trying to be sold something.
Not a problem if I'm brave enough to head to Infosec 2011 as that's what you'd expect, but where some people would have paid £975 for a conference ticket I'm not convinced they got the balance right.
The initial keynotes were that rather worn message that ‘Security is not an IT problem, it's a people problem'. Subsequent keynotes then all tried to subliminally sell me technology to solve the people problem. Where does it stop?
The industry right now is hitting an equilibrium. Any spend on any security technology should be seriously reviewed against the actual benefit it provides. Any spend on people should force the question as to whether or not that person will adhere to and respect security in your organisation. Does that person understand the responsibility that comes with privileged access rights? Has your HR department done a good enough job in training that person and providing appropriate ongoing security awareness?
Conferences aren't a bad thing – they're a great opportunity to mingle with your industry peers, but I desperately wanted to learn something new.
The summit of the year for me has to be the Gartner Security and Risk Management event in London last month. The cost is high, but I was learning something new in more or less every session. Each is based on up to date research by Gartner analysts and far exceeds some of the canned presentations I saw at RSA, that have to be submitted and approved by the conference committee something like 6 months in advance. A lot can change in 6 months, but more importantly, chances are I've already heard it…
In planning for the ISSA-UK Security Conference in 2011 I'm already learning a lot – you'll hear about lots of fresh research, learn about new things and won't be needing coffee at £4.85 a cup (thank you Mr and Mrs Hilton) to keep you awake.