NorthEast Annual Cybersecurity Summit

Подробнее о видео

NEACS - An Exceptional Information Security Conference E044 2024 11 25
A Bit of Security for November 25, 2024
Last week I participated in the Northeast Annual Cybersecurity Summit at Quinnipiac University, north of New Haven, CT, run by Michael Hiskey. It was a truly great information security event. I’m encouraged by this, because it opens an important venue for new people to get to know more about the field, and it provides a great opportunity for experienced folks from different domains to network and share ideas.
For background, I ran the first Gartner Information Security Conference in Chicago in 1994. We had about 300 attendees in total, ten corporate sponsors, and got very good reviews. Since then, I’ve participated in a few hundred such events globally. Here’s what makes this one stand out.
First, the speakers and panelists were practitioners. Vendors did not sell from the stage. Attendees got solid, unvarnished information from actual users; not second-hand reports prettified with marketing spin. And sponsors did not get the entire attendee list; they gathered leads from visitors to their display tables. That attenuated the annoying follow-up emails “Hello [insert first name her]! It was great to see you at …” Perhaps marketing teams could develop more relevant lead-tracking metrics that email addresses per sq ft of booth space.
Second, the speakers were senior enough to speak with authority. They discussed their decisions about organizational challenges as well as technical details. They could answer questions directly rather than needing to seek guidance and get back to us later.
Third, the attendees included senior-level executives as well as students in the field – in this instance graduate students in Quinnipiac University’s computer science curriculum, along with some of the professors. This provided a good range of questions for the speakers and comments in the conversations during breaks. Also, it allowed new entrants to see the variety of challenges in running an information security team, working with law enforcement, developing professional certifications, and making contact with practitioners. Also, registration was limited to qualified professionals. No sales, marketing, or business development representatives attended. This allowed the conversations to move openly without constraint or bias.
Fourth, the moderator collected questions via an app. This eliminated the nuisance of people grabbing the microphone to pontificate on their pet peeve, a common letdown for the speakers and other attendees. As Mike noted, the best questions often come from introverts. This impromptu groupware fixed that potential issue. Questions from the floor were not permitted.
Fifth, the sessions were brief – under 20 minutes. Speakers had to get to their key point quickly. Panelists had to plan to spend less than two minutes answering their questions, which focused attention. The goal was not airtime but information transfer. Note that the event was not a substitute for an in-depth discussion of a broad topic. Attendees got useful bits of information which could spark further conversations and research.
Finally, the venue was comfortable, with adequate lighting, decent acoustics, and enough seats for the approximately 200 attendees. The slides were easily visible from every seat and were made available to all attendees.
Sure, things did not go perfectly. The AV setup failed for a moment once or twice. The coffee ran out before breakfast ended and ran short during the first break. The line for lunch moved too slowly and some food ran out. That was fixed by bringing in more food – not just carbohydrate-stuffed snacks, either – during the next break. Some of the cybersecurity-focused volunteer organizations in the region weren’t able to participate, but those that did found the attendees eager for information and willing to join. All those problems are eminently easy to fix.
I do not know the next steps for this event. One challenge all conferences eventually face is balancing the vendor’s interest in accessing attendees vs. the conference organizer’s desire to maintain the high quality of attendees and speakers. Maybe a separate track for vendor presentations? Looking at you, RSA.
People may not think of Connecticut as a place that successfully integrates business, academia, government, and not-for-profits. In my experience Atlanta is the leader in the US. This event showed how well it can work here. Michael Hiskey of the CXO Security Forum did a great job and I’m glad I participated. I hope to see you at next year’s event.
Here’s the link for the event: - run by the CxO Security Forum. That’s our Bit of Security for Wednesday, November 20, 2024. I’m William Malik. Be safe!
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #securityconference #NEACS #CxOSecurity #BitofSec