Late April was highlighted by my first trip to Infosecurity Europe in London. While I understand that this event received its fair share of criticism in the press for being past its prime, there were certainly aspects of the conference that made it worthwhile to attend. (In all fairness, I must disclose that the event was conducted by Reed Exhibitions, one of the many subdivisions of Reed-Elsevier, which owns Infosecurity magazine.) Hopefully my relationship with the organizers will not cloud my objective judgment of the event on the whole.
Let’s start with the exhibition. The show floor was both busy and manageable. There was so much to see, do, observe, and educate one’s self with, but the size and number of booths was not so daunting that it couldn’t be covered in one day.
Now, at least from my perspective, comes analysis of the most fundamental component of such a trade show: the educational programs. In all honesty, I have mixed feelings about the educational components of my first Infosecurity Europe. I have linked, where applicable, to any news coverage Infosecurity provided for these sessions during the event.
Certainly there were useful informational offerings that I attended, the most enlightening being the Business Theatre sessions. These discussions were brief – no more than 45 minutes including questions – and focused narrowly on a particular topic. The length was perfect for anyone who wants to learn, but perhaps finds their mind wandering after a short time. While some sessions did come across as commercially oriented, speakers in most of the sessions I attended went out of their way to limit any commercial pitch.
One session conducted by the head of fraud, risk and security at Vodafone imparted startling numbers about how easy it is too loose a smartphone when compared with a laptop, imparting just how vulnerable business data can be on these smaller devices.
Perhaps the most intriguing session I attended throughout the entire show was Ian Mann’s presentation on social engineering. The author of Hacking the Human provided several anecdotes as to why the largest security vulnerability in any organization is likely the humans tasked with maintaining a particular system. It was entertaining, informative, and eye-opening.
In my brief time with Infosecurity, it has become quite obvious to me that many in the security profession prefer to use Apple products for their own personal computing devices. Perhaps it’s the security advantages, or even ease of use, but there is no denying the overwhelming preference that security professionals have for the company’s products.
With this in mind, I make it a point to attend any session that delves into Apple or Mac security, and ESET’s David Harley provided just such the forum during his business strategy session. What Harley noted was what many in the security profession already know: threats to Apple products and operating systems are undoubtedly available, in great numbers, and the company’s reputation for secure products is really a matter of perception. Harley illustrated the very large gap between this perceived security “safe haven” that Apple seems to offer and the actual landscape of threats that aim to threaten the company’s products.
Now, it’s time to discuss the negatives. I could be jaded by my experience at RSA in San Francisco, where star-studded keynotes and panels are the norm. But I must say that the keynotes I attended during Infosecurity Europe lacked both novelty and charisma. I found myself thoroughly uninterested by the keynotes I attended, which is quite unfortunate. Even keynotes on topics I thought would be interesting beforehand turned out to be major disappointments.
Then came the final keynote presentation I had penciled in on my schedule: “Cyber Warfare – War Stories from the Front Lines”. As I made my way toward the keynote theater, I couldn’t help but take notice of the line snaking its way all the way down the stairs and into the main exhibit hall. With this sort of anticipation and interest mounting for a session, I thought to myself that I was finally onto something.
And like a duo of white knights come to save the day, Marc Kirby and Sean Hanna conducted what was easily the most entertaining and informative keynote address of the week. Keeping alert during this session was hardly the problem; the hitch for these two was getting around to addressing as many of the audience member’s questions as was possible in 75 minutes.
Rather than boring the audience with a lecture-like recap of cybersecurity incidents, these gentlemen went around the room and allowed the listeners to dictate the direction of the presentation. The audience fired questions at the duo and picked the brains of two of Europe’s foremost cybersecurity experts for more than an hour. The room was packed, the questions were nonstop, the banter was both informative and lighthearted, and I was thoroughly thankful that I had not missed this presentation.
So my first trip to Infosecurity Europe was, overall, a mixed bag. The location was outstanding, the educational program was lacking in some areas, but the show floor was vibrant. I hope to go back next year, if, for no other reason, to see whether Infosecurity Europe can exceed my expectations the next time around.