I’m grateful and honored for being invited to attend and present at a couple of particularly awesome hacker conferences next month, especially to soak up what others have learned so far this year. Here’s looking forward to learning from old pals and new ones, too.
GrrCON happens right here in the Midwest and is a closely coveted information security and hacking conference attended by a global audience. GrrCon provides the InfoSec community with a fun atmosphere to come together and engage with like minded people, primarily those who like to take things apart, put em back together to satisfy a curiosity to better understand, hack, and ultimately improve them.
They keep GrrCON small, limited to 1,500 attendees, in order to provide an experience that is anything but typical for these kinds of events. Whether you are a Fortune 500 executive, security researcher, industry professional, student, black, white, or grey hat, you will find something worthwhile at GrrCON.
I’ll be presenting Life, Death, and the Nematodes: Long live Cyber Resilience
Synopsis: The promise (illusion) of 100% Cyber Security has worn thin. While we continue to support the concepts of defense and prevention, Cyber Resilience goes beyond those measures to elevate our team’s awareness and emphasizes strategic response and preparedness for when incidents occur. Because they will occur. Making sure we’re prepared when they do is what Cyber Resilience is all about. Doing it well means opening our hearts and minds and learning to understand our own species even better than before.
ISACA is a stately oak of the information security industry, responsible for, among other things, administrating many information security industry standard certifications. From Wikipedia:
ISACA originated in the US in 1967, when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified a need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (then) Douglas Aircraft Company, incorporated the group as the EDP Auditors Association (EDPAA). Tyrnauer served as the body’s founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge of and value accorded to the fields of governance and control of information technology.The association became the Information Systems Audit and Control Association in 1994 and in 2008 dropped its long title and branded itself as ISACA.ISACA currently serves more than 110,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer, chief information security officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with more than 200 chapters established in over 80 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.
While there, I’ll be presenting InfoSec Needs Better UX: Blame TV Dinners
Synopsis: Intentional and unintentional messages sent out across US culture about privacy and security over the last 20 years are in direct contrast to those from the previous 200. Does this mean that entire generations have passed down habits both good and bad based on perceptions that may or may not have any meaning now? How can we address this cultural challenge in order to achieve a common view and forward the goals of business and operational resilience? We’ll take a brief but memorable stroll through the past to uncover some tracks we’ve made and share some ideas about inspiring others to shape better habits to protect themselves, their families, friends, colleagues, partners, clients, and the bottom line.