RSA Europe 2009

RSA Europe 2009 – Day 3 Recap

by kriggins on October 25, 2009

in Conferences

The final day of RSA Europe 2009 was particularly special to me since it was my speaking debut at an RSA function.

About 20 minutes before I was due to go on I tweeted "6 VMs, a slide deck and me typing...easy peasy :)." Surprisingly enough, it was easy peasy. I got through the deck, there were no technical failures and I didn't make a single typing mistake......okay, the last bit is a fib.

Things went well and I was able to demonstration most everything I wanted to. I am know looking forward to the audience feedback.

I did manage to attend a few sessions as well. I started the day out with "The Impact of Future Regulation on Risk & Security Management." The description indicated that the presentation would take a look at how future regulation might impact information security risk management. I was hoping for some possible guidance about what might be coming down the road, but that did not really appear. What was offered was a general implementation roadmap for any new regulation that might come along. Essentially, it was; study the new regulations, review current governance, define awareness, revise policy where appropriate, revise processes and controls as needed and review and consolidate. Nothing earth shattering, but not a bad plan either.

I next sat with James DeLuccia, who has some great recap posts too, in the "Can Virtualization Threaten Security & Compliance?" panel. This was a great discussion. One of those panels that you wish could go on well beyond the time allotted. There a great deal of good commentary about the impact of virtualization on security and compliance. Beyond the conversation, three things really impressed me about this panel:

  1. It did not turn into discussion about cloud computing although cloud computing was covered where appropriate.
  2. The panel members were all very respectful of each other and the audience.
  3. The panel was prepared and ready to discuss the topic.

The information was flying fast and I was too busy paying attention and participating to take good notes, but  a few things that stood out were:

  • Shadow IT - How are we going to enforce standards, policy and achieve compliance when anybody can fire up a virtual machine either internally or via a cloud service?
  • Server mobility is a real issue - What if the regulation you need to comply with says your machine has to stay in a particular location? How are you going to check that? How are your going to enforce that?
  • Inactivity/sprawl/licensing - Virtualization give us the ability to rapidly provision servers and, in a lot of cases, without the active participation of an IT worker. How are we going to deal with sprawl? How are we going to manage licensing? How are we going to keep on top of active vs inactive virtual machines? How are we going to deal with inactive machines?

One of my favorite bits from the panel was from John Howie, Senior Director, Microsoft Corporation. He said, a bit paraphrased, "The greatest threat to infosec pros is the Chief Financial Officer." This was in reference to the lower cost of running them and moving the expense from capital expenditure to operating expense. These business drivers mean we will see more and more call for virtualization.

I did attend the closing keynote. The only real message was there needed to be better integrated controls and they let me get away with it.

I will be making a final RSA Europe 2009 post with my general thoughts, so I will close this one down now.



RSA Europe 2009 – Day 2 Recap

by kriggins on October 22, 2009

in Conferences

Day 2's recap is going to be rather short and for that I apologize. I spent a good portion of the day tweeking and twiddling with my presentation. My presentation went well. No technical failures and I got all my points across. I would have been happier with it being a little smoother, but over all, I am happy.

I did manage to take in one of the keynotes, "The Underground Economy." Andy Auld from SOCA and Keith Mularski from the FBI gave an interesting talk about how the computer crime economy works. They spoke about the different forms of malware and spam, digital currencies, exchangers and then talked about the organized criminal networks that they have come across. A very interesting talk even if a number of the slides where rather difficult to see.

The next session I attended was "Is IT Risk Management Just a Fad?". I expected a talk that would compare and contrast what I call "checklist security" and information security risk management. Unfortunately, that was not the case and I did not really take anything away from this talk.

They final talk I attended was the "Collateral Hacking" panel. It consisted of moderator Hugh Thompson and panelists, Andrew Nash from PayPal, David Ostertag of Verizon Business Services and Ira Winkler of ISAG. From the description, the panel was going to talk about what happens when your co-tenant in a cloud is attacked, hence the title of Collateral Hacking. Unfortunately, it quickly lost its way and ended up being far off topic.



RSA Europe 2009 – Day 1 Recap

by kriggins on October 21, 2009

in Conferences

Yesterday was the first day of RSA Europe 2009 and I enjoyed it a great deal.

I ran into Brian Honan first thing in the morning and Craig Balding shortly thereafter.

I attended both opening keynotes and they were well done.

I particularly enjoyed Hugh Thompson's presentation.  He spoke about gateway data. This is data, that by itself, seems innocuous. However, it can be used or combined with other data to get more data or more access. He was speaking from the perspective of the data that we often put in public spaces such as Facebook, Twitter, blogs, etc. He also mentioned how on-line behaviors can be used to infer additional information. He classified this data into three different types:

  1. Direct Use - Public data that can be transformed
  2. Amplification - Conversion of public data to private data by bouncing it off a person
  3. Collective Intelligence - Collecting and correlating information from different on-line activities to deduce private information.

The last was the most interesting. He is doing a study which shows how the activities of individuals on LinkedIn can often be correlated to significant future events in the companies the individuals work for.

The next session I attended was 'How Information Security Careers are Changing.' This was an interesting session that looked at where are profession started and where it is going. This biggest take away for me was that where our profession used to be primarily technical, we have started to see a shift to a more differentiated situation where we have technical specialists, generalists, consultants and leaders. This means we both have more choices and have to be cognizant of the choices we make as we navigate our careers.

Brian Honan's talk on stealing an identity using purely public information was very enjoyable. About a year ago, a journalist challenged Brian to "steal her identity" using only publicly available information, no automated tools and only completely legal means. Of course, he didn't actually steal her identity, but through the information he found online, he was able to get a copy of her birth certificate, a completely legal activity in Ireland. Pretty much game over at that point. The message here is to be very careful what you put out there because it a) never disappears and b) can be used easily by the 'evil hackers.' He then showed us a number of automated tools like and maltego that can make this process even easier.

My final session for the day was Craig Balding's Cloud Security talk. Again, very well done. His talk was a great overview of the issues that exist. Craig is an engaging speaker and stressed that the first step to being able to effectively use cloud services in as secure a manner as possible, is to classify our data. Yup, an old song, but a tune that is even more catchy when considering cloud computing. Unfortunately, I had to cut out a little early, but will definitely be catching the rest when the recordings become available.

The last event of my day was the RSA Europe 2009 Security Bloggers Meetup. I have already written my quick recap post of that one and so will not repeat it here other than to say that I really enjoyed seeing old friends, meeting on-line friends for the first time and making some new ones.

If you happen to be here and would like to say hi, send me a note at or @ me on twitter. I am @kriggins there.


Reblog this post [with Zemanta]


Blogger Meetup Logo

Last night was the RSA Europe 2009 Security Bloggers Meetup. It was held at the Fountains Abbey Pub in London, UK and was a complete success.

Dale and I showed up at the pub at 6:00 to start setting up. With the help of Melanie from eclat marketing, we were able to get everything ready on time.

People started trickling in around 7:30 and we eventually had 30+ people all having a great time enjoying the chance to relax and talk with their peers.

Things clicked right along and the last of us left around 11:00.

I enjoyed making new acquaintances and talking with a number of people in person that I have interacted with on-line.

I would like to thank Dale Pearson ( for his invaluable help in arranging things for the meetup. Without his efforts, the event would not have been anywhere as successful as it was.

We would also like to express our sincere gratitude to our sponsors who allowed us to provide nibblies and drinks: | | | |

We are already looking forward to next year and hoping to make it an even bigger success!

Kevin, Dale and Benny


There is a new post up on the RSA Security Blogger Meetup blog with a few more details and an action that needs to be taken if you are interested in attending. Go check it out.

Things Are Shaping Up



RSA Europe 2009 Security Blogger Meetup

by kriggins on August 26, 2009

in Announcement

Just a quick note to let you know there will be a Security Bloggers Meet-up at RSA Europe 2009. For slightly more detail, check out this post on the RSA Security Bloggers Meet-up blog.


Disclaimer: I am involved in setting this up along with Benny and Dale Pearson.