Thursday, April 23, 2009

RSA Conference 2009

Columbus has long enjoyed a strong information security community, where some of our locals are asked to share their work within the global community of information security.  The annual RSA conference is an opportunity for people to share ideas and experience that will help to improve the state of the profession of information security.  One of the fun things about my job is that I get to be surrounded by lots of smart people thinking about these things and that I get to talk about some of what I have been doing lately.

Dan Houser of Cardinal Health co-presented a tutorial session on Monday entitled, “Building an Enterprise-Strength Identity & Access Management Architecture.”  Dan has long been helping organizations to build ways to identify their employees and how those employees can be given the access that they need to do their jobs properly.  This is a surprisingly complex topic, and I am sure that attendees now have some ideas that they will take back to their own places of employment around the world.

I have the pleasure of presenting two sessions this year.  In the first, I co-presented on Tuesday with Keith Fricke of the Cleveland Clinic.  Our topic was “Hands-On Incident Response Testing.”  We all understand that football teams win on game day because they have spent the whole week preparing for the game, and time before the first game preparing for the whole season.  Keith and I discussed a program that we have been running at the Cleveland Clinic that applies this lesson.  We construct a scenario and give an incident response team the ability to work through the scenario from discovery through resolution.  The program is an innovative way to train people who deal with high-risk situations and to keep their skills sharp.  My thanks to everyone who came to see us speak and who participated in the Q&A session afterward.  Steve Gruetter and company also deserve a shout-out here: thanks to the flexible and cost-effective option of renting space and equipment by the day or week at Platform Lab, organizations like Keith’s can run these drills off-site, separate from their production environments.

My second session is on later today.  I will be presenting research on how and where personal information is compromised.  Lee Ayres and I undertook this work to help information security practitioners focus their efforts not on the sorts of “movie plots” that we can dream up but on protecting against what is actually happening.  Dan Houser’s Security MBA program was the birthplace of this work—props to Dan for bringing people together to argue about things in a constructive way, confronting real problems that we have and giving us the motivation to collaborate to rise to the challenges.  The work is also being published formally in an academic journal, I/S: A Journal of Law and Policy for the Information Society.  A public version of the paper is available for download from my firm’s site: Using Science to Battle Data Loss: Analyzing Breaches by Type and Industry.

The time out here has been great.  San Francisco is a great city.  RSA 2009 is being held at the Moscone Center—which is to say takes over the Moscone Center.  I am staying about a mile away, at the University Club, at which I have privileges thanks to a reciprocal agreement with my own Athletic Club of Columbus.  Great opportunity to meet other folks from here and visiting from other clubs around the world.  And of course, finding a hotel with a squash court is pretty unlikely.  I have no trouble getting between my room and the conference; I got a week-long Muni pass ($24, good for unlimited rides on cable cars and buses throughout San Francisco) and ride the cable car that stops right in front of the Club down Powell, past Union Square, and down to Market Street.  From there it's a short walk down a few blocks to the conference location.  I need no car and I am not spending a fortune on cab fares.  Would that I could do the same between OSU campus and my office downtown.

While out here I have been able to speak with a bunch of other folks from Columbus who are out for the conference, as well as quite a few who have lived in Columbus.  Every single one has told me how great the time in Columbus was, and how readily he would move back.  This speaks well for our ability to bring people to town, but also shows that we need to create the opportunities here that will draw and hold on to the talent that otherwise might get away.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home