FSP Event In Toronto

I spent the day today at the Federation of Security Professionals fall event.  A day well spent with an array of friends, colleagues, speakers and vendors.

Barry Lewis of Seccuris opened the event with a pretty good keynote address.  He recalled the changes that our industry has undergone, and paralleled some of the cyclical changes that seem to go back and forth over time.

Leo Thrush led the presentations with a great session on Selling Security To Decision Makers.  Leo spoke at length about his 30 odd years of experience talking security and its benefits to the C-level crowd, and how that conversation differs with heads of state and army brass.  Plenty of food for thought for any of us that have to propose ideas and have the scars on their knees from multiple budget rounds of begging and pleading.

Mike Hortobagyi from Bell Canada did a good technical demo entitled Enabling Virtualization and Cloud Mobility.  He offered some sage advice while showing off some Citrix and other virtual solutions.

CA’s Michael Geraats presented Better Fraud Management with Data Profiling, and showed how their suite of recently acquired products can aid in identifying suspicious activity by monitoring shifts in behavior patterns.

I was pleased to see Rick Dales, now with Proofpoint on stage, Addressing Modern Day Targeted Attacks.  I know Rick from my time at Symantec, and his ability to present and share information still doesn’t disappoint.  An interesting discussion ensued regarding the ease of building a profile of a victim before launching a targeted attack.  You would be surprised how easy it really is.

Peter Cresswell who has recently returned to trend Micro closed the series of seminars with a walk back through a 4 year old predictive presentation previously delivered at another FSP event.  He showed how “even though I told you it was there, you still stepped in it”.  If you think your existing logical security controls are ready for a virtual environment, you might want to do some research.

All in, I rated this event as an 8 out of 10.  Well worth the time invested, and the price remains right, totally FREE.  My hat goes off to the long list of vendors who front the costs of the FSP events, and keep it available to a wide audience.  There were over 200 attendees this time out, and I hope that we see an even greater turn out in the spring.

Huge Thank You to those dedicated people that organized the venue, the food the vendors, and the rest of the event.

SEC Asks US Businesses To Come Clean On Attacks

Publicly listed US companies have been asked to disclose when they’ve been hacked, according to new guidance from the Securities and Exchange Commission.  These new guidelines come as large and trusted companies are becoming victims of cybercrime.  Companies are expcted to no longer hide online attacks if an attack could cause financial damage to the company or mislead potential investors.

Sony warned users about another attack against PlayStation and Sony networks this week, compromising 93,000 accounts.  Citigroup was breached in June, and the data of 360,000 accounts was exposed.  Then of course, there were the well covered attacks on Google, the US Air Force, the International Monetary Fund, RSA, Defense Contractors, Retailers, the list of recent incidents seems to go on and on.

Billions of dollars in cash, credit cards, and intellectual property is being stolen by criminals online, and investors have been kept in the dark.  This guidance is supposed to change everything.  Unfortunately it is only offred as GUIDANCE, not REGULATION, so I personally am not expecting much compliance here, but hope that companies start doing the right thing and start showing us all that we are under siege.  Until the problem is shown in a clear light, and the public can see for itself the enormity of the problem, little will happen to change the perfect storm that is swirling around us all.