Cornerstones of Trust Conference

I attended this conference yesterday (called COT for short) and had a fun time. It’s always good to mingle with other security professionals, find out something about what’s going on in the field and try to see if I can get past vendors’ buzzwords and see if anything they’re saying actually makes sense. In fact, I ran into one of my instructors at CCSF, where he commented about the same thing. I think he commented about how vendors sell you security solutions that tend not to work, then a year or two later try to sell you more stuff that likely won’t work. But as I’ve said before, it’s always fun to get promotional swag which I did. Even if I’m going to have to clear out one of my dresser drawers and give away some promo shirts I have that I never wear!

I attended three programs. I missed most of the keynote speakers. Either I was trying to familiarize myself with the surroundings since I was a volunteer liason for an afternoon program or just schmoozing with vendors or other security folk. I attended a Networking program early on which was quite good. Even if the speaker’s jokes at times were forced, he made some great points. Especially about “giving something of value” to those you talk with. Another program attendee commented on those who talk with you for 30 seconds, then move on and leave you with nothing. No one likes them.

There was a panel discussion about revising your security strategy. Security managers from Adobe, Juniper and NASA spoke about the fact that the “bad guys” have infiltrated companies’ systems, so what can be done to make sure once they’re in, they’re unable to transmit info back to their own systems, “phone home” as it were. One attendee commented that we all need to coordinate better intelligence efforts so we get a better idea of who the “enemy” really is.

The last program was about malware and fraud. The speakers made an interesting point about how malware is like open source software. It’s created, folk add to it to make it better. Hey just like Open Source! Quite a concept..Open Source malware..but sometimes that’s what it really is.

I had a lot of fun yesterday. I was looking at the Twitter account of one of the organizers this morning. He called COT the “best SecConf you can attend.” While my preference is BSides (amazing what I learned there), he’s not too far off in his description of COT. I’m looking forward to next year’s conference.

On Thursday, I’m heading to OWASP’s meetup which looks to have some interesting program topics of its own.