Comments on: Security conferences http://blog.thestateofme.com/2009/04/30/security-conferences/ IT mixology and other thoughts about tech, life the universe and everything Fri, 03 Feb 2012 10:17:56 +0000 hourly 1 http://wordpress.com/ By: Ed http://blog.thestateofme.com/2009/04/30/security-conferences/#comment-179 Fri, 15 May 2009 04:11:50 +0000 http://thestateofme.wordpress.com/?p=92#comment-179 Certainly I find that thanks to the internet and search a lot of what I tend to read comes from academic sources and I’m not the only one looking there either:
http://zerodaydefense.blogspot.com/2009/04/why-hackers-love-academic-research.html

]]> By: Steve http://blog.thestateofme.com/2009/04/30/security-conferences/#comment-164 Mon, 04 May 2009 14:52:21 +0000 http://thestateofme.wordpress.com/?p=92#comment-164 Interesting question whether the focus is shifting from network to application security. My very biased slant on the answer is that it’s neither – the shift is that identity is becoming the fulcrum for enforcement decisions. Incorporating identity as a parameter allows for enforcement decisions to made on the transactional context – which encompasses both application and network tiers. But when you consider the shift in criminal intent, from malice and disruption, to outright thievery, it would seem that application security should take higher priority. Cisco made an announcement about how they are using cloud computing’s economies of scale to improve the accuracy of IPS. I am not sure that really resolves the problem.

As an analyst, I find the conversations and personal interactions useful at a general event like RSA. The sessions don’t provide much in the way of content.

]]> By: James http://blog.thestateofme.com/2009/04/30/security-conferences/#comment-160 Thu, 30 Apr 2009 11:02:53 +0000 http://thestateofme.wordpress.com/?p=92#comment-160 If you want to learn about security, I highly recommend attending local OWASP user groups. They are free, local and have a low signal to noise ratio…

]]> By: Craig Balding http://blog.thestateofme.com/2009/04/30/security-conferences/#comment-159 Thu, 30 Apr 2009 08:12:55 +0000 http://thestateofme.wordpress.com/?p=92#comment-159 Hi Chris

In my experience, security conferences vary wildly in their educational value. For applied learning, I favour eusecwest and then Black Hat (I hadn’t been in a long time and was pleasantly surprised by some of the talks just given at BH EU).

There may be other solid conferences that I haven’t been to, but those keep on givin’.

The more vendors present, the less likely the people I want to listen to will attend. I’m not anti-vendor (can be a lazy generalisation) but the larger the number, the lower the signal to noise ratio.

Are you moving on or just changing roles?

Enjoying your blog,

Craig

]]>