Tuesday, June 28, 2011

Security & Cybercrime Symposium

Slides from my presentation at the Security & Cybercrime Symposium are up.

I had a bit of a hectic day, having hosted the ISACA Scotland AGM in the morning, but I made it to Napier University in time to catch the majority of the speakers, as well as to present my piece on where we need to fix the problems with IT and Information Security.

Bill Buchanan and team did a grand job of organising the day - it was an excellent networking opportunity and had some thought provoking presentations.

  • Not with eductaion security professionals - we know this stuff - and not with developers - in general developers want to get this right...

  • It's persuading the business owners to give a **** about it, to sponsor it, to require secure code, to budget for it etc.

  • And to do this we need to get much better at talking their language. No-one in business is going to learn to speak IT Security, so we need to talk business risk, operational risk, real impact to the organisation.
Especially with the more technical approach the other speakers took (and the expectation that I too would go into technical detail) this talk went down very well :-)

The list of speakers was:

Tony Mole - Head of the Scottish Drug Enforcement Agency (SCDEA)
Ian Bryant - Principal Information Security specialist at HM Government
Fred Piper - Royal Holloway
Don Smith - Dell SecureWorks
Tabassum Sharif - Flexiant
Rory Alsop - Alsop Consulting
Mike Dickson - SCDEA
Alan Moffat - Scottish Information Assurance Forum.
Russell Scott - Scottish Police
Nigel Jones - 2Centre
Martin Borrett - Director of the IBM Institute of Advanced Security in Europe
John Howie - Head of Cloud Services within Microsoft plc