By Jim Reavis

I always try to plan a nice quiet week in the office after the RSA Conference and I am almost feeling back to my normal self.  When I was sitting in the bar at the W with a colleague on the Sunday before the conference started, another friend came up to us and asked us how long we had been in San Francisco.  “5 beers ago”, my colleague said.  Well, more than 5 beers later, here are some of my more memorable personal moments:

The Olympic Torch.  Who is responsible for this scheduing snafu, taking press away from Art Coviello?  A friend of mine went out to watch the torch go by, figuring that controversy aside, this is an historic moment.  He recounted standing next to two protestors, one of which was weary of the delays, asking his fellow agitator, “Do you want to keep protesting, or do you want to have lunch?”.  Lunch won.

Craig Mundie.  I enjoyed the End to End Trust keynote from Microsoft’s Chief Research and Strategy Officer, delivered fireside chat style with ACS CISO Chris Leach.  Mundie’s folksy, pragmatic view of privacy and strategy was interesting, and he showed humility in the face of the daunting challenge of E2E.  It is a big ship to turn around, but Mundie explained that MS has been working from the bottom up - you cannot argue with the progress made at the lower layers.  I also ran into several great security experts from Microsoft who told me a few years ago they would never work there.

GRC.  The Governance, Risk & Compliance “buzz-acronym” was bigger than I expected.  When you looked at the sessions beforehand, there was nary a mention of it, but it seemed every session referenced it, not to mention it being all over the show floor.  I guess it makes sense when you figure sessions were nailed down several months ago.  A CISO on my compliance panel put the concept of GRC best when he said he uses risk management to turn tens of thousands of vulnerabilities into just a few hundred that must be remediated for compliance reasons.

MSSPs are getting some scale.  I was pretty impressed by how much business the MSSPs have been pulling down in the last 12 months.  There is still a little too much compliance checklist services vs making organizations more secure, but you have to give the customer what they are looking for.  On a bizarre and twisted note, I ran into a former employee of an MSSP named Breakwater that I used to consult for a few years ago, and he told me that one of our colleagues there became a mass murderer.  For the record, I do not believe that managed security makes you crazy, but on the other hand I never had to wear a pager tied to an improperly tuned IDS.

Best Party.  I didn’t go to any parties, but I heard that Greylock’s had the best networking and McAfee’s was the most fun.

Michael Chertoff.  He seems sincere that it is different now at DHS, and the focus on cybersecurity is real.  The appointment of wiki guru Rod Beckstrom as the cyber leader is certainly interesting and I hope he brings some changes, but if Beckstrom doesn’t last, he won’t be the first entrepreneur who got frustrated by the DHS red tape.

Al Gore.  I had to catch a plane Friday and missed his closing keynote, but I did notice it was about 10 degrees warmer than Thursday, so I guess that was good for him.

Related posts:

1. Take Compliance Survey, Win an iPod or Zune
2. U.S. Government under Siege
3. Enterprise Data Protection Podcast
4. IT Compliance Institute Conference
5. Securing Vista: Here we go again

Posted by Jim.Reavis on Tuesday, April 15th, 2008, at 9:50 pm, and filed under Articles.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.