IT threats continue to evolve and magnify in their impact and security professionals are constantly challenged to keep up with the trends and technologies to counter and mitigate such attacks. Cyberattacks happen with breathtaking speed and intensity as newer methods of attack are constantly invented by hackers. Risks are compounded by the use of new technologies based on open-networks and infrastructure like cloud and mobile computing. Also aiding the frequency of cyber-attacks is the increased use by employees of their own devices (BYOD) and public wi-fi networks.
Consequently, a security pro’s task of battling attacks is often hugely perplexing and always demanding. They must not only be aware of the latest available technologies, but also be informed about emerging threats devised by criminals to work around those same technologies. Repelling an attack is no longer enough — the need to pre-empt and prevent attacks is the need-of-the-day.
One way for security professionals to stay ahead of the bad guys is via attendance at security conferences. These gatherings cater to the needs of security pros allowing them to enhance their knowledge of security trends, available technologies, nature of threats and the best means to counter-attack. They are also great places to network with varied representation from across the globe meeting up to connect, discusses their experiences with security threats and the lessons learned from each experience and emerging best practices.
Unlike a typical IT conference, where meetings are scheduled with sales objectives in mind and participants are looking for leads on new business or a means to network with peers in the same business, IT security conferences are places of urgency with participants actively vacuuming up relevant information to use to formulate their own security strategies and procedures.
Relevant information and training is typically shared in straight-forward, hands-on visuals and demonstrations. For example, the 2010 Black Hat conference demonstrated on stage how an ATM could be made to dispense cash without using a bank card or pin. It showed that malware could be loaded into an ATM to gain unauthorised access both remotely and physically. Other conferences have demonstrated vulnerabilities of medical devices where hackers could remotely hack pacemakers to administer electric shocks, or hack insulin pumps to change insulin doses being administered to patients.
Anyone and everyone is susceptible to a security breach. No entity or individual is too small or too big to not be threatened. A large business firm, a personal device, or an entire IT application can fall under attack at any time.
At present, there are hundreds of conferences to choose from. If you are finalising a budget for conferences to attend, then it can be quite overwhelming. Based on representation and topics discussed, below are five essential conferences. Attending any (or all) of them will help ensure that you don’t fall behind on the latest news and best practices for IT Security.
Gartner Security & Risk Management Summit (Gartner)
Gartner is well-known for providing practices and strategies to help security pros maintain cost-effective security and risk programs designed to support digital business. Typical subjects presented include Cloud security, mobile device security, cybersecurity and governance, and Risk and Compliance. Although Gartner caters to security pros, all levels of employees can benefit from attending including network executives, risk and compliance teams, business continuity managers and even the upper-floor executives, CISOs, CSOs can gain insights into the technology and techniques to manage threats.
Since busy security pros can’t attend every presentation, Gartner offers access to recorded sessions for all attendees.
This year’s conference included hot-topic tracks on:
- Chief Information Security Officer (CISO) Program
- The Security Program
- Technical Insights: Security Architecture
- The Business Continuity Management Program
- Risk and Compliance Program
- The Marketplace for Security program
Gartner 2016 will be held June 13-16 at National Harbour, Md. If you are serious about IT security, Gartner is a good place to start.
IEEE Symposium on Security and Privacy (IEEE)
IEEE has been around since 1980. This is the premier conference for researchers and practitioners to share Industry developments and challenges in computer security and privacy. Topics discussed include mobile and web security, protocol security, forensics, malware and other unwanted software, and, of course, Security for the Internet of things.
In order to cover one or more specific aspects of security and privacy in detail, IEEE offers specialized workshops for attendees. Future attendees can even proposing workshops or follow updates on offerings. To do so, click here.
Scheduled workshops for 2016 thus far include:
- Privacy Engineering
- Bio-inspired Security, Trust, assurance and Resilience
- Language Theoretic Security
- Mobile Security Technologies
- Research for Insider Threats
- Learning from Authoritative Security Experiment Results
Registration for IEEE 2016 opens in February. The conference itself will be held during May 23-25 in San Jose, Calif. Specialized workshops will be held on 26 May.
InfoSec World 2016 Conference and EXPO (InfoSec)
InfoSec 2016 will provide education to all levels of information security and IT auditing professionals. According to InfoSec’s website, the conference will deliver “practical sessions that give you the tools to strengthen your security without restricting your business.”
InfoSec 2016 has something for everyone in IT security. 2016’s event will include more than 70 sessions, seven tracks, nine in-depth workshops (a number of them with actual hands-on learning), four co-located summits and an expo showcasing the leading vendors in IT security. The scheduled workshops include:
- Hardware Hacking Training (Hands-on)
- Testing the Incident Response Plan through Table-top Exercises
- Security Metrics and Scorecard
- Vendor Management
- Building a Cloud Business
- Vulnerabilities that get Companies Hacked
- Threat Intelligence
- Threat Actor Hunting: Finding and understanding your adversary (Hands-on)
- Enterprise Identity & Access Management Architecture
InfoSec 2016 will be held April 4-6 at Lake Buena Vista, Fla. In the event that one can’t make it to the U.S., or desires a European experience, InfoSecurity Europe 2016 is scheduled for June 7-9, in London. InfoSec Europe is Europe’s number one info security event with more than 12,000 attendees. The event will include more than 316 exhibitors, and offer more than 160 hours of free education.
RSA Conference (RSA)
RSA is the world’s largest info security event, drawing nearly 30,000 attendees, making it a perfect place to network. The best and the brightest in the Industry show up to present their research and discuss new trends, technologies, threats and preventive measures.
RSA also has a whimsical element that adds to the experience. Each year management selects a unique theme to develop and carry throughout the event with signage and materials designed to maximize the impact. 2016’s theme is “Connect to Protect,” meaning establishing connections between IT and other parts of an organization as a means to better address prevention and mitigation of security threats. Past themes included the Navajo Code Talkers, Egyptian Scarab Seals, carrier pigeons and even Edgar Allen Poe.
RSA also has a global footprint; RSA 2015 was held in Abu Dhabi. RSA 2016 will be held Feb. 29-March 4, in San Francisco. An additional event for Asia, Pacific and Japan is scheduled for July 20-22 in Singapore. RSA is fun and informative, definitely worth a visit.
Black Hat claims to be the “most technical and relevant global information security event series in the world,” and they do a great job of backing it up by giving attendees the opportunity to explore the latest in IT security research and development, all in a strictly vendor-neutral environment.
Black Hat conferences include global leaders in the field who share their latest exploits and breakthroughs to help advance the industry. Besides security practitioners, you will also see business executives, vendor companies, academia, and job seekers and recruiters in attendance. Attendees are able to obtain individual technical courses on topics ranging from “penetration testing to exploiting web applications and even defending and building SCADA systems.”
One unique aspect of the conference is the Black Hat Executive Summit, a full-day gathering of the Industry’s top executives and security leaders conducting open conversations and break-out sessions.
Black Hat’s U.S. gathering will be held July 30-Aug. 2, 2016, in Las Vegas. Black Hat Asia will be held during March 29-April 1, 2016 in Singapore, and Black Hat Europe is scheduled for Nov. 1-2 in London.
Not everyone can afford to travel vast distances to learn at the feet of the “Industry Giants.” Fortunately, India has a couple security conferences of note herself. The premier conference is organised by NASSCOM. The last summit was held on Dec. 16-17 in New Delhi. NASSCOM’s security gathering focuses on challenges and solutions dealing with various aspects of cyber security in India. Another noted Indian conference is the Nullcon Conference, scheduled for March 11-16 in Goa. Both of these conferences feature Industry leaders and deal with the latest in tech advances and emerging threats and are worth your time and money to attend.
Enhanced knowledge is a hugely important takeaway from these conferences, and attendance at any of them will give a definite boost to your security career as the Industry rushes to fill positions with trained IT security pros. Michael Brown, CEO at Symantec, the world’s largest security software vendor, said, “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million”.
This demand for skilled security engineers is not expected to come down anytime. In this backdrop of high demand and skyrocketing salaries, there is no limit to growth possibilities for a security pro equipped with the right kind of knowledge and Industry contacts.
Note: Dates and Agenda of the conferences may change at organizer’s discretion.