No matter what IT field you work in, staying on top of the latest technologies and trends is a must, especially in cybersecurity. Just as a good security plan requires continuous monitoring, a good CISO needs continuous learning. A top-notch security conference can be the most efficient and effective way for CISOs to stay current while networking with peers.
An “out-of-the-box” thinker, Pathik Patel is a Security Leader with more than 12 years of experience building web-scale security infrastructure and Director of Cloud Transformation and Security at Informatica. Pathik recommends two major events:
RSA | March 4-8 | San Francisco, CA
This is one of the largest security conferences and attracts over 42,000 attendees. The theme for this year’s conference is Better – better solutions, better connections. IBM Security’s keynote speakers Mary O’Brien, GM, and Caleb Barlow, VP of threat intelligence, share their experiences and lessons learned running a fully immersive cyber-range and working with organizations through difficult situations that challenge conventional thinking.
USENIX | August 14-16 | Santa Clara, CA
In it’s 28th year, USENIX Security brings together researchers, system administrators, programmers, and others to collaborate on the latest advances in the security and privacy of computer systems and networks. This event is heavily influenced by members of various Universities around the world. Although the talks and speakers have yet to be announced, last year’s talks provide insight on what to expect. Donna Dodson, Chief Cybersecurity Advisor at the National Institute of Standards and Technology, presented an insightful talk on Cybersecurity: Is It about Business or Technology?
Richard Reinders, Manager of Security Operations at Looker, has years of experience working in incident response and vulnerability management in a broad range of business sectors. Four events are on his radar for 2019:
INFILTRATE (from Immunity) | May 2-3 | Miami, FL
This is a deeply technical conference that focuses on offensive security issues. Unlike larger conferences, this private conference emphasizes technical connections between researchers on the cutting edge of cyber attacks. Attendees can expect to see what types of vulnerabilities are likely to have an impact in the near future (the automated domain-traversal technique used by the NotPetya worm was first presented by researchers at INFILTRATE 2015).
SANS | April 1-8 | Orlando, FL
The SANS Institute provides security research and immersive security training through a variety of conferences, smaller events, and courses. The event in Miami doubles as a conference, with networking opportunities and keynote speakers. New courses to be offered at the event cover Enterprise Threat and Vulnerability Assessment, OSINT, and Defensible Security Architecture.
ISACA | November 20-21 | New York, NY
This year, ISACA has partnered with Infosecurity North America for an event focused on cybersecurity and risk management. With this year’s lineup still to be announced, last year’s highlights included some valuable topics for CISOs and other cybersecurity leaders. Keynote speaker, Zane Lackey, presented the topic DevSecOps: How to Use DevOps to Make You More Secure and Richard Van Horn broke down Quantifying Technology Risk in Dollars and Cents.
Evanta by Gartner | Various Dates and Locations
Gartner’s reputation for unbiased research in the industry is unparalleled. Evanta, a Gartner company, holds one-day conferences throughout the U.S. and select international locations. These summits offer the unique opportunity to have access to some of the leading minds in IT, exchange ideas with peers, increase exposure to advanced practices and develop new personal partnerships. These executive summits are targeted to CIOs and CISOs to address forward-looking, real-world solutions to pressing challenges such as digital transformation, board engagement, and keeping the organization secure
As Deputy CISO for Levi Strauss & Co, as well as years of experience with major corporations like PG&E and Kaiser Permanente, Steve Zalewski has some valuable insight as to events worth attending this year. Steve keeps it short and sweet and recommends two events:
BSides | March 3-4 | San Francisco, CA
Bsides is not your typical organization or event. As a 100% volunteer-organized event, all attendees are encouraged to be participants in the two-day, open forum for discussion and debate. The event brings together “down in the trenches” engineers, business leaders, thought leaders, and executive decision makers. Rachel Tobac’s keynote “The Path to Infosec is Not Always Linear” looks to be an interesting account of her nonlinear path to infosec, starting with her background in neuroscience, through to UX research, live hacking, and starting her own company.
Gartner Leadership Forum | March 10-12 | Phoenix, AZ
Another worthy event by Gartner is tailored for CIOs and addresses the transition of the role from delivery executive to business executive. Topics will also dive into how technology and cybersecurity trends will change the role in the future. Richard Hunter, Distinguished VP Analyst with Gartner, will present the topic “Upgrade Your Business Model For the Digital Future” to discuss all the actions enterprises should be taking for the digital road ahead. The event also includes workshops such as “Keeping Your Strategy Real Through the Connected Continuous Plan” hosted by Gartner VPs Carolyn Damon and Heather Colella.
Need some reading for the flight to these events? Make sure you check out our ebook on continuous remediation - it’s a fresh approach to vulnerability management that will help take you reduce dwell times from weeks to hours.