Recently I attended InfoSec Nashville and BSides Augusta.
InfoSec Nashville 2023
Despite calling Nashville home since 2016, I only recently attended my first ISSA InfoSec Nashville conference. My expectations were exceeded by the event, especially with the opening keynote delivered by Robert Herjavec from "Shark Tank." While I'm not a regular viewer of the show and was initially unfamiliar with Robert, his speech was captivating. As the owner of a security company, his journey from a war-torn country to Canada, and eventually to starring in a hit U.S. TV show, is nothing short of inspirational. He shared intriguing insights into the future of security, particularly the idea of eliminating tier 1, a concept I'm still mulling over since there will always be a need for an initial level of defense.
Unlike at most conferences, I attended several talks at this one. Besides the opening, I was present for the afternoon keynote and a few other sessions before delivering my own at the day's end. The afternoon keynote resonated with me deeply, advocating for the hiring of entry-level professionals. The industry's skewed focus on seeking senior-level experts, as evidenced by LinkedIn job postings and the concerning average security professional age of 35, signals an unsustainable top-heavy structure.
However, hiring at the entry level isn't a panacea. Management must prepare a structured plan for these newcomers. I've seen many organizations lack this foresight, opting for senior professionals in the hope of minimizing their need for involvement. That doesn’t mean all entry level people are the answer. Maintaining a balance is crucial since many young professionals seek mentorship, a dynamic hard to foster in an environment composed solely of entry-level individuals.
The sessions I attended were enlightening, one on vulnerability management at a healthcare company stood out. Having developed a similar program for a mid-sized business, it was fascinating to compare approaches and scales, particularly seeing a dedicated team in action as opposed to one juggling multiple responsibilities.
The conference was overall a rewarding experience. It provided opportunities to connect with a diverse group of professionals and rekindle ties with acquaintances around Nashville.
BSides Augusta
As alluded to earlier, my conference strategy usually involves a "HallwayCon" approach, prioritizing networking and learning through impromptu conversations. This tactic led me to attend just one planned talk, aside from my own, at BSides Augusta. This event is a highlight on my annual calendar, coinciding nicely with a family visit to Columbia, SC, after the proceedings. What sets it apart is not just its impressive scale—with pre-pandemic registrations hitting 1,200 and around 800 attendees this year—but its distinct blue team focus, a nod to Augusta, GA's status as home to the Army's Cyber Command.
At a past ISSA meetup, I was taken aback when I was told attendees included members from the NSA, CIA, and Cyber Command —a moment that made me suddenly conscious of the powered on phone in my pocket.
I was extremely satisfied with the reception of my talk, now available on YouTube. My final presentation of this presentation will be at misecCON next month, where I'll have a full hour—a luxury compared to the concise 20-25 minutes at Augusta. While, like any presenter, I appreciate more time, I also value the challenge of a shorter format. It compels me to condense my speech to only the most crucial points, and enhance the chance of my talk being accepted.
The conference was, as expected, impeccably organized, and I cherished the catch-ups and new connections made. I’m eagerly anticipating next year's gathering!
Edited with the help of ChatGPT
This blog post first appear on Exploring Information Security