Earlier this month, I attended ConSec ’12 Consumerization of IT – Are You Keeping Pace? in Austin, TX. This year marks the tenth bi-annual gathering and it was a three-day event that offered attendees a choice of one of four optional workshops followed by two full days of sessions in three tracks. This regional conference targets attendees from Texas and the four surrounding states. Vendors were clearly visible in the exhibit area. The uniqueness that helps contribute to the continuing success of this conference is the hosting. Volunteers from four organizations act as planners, schedulers, marketers, logistics experts and hosts.
Without a third-party conference facilitator, this environment creates a level of intimacy and trust that does not exist in all conferences because you know that practitioners are doing everything for the conference. The focus of the attendees is around security, compliance or business continuity and that trust is important to them.
The organizations involved here are the Capitol of Texas Chapter of the Information Systems Security Association (ISSA), the Austin Chapter of the Information Systems Audit and Control Association (ISACA), the State of Texas Department of Information Resources (DIR), and the Capital of Texas Chapter of the Association of Contingency Planners (ACP).
For the workshop day, each of the hosting organizations facilitated a Bring Your Own Device (BYOD), all-day workshop. The four workshops were well attended by a specialized subset of the attendees for the remainder of the conference.
For the two days of the conference, three tracks were established, each focusing on Information Security, Business Continuity Planning or IT Auditing. Attendees registered for the sessions that they wanted to attend but were not limited to stay within any given track. Four general sessions were spread out over the two days, with internationally known speakers for each and 21 specialty breakout sessions were offered in the three tracks. The conference concluded with a final general session that was associated with yet another organization, the InfraGard Central Texas Chapter.
I picked up great and fresh information on the risks around BYOD, how to deal with the fear of BYOD destroying the enterprise, security and privacy in the mobile world and remembering that it is still most important to protect the data appropriately. I had the privilege of co-facilitating the Information Security workshop and presenting a session dealing with Security and Compliance in the Cloud. In addition to delivering content to the attendees, I was also an avid attendee and learned a lot during the sessions that I joined..
The key take-away from this conference is that you can find great value in a regional conference. The long-term benefit from encounters such as this, with multiple volunteer organizations, is the trust that you can develop with organizations and people. When your job is providing compliance or security to your clients and partners, you need to be able to depend on your trust network. The force multiplier for the value can come from having diverse organizations work together on offering a quality deliverable for a common purpose.
About the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO, +Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.