Day 2 at the Structure Security conference

I'll start this post with a huge thank you to the Structure Events team for putting on a top notch inaugural InfoSec conference. I really enjoyed participating in, and listening to, the journalist-lead discussions. What a great format. The content was spot-on, the speakers articulate, the production quality tremendous, and the organizers some of the best event professionals I've engaged with in a long time.

Day two didn't disappoint in terms of content. There were sessions covering security analytics, crowdsourcing, security automation, and even a bit more about machine learning.

There was also an insightful venture panel led by Charles Beeler, General Partner of Rally Ventures—he was joined by:

  • Asheem Chandna, Partner, Greylock Partners
  • Alex Doll, Founder and Managing Member, Ten Eleven Venture
  • Theresia Gouw, Co-Founder and Managing Partner, Aspect Ventures

The panel discussed the future of the cybersecurity market, noting that they continue to see marked growth in a number of leading edge technologies - namely those built around machine learning and orchestration.

The highlight of the day for was the presence of Bob Lord, Yahoo's CISO. Given the recent announcement of the breach at his organization, it would have been very easy for Lord to skip out on his session today. Instead, he joined the group as promised, and—while he stayed well within the legal rails during his 20-minute session, Lord was very candid and shared a lot of information that I believe help the audience get a feel for what it might be like to experience a breach. I've written a bit more on Lord's session in a separate ITSP Chronicle.

While not a breach, Brian Krebs' recent distributed denial of service (DDoS) attack is equally newsworthy, especially given the scale of the attack (~650GBps) and the method of attack (it was initiated by a set of remote-controlled video surveillance recording devices). In their session, Dale Drew, Chief Security Officer, Level 3 Communications and Andy Ellis, Chief Security Officer, Akamai, provided a view into what the future of a bot-filled Internet could mean to businesses and consumers alike. I plan to do a short write-up of this in a follow-up ITSP Chronicle. Again, stay tuned.

Another highlight of the day was the commentary from Dan Burns, CEO of Optiv. Dan shared many insights worth taking home. Here are two that I captured:

  • InfoSec platforms & orchestration are key buying criteria for both the enterprise and consumer markets
  • Subscriptions in #infosec are up 65% over the last, while traditional software and hardware purchases are on the decline

Last, but not least, there were in-depth discussions about the value of crowdsourced security by the founders of two bug bounty platform/service providers: Bugcrowd and HackerOne. As noted in my conversation with Laz on Day 1, the concept is genius and companies large and small are finding real value in this crowd-driven vulnerability identification market.