I didn't even know this existed.  Can't make this year but we'll see about next year.  Announcing to my user groups...

Thanks Tom for letting us know about this conference.  Let us know if you hear about anything interesting.

I wanted to let everyone know about the conference in the hopes that others might be interested (thanks Gene for the idea).  I guess I will have to give more warning in the future!  I'll take copious notes (not) and let everyone know the interesting tidbits I may pickup.

Very curious to hear about how it went, Thomas! Any major takeaways you can share yet?

I am working up a more formal summary, but I can say without any reservation that the best presentation was the one I thought would be the least interesting and was probably the least technical.  The presentation was by Christie Struckman of the Gartner Group and it was Titled, "How to teach your organization to think strategically about security."  The session was at the end of the day on the first day of the conference.  Her emphasis was on how to get team members to think "out of the box" so to speak.  She gave 3 methods: the socratic method, the debate method and Bloom's Taxonomy.  (As a former teacher I am partial to the last one)  

The takeaway from this was that one wants to get your team to continually ask questions in order to come up with better answers.  I will delve more deeply into this when I finish writing up my summary.

That sounds great, Thomas! I'm a huge fan of the Socratic method (to the point where I get worried some people may try to poison me one day... j/k ;-) And thinking strategically about anything can be quite a challenge, but an increasingly important one as more and more of the tactical type work is moving entirely into automation.

Not familiar with Bloom's Taxonomy; I'll have to go look that one up...

Looking forward to the summary!

My summary of the 20th Annual New York State Cyber Security Conference & 12th Annual ASIA conference

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compliance issues with which they have to deal.  If those do not apply to you, this conference may have limited application as well.

I did enjoy putting some faces to people I had only corresponded with.  I also wanted to hear as much as possible about ransomware (these presentations turned out to be only okay), and cryptography (not a gripping presentation – it was a presentation of thesis work and ongoing research – but nonetheless very interesting).  They did a good job of setting  you up for the days events with a decent Keynote speaker.  The lunch speakers were not as polished, but did have good things to say.

I enjoyed going around to the vendors , even if their swag was not class A stuff. (some had excellent stuff while others had none – the full gamut)  

I have to say again that the highlight of the conference, for me, was the very non-technical, and only slightly security related talk by Christie Struckman of the Gartner Group, session 4 on the first day.  I would encourage anyone in a leadership position to check it out.  I have asked for her slides and will try to make a pdf of them available if she is amenable to that.  My takeaway on that talk was: There are leaders and there are Bosses.  The leaders help their teams think about solutions and then make decisions, the bosses make decisions and tell their teams to carry them out.  I think the quote she used at the beginning was excellent: