On Monday, I registered. The schedule seemed light so I went to the Leadership talks. They were ok, but nothing to really write home about. I used the afternoon to catch up on work. But, I returned to the show for the welcome reception, really - free beer and food. This was the first time I walked around the expo floor. It is definitely a site to be seen; I liken it to a country carnival, where the various exhibits are competing for your attention. I actually have an agenda of exhibitors I need/want to see for various reasons.
Today though, was my first full day at the conference. I got their early for the "continental breakfast" but to me it seemed more like a lunch. Then, I got in the line for the keynotes. My impression of the keynotes was that I was at a concert; what with the lights and sounds. William Shatner's intro was very well done. I would have liked to have heard an emphatic denial regarding RSA's activity and the NSA, and the other talks were well done. I had a meeting with one of our corporate vendors at noon, then it was a full afternoon of talks:
- Establishing Trust After A Breach - I really thought this was how you work with your customers and the community-at-large after suffering a breach. It wasn't. To me, it was DFIR 101 and what to do.
- NSA Surveillance: What We Know and What to Do About it - this was my first time hearing Bruce Schneier talk and it was all I expected. It was very good, but I follow his blog, so there wasn't TOO much new here.
- The Seven Most Dangerous New Attack Techniques and What's Coming Next - By far and away, this has been the most popular talk I've been to. The room was packed. Period. And with good reason. Especially if you are a fan of the SANS guys. I am. More importantly, Ed Skoudis taught my Sec 504 class. I learned more from his office hours than the actual class. He's engaging, crazy smart, and gets his points across in a great to digest manner. This was definitely a great talk.
- Use Anomoalies to Detect Advanced attacks Before Bad Guys Use It Against You - there were a bunch of talks that I wanted to attend at this time slot, but I picked this one. This was a great talk, a little in depth, but I took from it some nuggets of practical information that I will bring back to the company to implement.