I spent a day yesterday at Cornerstones of Trust Conference conference here in Bay Area. The event was “a cooperative effort of the San Francisco Bay and Silicon Valley chapters of the Information Systems Security Association (ISSA); and San Francisco Bay Area InfraGard.”
Here is what I attended; they promise to post the presentations soon:
- “Compliance is Not The Same as Security” panel moderated by Robert K. West, CEO and Founder of Echelon One.
- “Head in the clouds, feet on the ground - The business side of security in the cloud” by Tim Mather, Security Strategist and Subra Kumaraswamy.
- "Why We Must Develop a New Model for Collaboration in Cyber Security: A Perspective on America’s Innovation Crisis", keynote by Pascal Levenson
- “Cloud Computing Security - Practical and Actionable Security Controls to Assess the Cloud Vendor” by Brian Koref , Information Security Officer at KLA-Tencor.
Do you know what amazed me the most about this event? Lack of tweeting! Back at RSA and BlackHat, you can see flashes of TweetDeck everywhere in the audience, if you look from the back. Here – you see a lone gunman…eh... tweetman :-) In any case, I invented” the hashtag “#cornerstonestrust” and took some notes; read them here (as usual, you have to read from the bottom).
The conference was fun, but I couple of times I had my “buffoon alert” tingled. For example, somebody said that Heartland is suing their QSA and, to the best of my knowledge, that is not true. Cloud sessions – both of them – were pretty interesting. I learned what is “cloud angst” and realized that despite CSA work, people are still creating their own cloud provider diligence sheets (hopefully, the upcoming version 2 will help). The innovation keynote reminded me of my ROTC training in PsyOps. Namely, when you push your message too hard, people just start doubting you (our ROTC colonel also cautioned us from ever saying anything like “I am not saying it because I profit from it; on the opposite…” :-))
In any case, the conference was a day well spent!