I am in San Francisco this week at the RSA Conference (which is apparenlty #rsac on Twitter). I will be speaking this afternoon at 3pm PT. The famous Adam Shostack (@adamshostack) is one of the track chairs, and his advice to me was, “give your metrics talk, under the guise of virtualization security.” Well, I’m paraphrasing, but talking about what security controls actually work has been an area of passion for both Adam and me for over a decade.
My talk title is “Controlling Virtualization Security Risks: Tips from the Experts”, but I will be presenting the results of almost 4 years of benchmarking work that I’ve done with Kevin Behr (@kevinbehr), IT Process Institute, SANS, Software Engineering Institute, Institute of Internal Auditors, and others. The goal is to be able say what controls really impact information security and IT operational effectiveness.
Contact me if you want a copy of the slides.
Also, Adam has done a fantastic job assembling some very interesting talks from some of the best minds in the field. You can see the track he’s assembled at his Emergent Chaos blog. And you can even download his entire track in .ics format, so you can view it in your calendar.
What a great guy!
Questions or comments? Feel free to send me a note on Twitter! I’m @RealGeneKim.