You can't secure what you don't acknowledge.SM

Thursday, October 12, 2017

Hacker Halted - a security show worth attending

I've been a big advocate of attending security shows in order to learn, network, and see/hear about the latest technologies. There are a ton of these shows each year - some are a good fit, others not so much. Well, there's one show that I just attended in Atlanta this week that's worth my mentioning and recommendation. It's called Hacker Halted. Put on by the EC-Council (Certified Ethical Hacker) folks, it's well-attended but not too big. I spoke with and exchanged business cards with several people from around the country. Word had it that around 2,000 people were in attendance. 

I saw several good speakers including one of the best in the business, Winn Schwartau, as well as the EC-Council's founder and president, Jay Bavisi. Jay shared some great points on the state of security, including how we're facing a skills shortage, not a labor shortage. I totally agree. There are many people working in positions of security authority and decision-making that don't really know a whole lot about security. It's learn as they go and that's bad for business, good for the criminals. 

Jay also covered the EC-Council's new LPT certification and about how penetration testing is becoming commoditized because of the assumption of vulnerability scans being "good enough" and overall ignorance of the process. Agreed! Jay also said that penetration testing often lacks professionalism, especially when it comes to security assessment deliverables. The emphasis is instead placed on shiny objects/cool tools and the prima donna attitudes emanating from many of the people who do this work. Love it! I see this all the time and it's hurting us and our field.

I believe Hacker Halted is usually in Atlanta. Check out their website and maybe I'll see you there next year.

No comments:

Post a Comment