I’m actually posting this from home. I was too tired to finish this in SF. Overall, I was very happy with the conference and the information it provided. It is hard to identify my top three takeaways for this conference because there was lots of information. I think they did a great job of balancing very complex and technical discussions with palette cleansing entertainment.
So, here are my top three take aways:
- The first take away is that we need to do a better job in software development to be more security minded. Of the top seven security issues, two of them had to do with insecure software coding (https://danataconference.wordpress.com/2017/02/15/the-seven-most-dangerous-new-attack-techniques/). Basic things like code reviews, and using third party source code scanning can make a difference. We need to look in our department for how we can be more security minded in our application development. ( https://danataconference.wordpress.com/2017/02/16/how-to-transform-developers-into-security-people/ )
- We need to more aggressively examine our use of privileged accounts and how we can better secure them. TLAs tied to primary accounts could be used for the most sensitive systems. Perhaps installing a PAM vendor? Need to look into this! (https://danataconference.wordpress.com/2017/02/16/privileged-access-management-unsticking-your-pam-program/)
- Finally, we need to develop more skills around coding to cloud based APIs. As more and more infrastructure moves to the cloud, we should help drive adoption by partnering with our infrastructure teams and helping them to build tools that our customers can use. ( https://danataconference.wordpress.com/2017/02/14/tidal-forces-the-changes-ripping-apart-security-as-we-know-it-rich-mogul/ )
So those are my top three take aways. I was very pleased with this conference. I don’t know that I would go every year, but every other year I think this would definitely be worth the time and investment.
Until my next conference, see ya!
Dan at a Conference 