ShmooCon just wrapped after a couple of days of interesting talks on security. As always, it was a great set of talks. A few observations:
- This year, the team decided to remove a lot of the offensive “break it” components that have traditionally been the cornerstone of many security conferences. I think this is, by far, the best decision.
- I’m excited for the proceedings, which are intended to be approximately 1,000 word “papers” on each of the talks. The goal is to provide something more reference-able than was historically possible.
- More focus on defense, and especially things that are low-hanging-fruit. It still amazes me how much of this doesn’t get done in most organizations.
- A start at introducing data analytics into the process and familiar toolkit for security professionals.
Lots to think about. And some ideas to explore in the coming weeks and months.