Day 2. I'm a but wore out since I was up into the wee hours trying to get my new video blogging mess figured out. The process that I thought would be (encoding and uploading).....wasn't. But the part that I thought would be easy (quality of the HD stream).....was. Still trying to work out exactly why the .WMV looks and plays great, but the 30 fps playback in Silverlight looks like some chopped up mess. Could be the encoding was messed up, could be the 1,000+ security people on the hotel Internet connection, or that my Dell D820 is sputtering. I'll work on resolving this later, but the first test was partially successful.
For Day 2 at RSA, they flipped the daily agenda and today have the breakouts in the morning and the keynotes after lunch. This would have been ideal, had I not been up til 1:30AM fighting with Silverlight. I started the day by sitting in on my buddy Jeff Jones session entitled Linux vs. Windows Security: Updating the Debate. Jeff and Professor Richard Ford, from the Florida Institute of Technology, and an avid Linux user delivered the session. They had a really polite (and often humorous) discussion about the number of security vulnerabilities, the concept of vulnerability severity, and talked about things like Days of Risk. It was a great session and for those of you who want to have this discussion, Jeff is always ready and willing to do so.
Immediately after that session, I moved over to attend the session conducted by U.S CERT entitled Risk Mitigation Strategies: Lessons Learned from Actual Insider Threat Attacks, which was delivered by two of the smartest people in the world on the topic, Dawn Cappelli and Andy Moore. They've been conducting research on this topic since the late '90s and they have a wealth of knowledge in the area. You know this is a huge area of interest for me, since I think too often we focus our attention (and budgets) externally, when we have data walking out the front door. It seems as security pros we want to focus on the cool and sexy attacks, but really spend very little time mitigating the "low hanging fruit".
Gettin My Party On!
Yeah....well...after last night's video experience, and then working the Microsoft Info Booth for 4 hours, I was about all pooped out. I did manage to swing by the Security Bloggers party at Jillian's. Very well attended and I had no idea there were so many people who blog in this area. Bruce Schneier from BT Counterpane was there, as was Ira Winkler. I've known Ira for a few years and we see each other in speaker lounges at conferences or in the First Class lounge at the airport. After spending some time mingling amongst the illuminati of the security blogging world (your author excluded)....I hopped in a cab to attend an amazing event at the German Consulate, sponsored by the German Federal Office for Information Security and hosted by Dr. Udo Helmbrecht. I got the opportunity to mingle with some really great security minds here as well. The host was amazing and I really enjoyed being around the German community again. After about 90 minutes at this event, I was wore out! I decided to pack it in and head back. I had invites to another 3 or 4 parties tonight, but I want to be really fresh for tomorrow's sessions, since it'll be the first full day of sessions I can attend. RSA is absolutely about attending sessions and learning a ton, but it's also about networking with some great people.
I'm off to bed! Big fun day tomorrow!