Me and My Shadow Hit InfoSec 2019: Here’s What We Heard
I recently attended the 12th annual Central Ohio InfoSec Summit—my fourth InfoSec event since returning home to Ohio from DC and shifting from the public sector to commercial sector practice. It was a unique event for me as a speaker and mentor representing the Columbus Collaboratory.
The jam-packed two-day event started on Thursday when I met my student “shadow,” from the Eastland-Fairfield Career Center’s high-school cybersecurity program. Together, we attended the student tracks, which were designed to help those interested in the cybersecurity field to absorb as much knowledge as possible. She had a great day and was especially excited to get a chat and photo in with Paula Januszkiewicz, aka PJ, aka Paula J, the opening keynote speaker for the summit. My student “shadow” said, “It was an amazing experience! I learned a lot about the field, and this event strengthened my drive to pursue this career pathway. I hope I get the chance to come back next year.” Well done, PJ.
I later sat on that afternoon’s ethics panel presentation, “Ethics vs. Compliance: What is the difference and why is it critical for success in information security?” The topic was originally meant to be Donald Cressey’s Fraud Triangle, a framework designed to explain the reasoning behind a worker’s decision to commit workplace fraud. Then we planned to discuss the effects of pressure on ethics and compliance, but it quickly took on a life of its own when Helen Patton facilitated an audience participation exercise.
Ultimately, the discussion turned to ethics in technology, and it was clear from the standing-room-only space and fervid discourse that the cybersecurity community felt strongly and yet conflicted in some instances on ethics vs. compliance. So much so, that Central Ohio Information Systems Security Association (COISSA) organizers now feel this might be a track for development for next year’s summit.
This experience pushed me out of my comfort zone to explore the minutia of something that I’ve always taken for granted and made assumptions about as a manager, leader, and security practitioner. I plan to write a follow-up article on LinkedIn as a result, since I now feel the need to come full-circle on this topic as it relates to me. Talk about a powerful panel discussion. And did I mention that our ethics panel was rated 5 out of 5 (being best) by conference attendees?ヽ(•‿•)ノ
Another highlight of the event was when our Collaboratory Cybersecurity Assessment team introduced our NIST & MITRE ATT&CK crowdsourced initiative on GitHub to the greater community for assistance in mapping NIST security controls via CWE/CVE to ATT&CK. If you would like to participate, further information can be found here: https://github.com/ColumbusCollaboratory/MITRE_NIST. I’m excited to see where this endeavor takes us!
Lastly, on Friday, aside from knocking out a few CPEs in some great sessions, I was able to reconnect with old peers, make a few new friends, and seek out new opportunities as a practitioner, a mentor, and the Principal Consultant for the Columbus Collaboratory.
I look forward to volunteering with COISSA next year in planning for the 13th annual event. Maybe I’ll see you there!