Convention focuses on ways to fight online crime

Secure360 is a convention that's all about figuring out how to prevent security exploits and the theft of digital information.

Former Whitehouse CIO Theresa Payton giving the keynote at Secure360
Source: Kate Anderson

Secure360 may not be the biggest "con" each year, but there is something special about an IT convention focused on Information Security, Business Continuity Planning, Physical Security, and Risk Assessment that includes a healthy dose of Minnesota Nice.

Secure360: The back story

The Upper Midwest Security Alliance (UMSA) has been the main force behind Secure360 since its inception nine years ago. One of the founders, Kelley Archer, has been instrumental in keeping Secure360 the happening event that it is. Archer is an adjunct professor at Century College where he teaches information security, and he's also an executive advisor to UMSA, and is an ISSA International recognized distinguished fellow, and openly professes his ability to social engineer the last dime from anyone.

Archer explained what made Secure360 unique: "DefCon and BlackHat focus on weaknesses and how to exploit them from a hacker's perspective. Secure360 discusses the same issues, but only to promote awareness, and learn how to protect against them." Archer then got to the meat of why Secure360 exists:

"There is a criminal element that spends much time trying to break things. Knowing that, Secure360 attempts to cover every aspect of security: ASIS, ISSA, ISACA, InfraGard, OWASP, ISC2, certifications, risk management, and educational opportunities."

Archer emphasized: "What's most important to us are the attendees. We try to provide a fun, educational, and meaningful conference that will appeal to everyone interested in information security."

Much of that responsibility fell on the capable shoulders of Lillian McDonald, the event's master of ceremony and the management team. What makes McDonald especially qualified is her vast experience with security issues gained as the executive director for Emergency and Community Health Outreach (ECHO), and a veteran news reporter for radio and television stations in the Midwest.

Keynote speakers

One of McDonald's tasks was to introduce the keynote speakers. Tuesday's keynote speaker was Paul Douglas. Douglas is a well-respected local meteorologist. His expertise does not stop there; Douglas is an author and entrepreneur with nine tech start-ups under his belt. Douglas paraphrased his keynote address as, "What's the long (long) range forecast for the upper midwest? What are the risks, and how can we make our infrastructure more resilient and storm-ready?"

Theresa Payton, former White House CIO for the Bush administration (2006 through 2008), gave Wednesday's keynote address. Security Magazine named Payton, now CEO of Fortalice LLC and co-author of two information-security books as one of the top 25 "Most Influential People in Security."

In her keynote address, Payton shared her experiences at the White House, and lessons she learned that might help other IT professionals responsible for information-security. During an interview, Payton told me organizations need to rethink how to defend cyberspace. Those most qualified to defend a company's infrastructure should be welcomed, hired, and not stereotyped as unprofessional.

Biggest complaint: Breakout sessions

The biggest complaint I heard while at Secure360 took aim at the educational sessions. There were too many good ones. People were going through serious angst trying to decide which ones to attend and which ones to miss. That task was made easier by a mobile app built specifically for the show.

The app included a Twitter feed that helped attendees determine who was going to what sessions, and if they missed a good one. All of the FBI sessions were well attended. I heard one person mention, "They're always good, lots of interesting stories."

Another session that drew a big crowd was the lock-picking demonstration. Babak Javadi has been picking locks since the third grade. From what I saw, it was obvious that Javadi knew what he was doing. Javadi mentioned that he helped create the US division of The Open Organization of Lockpickers and is heavily involved in the locksport community--competitive picking of locks.

Several attendees were able to try their hand at lock picking with Javadi showing how. If lock picking was not your thing, there were plenty of vendor booths to check out.

Babak Javadi demonstrating how to pick locks
Source: Kate Anderson

Vendors galore

More than 1,000 attendees over the three-day conference had open access to all the major vendors concerned about information security--from Accuvant to Zscalar.

Going for the swag bag
Source: Kate Anderson

Like most conventions, the race was on to see who could get the most swag. Case in point, the above gentleman with practiced dexterity easily maneuvered the McAfee bag away from the curious Symantec representative.

Encouraging and educating the Minnesota way

Before Wednesday's keynote, McDonald announced the winners of the Minnesota Collegiate Cyber Defense Competition. This annual event brought together security professionals and students for an all-day competition where experts attempted to penetrate virtual businesses protected by the student teams. Eight colleges entered the competition with Lake Superior College taking first place, and Alexandria Technical & Community College in second place.

As I passed a booth near one end of vendor row, I spotted the following banner, and decided to learn more

Source: Kate Anderson

about Sec.MN. I remember reading about a Secure360 session with an interesting title: Your Security Posture is Showing presented by Jacob Bernier and Patrick Tatro.

The two were sitting in their booth with ZZ Top-style beards, but would not betray their significance. They did tell me about Sec.MN, "Sec.MN is group of security professionals based in the Twin Cities dedicated to promoting security skills within the information-security community."

I never did find out if the beards were gone after their breakout session.