Feb 22 2010
I need some help. I haven’t had nearly as much time to prepare this year for RSA as I have in the past. More accurately, I’ve had about the same amount of time as I’ve had in the past, but I’ve had several more projects to work on, including the Security Bloggers Meetup, the Security Groundhog Day panel and the Responsible Disclosure: It’s Their Fault panel. I’m doing my research on the companies I’ll be talking to at the convention, but I need more questions and would like to know more about what you want to know about the companies I’ll be meeting with.
My goal is simple: I have 30-60 minutes with each of the companies in my list. From that time with the CEO’s and security engineers, I want to ask the questions you have about them, their products and how they think they can solve the problems your enterprise is dealing with. If you have some experience with a company and want me to cut through some of the hype they’re trying to sell at RSA, let me know. When the conversation is over, I hope to have a 10-15 interview that I post within an hour or two and make available while RSA is still going on. And if you still have questions, I can circle back around to their booth and ask for more details.
- An as yet to be named person from Voltage Security to talk about the end-to-end encryption they’re working on with Heartland.
- ICSA Lab‘s Andy Hayter, Anti-malware program manager. As in testing AV products, not creating. Disclaimer: Andy and I work for the same parent company, Verizon.
- Pedro Bustamante Senior Research Advisor of Panda Security. I’ve been using Panda’s Cloud AV on several computers since last RSA and it’s worked well for me; does anyone have different experiences? It will be interesting to talk to Pedro after talking to Andy. (Edit: I originally called Pedro the CEO of Panda, Juan Santana is actually the CEO of Panda)
- Xceedium Interim CEO Dave Olander. Xceedium specializes in access control and helps meet with a number of PCI requirements.
- Jan Heichart, CEO of Astaro Internet Security. Astaro has long been a friend of the podcast they’ve recently made a good decision in putting Jack Daniel in charge of Community Development.
- Agiliance‘s Ed King about GRC (Governance, Risk and Compliance) I’ve only seen a couple of company’s use a GRC solution for PCI, so I’m interested in Mr. King’s take on it.
- Kaspersky Lab‘s Roel Schouwenberg, who I missed in the list first time through.
- Lunch with F-Secure, then off to the Security Groundhog day panel and the only block of time I have to walk the floor this year. Anyone I should have a 5 minute talk with while I’m there?
- EMC Breakfast, an overview of some of the more public projects EMC is working on.
- Hord Tipton, Executive Director of the ISC2. As a CISSP, I’m curious how Mr. Tipton feels they’re helping me, other than adding more letters behind my name.
- The Responsible Disclosure: It’s Their Fault panel. I’m really looking forward to this panel.
- Jim Ivers at Triumfant. They’re conducting a Bring Your Own Malware challenge, I’ll be interested in hearing how it’s going.
- I’m going to run from the Triumfant meeting over to Security BSides San Francisco to see my friend Josh Corman’s panel on compliance. I say friend, but he may rip into me in general and PCI specifically during this panel.
- The Security Bloggers Meetup will take the rest of my afternoon and most of my evening.
- Starting the morning with the Disaster Recovery Breakfast put on my Securosis and Threatpost. I suspect many people will need this. They might be too tired to attend, but they’ll need it.
- Marty Roesch from Sourcefire – Snort was my entrypoint into the security world and I spent a fair amount of time with Sourcefire and RNA before becoming a QSA.
- Going to the Mykonos booth to get a demonstration of a ‘live hacking & sting operation’. No, I don’t really no what that means either, but it should be interesting.
- Meeting with Lancope CTO Adam Powers and a couple of their customer/evangelists. They used the magic words PCI to get my attention once again.
- Finally, I’ll be meeting with Archer Technologies to talk about their GRC solution.
Then it’s home to collapse in a quivering heap of exhaustion. It may not seem like a ton from the outside, but when you get to RSA and actually try making this number of meetings, you find out how tough it can be. I learned last year to block off time to visit the show room floor or else it doesn’t happen. I’m going to be searching for end-to-end encryption and tokenization vendors in my walk about the floor and I’ll be taking some time to record conversations with them. If you have someone you’d really like me to check out, leave a comment and I’ll see what I can do. If I could clone myself, I could almost get to see all the vendors and friends I’d like to see, but I somehow know there’s going to be someone I miss. Did I already ask you to leave a comment if you have specific questions you’d like me to ask or companies you’d like me to look at?