Hynes Convention Center, Boston, MA
Day Two: March 28, 2019
If you enjoyed reading about Day One of SecureWorld Boston 2019, hopefully you’ll dig this Day Two coverage. A shorter day, ending a little earlier, Day Two again featured two interesting keynotes and several more presentations and panels. I patrolled the expo floor once again, conversing with some of the exhibitors I had run out of time to chat with on Day One. The second day again kicked off with a full house attending its morning keynote.
Opening Keynote: Mark Stanford, SE Manager, Cloud Security at Cisco: “The Birth of Crypto Has Changed the Threat Landscape”
Cisco’s Mark Stanford delivered an interesting presentation covering cryptomining, cryptojacking, and cryptophishing. The topic was interesting, as he touched on some important points and made a few interesting comments, such as that criminals don’t want a cost of greater than 30%.
To keep costs down, cryptominers use your machines (and computing power and energy); and that’s just one corporate cybersecurity issue around crypto.
Cryptojackers, Stanford noted, don’t need to focus on bitcoin and can profit from targeting alternate currencies and exchanges. Stanford provided examples of pump and dump schemes in alternate currencies, including showing a graph of one that didn’t work out so well for the perpetrators.
Another major point made was that we’re witnessing a restructuring, that cryptocurrency is at the center of criminal economy. It’s ideal for money laundering. And it’s worth noting that law enforcement’s focus on bitcoin, the current currency of choice, is likely to just shift the criminal focus to alternate currencies.
The presentation closed with a few to-dos; a couple made it into my notes. First, watch for increases in CPU usage. And also watch your DNS logs.
In all, this presentation was interesting enough for a tech generalist like myself to take away some high-level themes and understand some of the details, while it was specific enough for the front-liners in the audience.
Lunch Keynote: Daniel Smith, Head of Security Research at Radware: “Game of Threats”
The lunchtime keynote from Radware’s Daniel Smith was a runthrough of 52 security threats accompanied by a deck of cards-themed slide deck. 13 types of threats (from Ace down to 2) by 4 examples of each type (clubs, spades, hearts, and diamonds). My notes for this presentation are sparse, but the presentation itself was entertaining, with examples of threats ranging from ransomware to botnets to DDoS to insider threats – the stories/examples were interesting and detailed, enough for a few articles by themselves. Smith did a great job of presenting interesting facts and stories, and he held the audience’s attention to the very end.
The Rest of Day Two
Beyond the keynotes, both days featured several breakout presentations and panel discussions. I spent a bit of time as part of an overflow crowd in the “Access Control – The End of the Password?” presentation where all forms of passwords and access difficulties and roads ahead were discussed. Other panel and presentation topics during Day Two included Zero Trust, GDPR, Recruiting and Retention, Endpoint Security, and more. Across both days, the security topics covered were comprehensive.
Prizes were handed out as the expo closed, before the final round of presentations and panels began. My personal takeaways were a broad overview of the security vendor landscape, a wealth of terms and acronyms that will allow me to converse more readily within the security landscape, and a desire to build on this knowledge at next year’s SecureWorld, if not sooner. Indeed, with the knowledge and contacts gained this year, in my role as an independent industry analyst, I’m considering working a cybersecurity market segment into my off-the-shelf analysis rotation plan later this year and perhaps pursuing a single-client project or two now that I’ve gained a sense of the industry sub-segments.
Note that SecureWorld has a full slate of events across North America this year, with three events in April alone – SecureWorld Philadelphia on April 10th and 11th, and events in Houston and Toronto later this month.