Vanilla. I've just spent the last few minutes trying to think of the right one-word description of my impression of the Gartner Information Security Summit (or at least so far). And that word is “vanilla”. Not “vanilla” in a bad way, but “vanilla” as in delicious and satisfying, yet without any sprinkles on top. I came to this Gartner event expecting chocolate chip cookie dough, but I like vanilla too. Everything at this conference has been about practical advice – since Gartner's objective is to provide information and advice to their customers, they've been very successful. What I'm missing is a little pizazz: I want someone to go crazy and tell me that cloud computing is all hype, or that HIPAA is garbage, or that encryption is overrated. Even the keynote entitled “The Inheritence: Challenges to the New Administration in CyberSpace” by David Sanger didn't zing me (and with tantalizing words like “Challenges”, “New Administration”, and “CyberSpace” I was really expecting some zing). So here's the deal: if you want practical advice to help you perform your job or to make more convincing business cases for information security, come to the Gartner show; otherwise, if you want some wild ideas or envelope-pushing, look elsewhere. Interestingly enough, there are a lot of C-level types at this show, so next time you get an intimate moment with your CISO (which may be never), ask them what their favourite ice cream flavour is – I bet they will say vanilla. By the way, the last session of the conference is called “Worst Best Practices and Useless Useful Technologies Unmasked”. The session is described as “just-for-fun”, which sounds entirely un-vanilla to me; I can't imagine what the analysts could possibly have to say. — Dave Morgan, Director of Privacy Research at Camouflage Software Inc. Guest blogger for ComputerWorld Canada at Gartner Information Security Summit 2009 Regular blogger for Cogitatio Privatim by Camouflage