The trouble with InfoSecurity 2008 (and events like it)

Can you imagine having a conference intended to represent the Canadian IT security landscape and not have Symantec among the exhibitors? What about Microsoft? If you’re attending InfoSecurity Canada 2008, don’t bother looking for Bell Canada or RSA, either.

SecurityI almost didn’t notice the absence of these industry mainstays because the quality of the sessions themselves is pretty good. Much like SecTor, the upstart conference launched last year, InfoSecurity Canada seems to be gradually moving away from vendor-driven product launches and more towards education and training. Which is all good. But the overall lack of support (the only platinum sponsor is a consulting firm; McAfee’s a bronze) suggests these kind of events may face a struggle for long-term survival.

The easy argument to make here is that security should not be divorced from the rest of the business. In one session I attended, a gentleman who works for a provincial agency said his managers prefer to outsource their IT security, and he wondered how the speaker at one of the sessions would suggest he change their attitude. “I have no easy answer for you,” the speaker said, going on to recommend that somehow the security experts need to get in front of the CEOs and other senior managers, instead of preaching to the converted at events like InfoSecurity Canada. This would be interesting. Imagine if a Symantec – or even better, a Winn Schwartau, who is speaking at InfoSecurity Canada tomorrow – were able to get in front of the annual Davos World Economic Forum? If the economic impact of IT security breaches is to be believed, it shouldn’t seem so unlikely.

Of course, there will always need to be some focused education, training and even product showcases directed at IT professionals, but maybe that should be rolled into more general business events as well. If you’re developing an application that interacts with customers and suppliers, you should be thinking about security. If you’re moving toward a service-oriented architecture, you’d better make sure the data moving across that SOA is well protected. IT security is obviously not a policy directed solely at end users but something that should be embedded in the corporate culture.

What’s ironic is that security at InfoSecurity is, in a word, pretty lax. As always I quickly removed my badge (it looked horrible with my suit) whenever I didn’t have to be on the show floor and had no problem accessing session. If I had merely wanted to learn what I could from the speakers at the event, I could just as easily have avoided registration altogether. What if a hacker did that?

As much as we like to talk about “the bad guys” as though they’re not in the room, they very well might be in the room. To call them “bad guys” at all implies they have the desperation of a hoodlum holding up a bank, when in fact they are often highly intelligent people who would be very inclined to pursue some training and development on how the “good guys” are trying to defend themselves. The future of InfoSecurity Canada, and security events in general, will be determined by how well they provide the kind of information we can’t afford to let the hackers find out about.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Shane Schick
Shane Schick
Your guide to the ongoing story of how technology is changing the world

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight