A Double Dose of Debate at May’s RANT Forum

A Double Dose of Debate at May’s RANT Forum

You lucky, lucky people. Not only is RANT gearing up for its second annual day-long conference in a couple of weeks (details here – and sign up soon, it’s nearly full), but this month’s regular RANT Forum offers a double helping of information-security plain-talking, as two experienced and respected professionals tackle a different hot-button topic.

First up will be Geordie Stewart of Risk Intelligence, whose presentation may well prove unusually provocative, even for an event that takes a certain amount of good-natured needling in its stride. Stewart’s RANT unpicks what may well be the key question for the industry arising from the Edward Snowden leaks. The scale of state surveillance described in the documents Snowden passed on to the press can only have been possible with, at very least, the turning of many blind eyes by large numbers of security professionals. This is an industry which has bodies designed to safeguard ethical principles, to facilitate reporting of illegal activity, and to maintain public trust and confidence: so what’s been going on? Has the profession lived up to its aspirations or has it fallen well short? And what does the future hold when it comes to co-operation between the security industry and the state?

The second speaker has his own views on the post-Snowden world, but the content of Trustwave Spiderlabs Director John Yeo’s RANT is focused on practicalities rather than policy. Yeo’s presentation, though, promises to be no less engaging than Stewart’s: it will be based around his company’s 2014 Global Security Report, published this week (and available to download HERE), which, Yeo tells the Acumin Blog, may well prove uncomfortable reading for some in the infosec world.

“The Report comes from our incident-response/digital-forensics investigations,” he explains. “It talks a little bit about some of the things that occur during a breach – what organisations get wrong, how they end up getting breached, what a breach looks like, what tools and techniques some of the bad guys are using. Because there’s so little information shared with organisations who do suffer these data compromises, there’s very little out there tha can help individuals who are tasked with protecting their extended enterprise to learn from the unfortunate mistakes of others.”

Trustwave’s data are, of course, anonymised – so if you’ve suffered a breach yourself and have had to call on them to help, there’s no need to shuffle uncomfortably and look at your shoes while John is speaking. “We won’t be looking in depth at any one breach, and I’m certainly not going to be talking about investigations or naming any customers,” he stresses. “But I’ll be looking at some of the aggregate statistics that help explain what organisations do well, or not so well, when it comes to responding to a breach.”

One of Yeo’s key themes will be to stress that one size never fits all. Enterprises need to assess their vulnerability to different kinds of data-breach risk before they can take meaningful steps to protect their information: if you’re not a government department or defence/aerospace contractor, you probably don’t need to spend a lot of time and money combating Advanced Persistent Threat attacks, and unless you’re a multinational conglomerate or you exist primarily to make political points you’re probably not going to attract the malicious attention of hacktivists. But one category of cyber crime is fairly pervasive – and it may never have been more timely to discuss it, within days of the announcement of the massive eBay data breach.

“The area we’re focused on, and where we spend most of our time with the investigative side of things, is financially motivated cyber crime,” Yeo says. “But it’s important to get across that financially motivated criminals don’t only care about payment-card data. They love that because it’s easy to turn in to cash, but any type of personally identifiable information is valuable to them, because it’ll either lead on to identity fraud, or it will increase the value of other types of data.”

After last month’s jaunt to Earl’s Court, we’re back in our usual City of London venue again on Wednesday (May 28th), with a free bar and food and all the usual banter and networking that goes on at the RANT Forum. Doors open at 5:30 with the presentations kicking off at 6:30. Admission is free but advance booking is essential: please contact Donna Wreathall on +44 (0) 7585 705 438 and/or dwreathall@acumin.co.uk to reserve your place.

 

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy