Jay & I will be doing a podcast on RSA + METRICON 9 soon, but over the weekend I managed to make a “Storify-ed” recap of it from tweets that went throughout the day. While I already posted a direct link to Storify on Twitter, here’s a re-post of it on DDS.
Our sponsors – Risk I/O, Tripwire & CXOWare (+ RSA) - and our #spiffy speakers truly made the day something to remember.
This past Friday (Feb 28, 2014) over 60 infosec/risk management practitioners came together for the 9th "maxi" METRICON, the official gathering of the securitymetrics.org mailing list. The proceedings will be up soon but there was much live-tweeting going on during the event.
Even the torrential downpours of the early morning couldn't keep folks away #dedication.
Pete Lindstrom & Bob Rudis opened with a recap of #M8, a challenge to think differently and a "speed-networking" session to give folks a chance to meet new faces and possibly find collaborators for projects they are working on.
Kymberlee Price officially kicked things off with an outstanding deep-dive into data-driven resource planning and some truly #spiffy insights into vulnerability data. (@spiresec&@hrbrmstr were lightweights…well at least their introductory talks were :-)
@mroytman burst the big data bubble dreams of the vendors on the #RSAC floor in his talk about what it takes to make Risk I/O work behind the scenes (hint: a smart diverse team and modern, critical-thinking analytics).
At noon, CXOWare delved into the inner-working of FAIR and Bob & Jay lightened up lunch a bit with a tour of visualizations of the activity on the securitymetrics.org mailing list.
(some of the rest is a bit out of order here since Storify editing on a 13" screen is not exactly optimal).
Unlike Michael, Christophe Huygens' team does delve into big data as they analyze vulnerabilities across the entire internet. Will link to their research soon (they showed embargoed research results during #M9 that I can't put up here just yet).
Stephen Boyer cranked up Terminal.app to literally (heh) dig into analyzing public company weakenesses via DNS&SPF records (plus a WHOLE lot more on what they do behind the scenes at bitsight). Great, interactive talk with solid takeaways you can implement at home (but you should just subscribe to their service :-)