SecTor – Day 1
I debated what to write here, and if I would present the positive or negative points but I figured the only fair way was to describe both, so without further ado, I present SecTor Day 1 - The Good, The Bad and the Ugly.
I figured I'd describe my day from start to fishing, instead of breaking it up by what I did or didn't enjoy. The day started off with breakfast at Cora's, a group of us met there only because this years SecTor schedule made no mention of a breakfast similar to the one provided last year. Of course, when we showed up, it turned out there was a provided breakfast... at least we know for tomorrow.
The initial keynote was done by the RCMP and I don't even know what to say. Last year's RCMP presentation was depressing (many people that I spoke to today said it was the worst part of last year, and there was a debate over which RCMP keynote was actually worse. This years was made worse by the fact that it was first thing in the morning. It was presented with little enthusiasm and I'll say it... it sucked.
When the RCMP speaks, you'd expect to learn something interesting, in fact a number of attendees mentioned that to me today. Yet nothing interesting was learned. I was eager for this talk (as I was eager for the keynote last year), I figured they had learned from last year and that this year the RCMP would do better. I took about a page of notes, but got nothing of interest. The names of a few councils (ITAC Cyber Security Forum and CBOC's Council on Security & Tech) and learned that there was a Cyber Security Conference in Gatineau on Nov. 5 & 6. That could have been a single slide, or better yet a hand-out. The rest was useless, this was evident by the people falling asleep and the notes left on Twitter.m
I was also rather offended by a closing remark that David Black made regarding them looking for trained University graduates. I attempted to open my notebook and write down his email address to contact him but unfortunately the slide was removed from the screen. If anyone wants to pass this along to him, it would be appreciated. [Begin Side Rant] I'm getting really tired of this biased hiring practice in many places that requires a University degree, it's a useless, archaic requirement (much like the requirement for various certifications [which we see more and more people dropping from job postings]). Many of the really bright IT/IS people that I know have no formal education or a college education... it's a shame to see so many places discriminate... especially places like the government. I'd think that workplace equality would include method of education, and place the importance on actual skills and knowledge[End Side Rant].
Needless to say... KeyNote #1 was a fail.
Up next was the first session. None of the session interested me, so I decided to check out the lock picking village. I was in the hall by the vendor displays, so I visited each display on my way over, and failed to make it to the lock picking village before the first session was over. I did have some great conversations with the vendors that were present though. A big thank you to all of them for the sponsorship that they provide.
While there was nothing that caught my interest, I know people that attended both 'Double Trouble: SQL Rootkits and Encryption' and 'Network Security Stripped: From layered technologies to the bare essentials". I can say that I didn't hear negative reviews about either presentation. In fact most people liked what they saw, and those that didn't like it were fairly neutral in their comments.
Lunch and a Panel Discussion were up next. The lunch was Monday's left overs... my chicken fell off the plate and bounced; there was Twitter discussion around having a chicken bouncing competition. Yet that was almost the highlight of the lunch. The real saving grace on the panel was Hoff. I understand why everyone was up there; a number of them were sponsors and probably wanted to say their piece, but still... We basically had 8-minute, extremely dry lightning talks. A panel usually involves some sort of discussion or interaction, they was basically everyone bragging about themselves and drew quite a bit of twitter traffic
Following lunch, we had what I would call worst organizational decision made by the organizers. They did fairly well this year... there is some good content (you just have to dig to find it -- My favourite part of today was hearing (a couple of times), 'the talk that you submitted would have been much better than this'), the swag was cool, a lot of people had positive comments about the notebooks and the bags and there's an increased social aspect. The mistake however, was a really bad one... it was the mistake of placing the bulk of the good speakers in competing time slots. This happened today by having HD Moore, Jay Beale and Raven in the same time slot. Those are three talks I would have gladly gone to see, and I had to pick one. From what I hear this happens tomorrow as well. I'm really looking forward to Hoff's talk, however I've been told that James Arlen is quite the impressive presenter as well.
In the end I decided to go with Jay Beale's discussion of the concepts behind his new tool, 'The Middler'. It was everything that a tool presentation should be. The tool wasn't shown or mentioned... the concepts and techniques were discussed. Not only did the presentation have some interesting information (I filled three pages in my notebook) but Jay did an amazing job with his presentation. This presentation alone made up for the lackluster performances up to that point (although I was quite disappointed about the stacking of the time slot).
To briefly go back to the time slot, I believe the concept that was tried was to put the big speakers up against each other and then everyone else was grouped together, this was to ensure a somewhat even distribution of attendees and to avoid empty rooms. My feeling on this... if the persons presentation runs the risk of an empty room, regardless of what they are up against... don't accept the presentation. I'll stop ranting on this now... it's done and unfortunately it can't be fixed.
For the next time slot, I decided on attending Googless. I was excited... it seemed really relevant to some of the work that I do. I don't even want to talk about this presentation... the slide show background was disturbing, and Christian had no life to him, as well he asked for donations on like the third slide (also the first time I've seen a license on a presentation) and informed us that would have to wait until December to see obtain the slide deck. I guess Christian thought that this was the most popular presentation at SecTor... judging by how many of us walked out during the presentation, I really doubt that. It wasn't good.
I spent the last portion of that presentation speaking with colleagues before the rooms emptied out and the last series of sessions were to begin. I had originally intended to see the RFID presentation, however I managed to catch up with Jay Beale to further discuss the Middler as I was rather intrigued. So we were able to sit and discuss it for a short period of time. A few more people joined us and we moved to the keynote room for discussion and to await alcohol. This once again was an amazing opportunity to network with people, and proved to be more useful than attending the talks (or so I read (and heard)). I once again have to say kudos to the organizers for this... Anything that lets you get together with other people to basically 'talk shop' is a great thing and many opportunities were presented.
During the Microsoft sponsored reception our table grew and we had a lot of fun. Then speakers departed and the bar closed, and unfortunately I wasn't able to make it to the party, however the day still had a number of high points. I realize this may seem like a griped a lot, but given that this was year two, I had higher expectations than last year and I'm not sure those expectations were fully met... but as I said, I did enjoy quite a bit of it. Tomorrow is another day, and there are a number of time slots where I'm interested in more than one presenter, so we'll see how it goes.