Chocolate, teddy bears and pens – my experience of RANT Reloaded

Yesterday, I and a few of my work colleagues met up in London for a conference I had mixed feelings about – RANT Reloaded.

Why mixed feelings?

Because I’ve been to these events before and the first two were very good (read about them here and here) but last year’s sucked. Big time.

But, hey, Simon and Gemma are good listeners and are keen to receive feedback, good or bad, so it was worth another go, eh?

Anyways, I met up with the main man, the boss, and he gave me a bar of chocolate from his recent foreign excursion, so we were off to a good start at least.

choc

And so myself, Garry, and William waltzed in, ready for the networking opportunities, the chance to hear and learn from some of the best speakers in the business and… lunch.

Our esteemed leader, Mr Thom Langford, was there for all of the above, as well as to co-judge the ‘RANT Soapbox,’ a series of six minute mini-rants coming from conference regulars, speaking virgins and those with something to get off their chests.

Hosted by Acumin Consulting for more than eight years, RANT (Risk And Network Threat) events are typically held on the last Wednesday of every month and feature one speaker who is happy/foolish enough to stand in front of a crowd of beer-swilling InfoSec professionals and open themselves up for heckling or outright ridicule.

RANT Reloaded takes that one step further by turning the event into an all-day affair or, as was the case this year, an afternoon and evening of heated debate and much merriment.

So, what was this year’s event about? How did Thom perform? What did Garry, William and I learn? Who did we meet? And who won a prize (AGAIN)?

Lunch

Kicking off at midday in a rather swish hotel, the event began with an extremely enjoyable lunch –

lunch

– (the Peri Peri chicken was amazing) while everyone mingled, saying hello to old friends and meeting a few new ones along the way.

Thom’s brush with death

Of course nothing is ever straightforward when Thom is around and so we found ourselves designated as extras in a Jim Shields video.

While our CISO jumped out of a window, the rest of us reacted with an appropriate level of shock and panic.

window

Three takes and the shoot was done.

Professionalism is our business and business is good.

And fear not, for Thom survived the fall, which was probably just as well, for his input was required in the final session of the day.

The conference kicks off

After a quick introduction, the conference proper got underway and promised to be an interesting event, featuring many well-known names in the InfoSec industry, including:

  1. Managing and Detecting The Insider Threat

The first panel of the afternoon featured a discussion about the insider threat, based upon the assertion that it was an under-publicized, yet highly damaging, means of attacking an organisation.

After a quick round of opinion from the panelists, the discussion was opened up to all in attendance and the general feeling across the crowd was that the definition of insider threat needed to be narrowed down from the view we had been presented with.

Though undoubtedly an issue, the consensus of opinion was that phishing emails did not represent an insider threat, and nor did many of the other scenarios presented by the four speakers.

Ultimately, I think this panel failed to make its case that 71% of the breaches in the UK last year were as a direct result of the insider threat.

In fact, I think Becky Pinkard was the only speaker who was able to give us an example of such an attack that actually fit in with the crowd’s interpretation of the phrase – she cited the hypothetical example of an employee in a far-flung company for whom £20 (around $30) would be a sizeable amount of money, and sufficient motivation for them to walk an intruder straight into the Data Centre.

  1. IT Security Vendors: Friend or Foe?

If you’ve ever been to a security conference you’ll know there is one universal truth: IT security vendors are in attendance to sell something; delegates are not there to buy.

And so we see an uneasy relationship between the two which has seen many conferences say no thanks to any vendor replying to a call for papers.

This panel asked whether that was fair, as some vendors actually had quality research to share with the industry.

While that may be true – vendor-sponsored reports, such as the Verizon DBIR were cited – the consensus of opinion around the room was that vendors sucked.

And that’s a view I agree with wholeheartedly. I’m sure there is a vendor somewhere with someone on their payroll who wants to give an informational talk. Alas, such a person has never rocked up at any event I’ve ever attended – all vendor talks I’ve witnessed have been overly promotional and, arguably, full of FUD (fear, uncertainty and doubt) to boot.

So, overall, the gist of this panel was to confirm that vendors are not particularly welcome at InfoSec conferences.

Just don’t tell William – he still has a long way to go in filling out his schwag collection, having only sweet-talked his way to a few pens, stress balls and key-rings thus far.

  1. IT Professionals Couldn’t Communicate Their Way Out of a Paper Bag.

A sweeping statement if ever there was one but I generally agree with the sentiment.

As such, I was particularly interested in this panel when I spotted it within the agenda. To say I was ultimately disappointed in this discussion would be an understatement, though not because of a lack of skill, knowledge or communication skills among the panel – Hamish Haynes, Internal Communications and Engagement at BP has shot straight onto my list of favourite orators – but rather the overall stance taken by the five guys who collectively promoted one strategy for communicating with the board that overshadowed everything else they said during their slot: use shock and awe to make your case.

As Thom said at the time we, as security professionals, need to up our game, not scare people. It may be ok to teach them our language when handling incidents, but we need to learn theirs when discussing budgets and defining risks, etc.

Also entirely correct, William added that “Organisations that react positively to shock and awe are a dying breed”.

  1. What Do You Mean There’s No Silver Bullet?

A speech from a vendor.

Preaching to the converted without opening the debate for any meaningful discussion.

Kane Hardy did a grand job of reinforcing the points made in the second panel (see above).

  1. The RANT Soapbox

Ten speakers, six minutes each.

Four judges, banter and appropriate, though often late, musical accompaniments.

hostunknown

The soapbox was a series of quick-fire RANTs under the scrutiny of Thom and his team of hecklers.

A bit of a mixed bag featuring an impassioned tirade from Rowenna Fielding, a cheesy (but funny) skit by Joe Goodings who looked like he’d just escaped from Guantanamo Bay, a strange (but memorable in a weird kind of way) talk about cyber board games and much else besides, the final hour was actually the highlight of the day.

Thom and Becky Pinkard’s banter, Jim Shields excellence in missing the perfect timing for his music and Javvad’s brush and powder technique raised the already good mood in the conference hall to an entirely new level, encouraging much merriment and outright laughter.

Networking drinks

Following the talking sessions, it was back to the main hallway for a relaxing drink or two (William had long since eaten all the cakes) and a good chat with the speakers, most of whom I already knew, and other delegates alike.

In the biggest shock of the day, the awarding of prizes based upon the drawing of business cards from a bowl did not yield the usual result – Thom went home empty-handed for once – but I was able to claim the star prize for my daughter, a teddy bear supplied by White Hat Rally –

Teddy

– who do a grand job of raising money for childrens charity Barnado’s.

Closing Thoughts

Overall, the RANT Conference this year was very good – Will experienced some great food, Garry drank lots of beer, Thom rocked the show in his role of judge, I won a prize and we all thoroughly enjoyed the afternoon talks and evening networking session, during which we revisited old friendships and made plenty of new ones.

So, thanks for a great event and thanks for the teddy. And, for those of you who know I have another one indoors, fear not for he was very happy with a bottle opener and a stash of pens (just don’t tell Simon or Gemma how many I went home with!!!)

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*