The first week of May passed by in a whirlwind at the 15th annual Security Professionals Conference (May 1–3, 2017 in Denver, Colorado). Attendance grew considerably for the fourth year in a row, and more peer-developed content was offered for novice and seasoned information security professionals alike. But most importantly, participants had the opportunity to reconnect with old friends, meet new community members, and talk about how the higher education infosec community can move forward.
Highlights from this year's conference include the following.
- 652 attendees in Denver
- Over 300 first-time Security Professionals Conference attendees
- 13 preconference seminars and 48 track sessions focusing on career and workforce development; cyber threat intelligence; awareness and training; GRC and audit; privacy; and technical solutions
- 18 technical presentations, ranging in complexity from introductory to deep-dive discussions
- An opening keynote address from one of information security’s most respected practitioners and community builders (more on that below)
- A fun-filled game of CISO Jeopardy to close the event
In addition to formal presentations, the conference offers fun activities so attendees can mingle and get to know each other better:
- Formal and informal gatherings, including a first-time attendee session, birds-of-a-feather sessions, breakfast meet-up discussions, a PGP key signing activity, and the popular "hallway track" for catching up in between sessions
- Social events, including a morning fun run and photo walk, game and trivia night events, and a service project for the Heart and Hand Center in Denver
- The opportunity throughout to rekindle professional contacts and develop new ones
Acknowledge the Past
Don't cry because it's over, smile because it happened. —Dr. Seuss
The first-ever gathering of higher education information security professionals was held April 22–23, 2003, in Temecula, California. The Security Professionals Workshop was hosted by EDUCAUSE, Internet2, and California State University, San Bernardino. Approximately 100 attendees from as far away as Alaska and Canada gathered to hear from keynote speakers Dr. Corey Schou (Idaho State University) and Peter Cassat (formerly at Dow Lohnes PLLC), as well as an “Ask the Experts” panel moderated by 2003 Program Committee Chair Morrow Long (Yale University). The conference lasted a day and a half, with sessions covering a variety of topics such as developing an information security program, creating a security architecture, using open-source tools, creating a Computer Security Incident Response Team (CSIRT), sharing best practices for user education, and establishing security policies and procedures.
Assess the Present
Yesterday is gone. Tomorrow has not yet come. We have only today. Let us begin. —Mother Teresa
Now in its 15th year, the Security Professionals Conference has continued to grow (652 attendees!), and sessions at the conference focused on the information security, risk, and privacy challenges that colleges and universities face each day. While a number of these challenges are technical — and there was no shortage of technical topics in the conference program — many of these challenges are strategic in nature and speak to the heart of what it means to be a higher ed information security leader. How do we continue to evolve campus culture so that it values efficiency, productivity, and data security? How do information security leaders speak with campus executives in a way that is informative and helpful, and not fear inducing? What is a strategic CISO, and how does she advance her security program in a way that meets current campus challenges and prepares it for the future?
These challenges aren’t hypothetical — they are the questions that information security leaders and practitioners are grappling with right now. The conference offered attendees opportunities to hear where other institutions are successful and making inroads in these areas. Opening keynote speaker Jack Daniel (pictured at left) also offered attendees some advice: "If you want to do lasting good, make friends here and elsewhere, inside and outside the industry."
Anticipate the Future
Education is our passport to the future, for tomorrow belongs to the people who prepare for it today. —Malcolm X
We asked conference attendees what they are doing to prepare their institutions for the future. Responses ranged from the pragmatic (keep up with the latest technologies, make sure the institution understands the risk and reward of moving to the cloud) to the visionary (embed information security into the culture of the institution so that the CISO role is no longer needed). It will take a number of different strategies and tactics to achieve these visions of the future. For current practitioners, a foundation for the future already exists: a strong higher education information security community that celebrates one another’s success and collaboratively addresses challenges. We think we will be well-served by our community as the future unfolds.
The 2018 EDUCAUSE Security Professionals Conference will be held April 10–12, in Baltimore, Maryland. The call for proposals for the 2018 conference will be released this fall.
Lanita Collette is the chief information security officer at the University of Arizona and the program chair for the 2017 Security Professionals Conference.
Brian Kelly is the chief information security officer at Quinnipiac University and the program chair for the 2018 Security Professionals Conference.
© 2017 Lanita Collette and Brian Kelly. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.