I was caught by surprise when my CISO (yes, we have one in our institution) said, "Hey Frank! You wanted to attend the EDUCAUSE Security Conference, right?" I was so nervous that my mind went blank and I just looked at him in confusion, so he repeated himself. I replied, "Yes sir, but due to our budget, I believe we agreed that I might attend the next conference in 2018." He replied, "No, I want you to go. You are going." So immediately I booked my flight and registered three days before the early-bird registration ended. (I really lucked out because for the first time, the conference sold out.)
Before I knew it, I was landing in the beautiful city of Denver and settling into my hotel room. First, I went through the agenda to decide which sessions I should attend. I tend to overthink things, so even though I had reviewed the online agenda in advance, it was still hard to choose between all of the awesome topics and speakers lined up over the next few days.
Once I finalized my itinerary in the mobile app, I decided to go out to see the city. Yes, this was my first time in Denver. I stood outside, speechless. I was amazed not only by the size of the city but by how calm it was. We also lucked out with beautiful weather (it had snowed the previous weekend, but the sun was already melting away those traces of winter).
I am grateful that no one saw me when I headed downstairs to register on Monday morning. I was astonished by the setup of the registration area, which included our morning refreshments. Fortunately I arrived early enough that there was no line at the registration desk. Still trying to take everything in, I ran into Valerie Vogel — identified by her EDUCAUSE name tag — and introduced myself. I've had the opportunity to work with Valerie in the past when I wrote a guest blog for EDUCAUSE Review, but this was the first time meeting face-to-face. Valerie handed me my name tag, explained the logistics, and gave me useful information about the program. The registration process was so well organized; I felt prepared and ready to tackle my first day of the conference.
As I found the first session and sat down, I was greeted by the presenter, and before long the room was full. I was pleasantly surprised to see some of my colleagues from other UT institutions also in attendance. After the last session of the day was over, I visited some of the sponsors' tables, joined some colleagues for dinner, and went for an evening walk around the city to let everything sink in.
The second day of the conference was just as great. We had delicious food, amazing sessions, and many networking opportunities. But it was during the evening's game night when I was struck by the amazing atmosphere surrounding us. I had the opportunity to meet with all kinds of people with a wide variety of cybersecurity titles and experiences from different universities across the country and the world. I also had the chance to introduce myself to colleagues I had only known virtually and listen to many great presenters. Finally, I had the pleasure of meeting the wonderful EDUCAUSE team working behind the scenes.
The most frequent questions I asked (and people asked me) throughout the conference were: How big is your institution? Is your institution's IT department centralized or decentralized? Do you report to the CIO? How big is the security team in your institution? I even started a log of my findings and realized that responses were all over the place. It's not so surprising though, when you think about how diverse our community is.
When Wednesday arrived, I didn't want the conference — or this experience — to end. But then reality struck. I had a plane to catch, and I couldn't escape the heat of Texas much longer. I had to go back home. During my flight, I opened my notes and started reviewing all of the sessions that I attended. I was able to compare projects and gain insight from others' experiences. We shared good and bad stories. We also learned from each other's successes and failures. Now I had a long list of action items (and a bag with lots of goodies from the sponsors).
By late spring, with my conference notes for inspiration, I had tackled some of the larger tasks and projects:
- Launched our Information Security Administrator (ISA) program
- Reviewed content for the annual security awareness training program and new-employee orientation
- Published another educational newsletter issue from the information security office
- Started a dialogue with campus stakeholders in the hopes that our information security office can serve as a roadmap instead of a roadblock for other departments and colleges
I hope to attend another Security Professionals Conference because I honestly can't put a monetary value on everything that I gained during this event (although our budget might disagree). Whether you are just interested in learning more about cybersecurity, are new to the higher education community, or are an experienced security professional, I highly recommend attending this conference. Why? Well, because it might surprise you!
Frank Tamez is security analyst at the University of Texas Rio Grande Valley.
© 2017 Frank Tamez. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.