(entry made bit-by-bit over the day, post date is misleading)
I spent much of today at the "Cyber"-security Summit. I'm still getting used to the time shift, and so I was up at 6am and on campus much earlier than I normally am.. Notes:
- Food was, as expected, standard-faire not-quite-a-meal stuff (pastries, bagels, orange juice)
- The intros were a mixed bag. Some of them seemed clued (Mary Ann Blair), some did not, and one of them seems like he should've been clued but he got a number of details wrong (Pradeep Khosla)
- The first keynote (Rich Pethia) was a historical (and predictive) review of network security threats. It was quite good, with a bonus that he didn't use the modern "hackers are good" BS definition. It is kind of odd for someone who used to be grey hat to be attending this though..
- The Social Networking was another mixed bag. Alesandro Acquisti presented a study on CMU Facebook data that was interesting, and Jon Callas gave the impression of being a crackpot.
- The second keynote (Dan Larkin, FBI) opened to a fancy splash screen, "Organized Crime of the Cyber Kind...", nicely decorated with a notice from some random windows app that it crashed and wanted to send an error report. The guy also said "Cyber" a lot, and a little bit of my nonexistant soul died with every such saying. Ow. Oh it hurts. He also used irritating catchphrases (5 P's, etc etc) and gee-whiz powerpoint effects using the most generic clipart imaginable. Fortunately, he had a sense of humour (and stuck in some good jokes), and embedded in the crap were some jewels. My intuition is that the government "presentation culture" is rather different than that from academia.
- Dave Keener's "Future of Information Security" was down-to-earth and clear, but (perhaps because of my experiences over the years) was not particularly new to me.
- Dawn Cappelli (of CMU-SEI)'s Insider Threat was fantastic - it reviewed a study of cases where insiders sabotaged their (usually former) employer, models for what went wrong with them, how to spot such users, and some ways they worked.
- The Data Retention panel was interesting and quite relevant for my job - I need to get in touch with them for more details
- After the Data Retention panel, I chatted a bit with a really cool Indian Physics Prof, talking about the physics and theory of MRI-based psychology research. I've seen him around before, although I don't recall where from.
- My choice of MacOSX security for the second last session was based on the idea that none of the three choices were particularly good, but Brett Gross's presentation was really well done - I didn't learn a lot, but the presentation was very good - simple, with small, subtle flash, all delivered by an Apple Systems Engineer who has good speaking skills.
- I skipped the last bit about file sharing, instead playing with photobooth with some other folk, and spreading the joy of Medvedica to more unsuspecting folk.