Rob Cheyne, founder and CEO, Safelight Security Advisors, believes that security is everyone’s job. The @stake and Symantec veteran says security practices must be woven into application development and everything else. He spoke with CSO Magazine’s Kate Walsh about why enterprise wide security education is critical.

Full Story

What: Conference on California’s Future

When: May 12-16, 2008

Sacramento Convention Center

1400 J Street Sacramento, California 95814

Instructor: Paul Hinkle, CTO, Safelight Security Advisors

Security Training

Threat Update

Monday, May 12, 2008, 9:00 a.m. - 12:00 p.m.

Audience: IT network administrators and managers The news is full of stories of stolen laptops, hacked databases and identity theft on a massive scale. From social engineering and spam, to directed attacks and virtualized rootkits, learn how different threats may impact the overall security posture of your organization. This half-day course brings you up to date with the latest attack methods, and anticipates some of the changes the industry expects in the near future.

Securing your Web Applications

Monday, May 12, 2008, 1:30 p.m. - 4:30 p.m.

Audience: application developers, project managers and business analysts According to Acunetix (a vendor of Web application scanning tools), 70% of applications they reviewed contained high or medium ranked security vulnerabilities. Learn how to develop more secure applications using simple, repeatable steps. This introductory half-day session includes: demonstrations of key attacks, step-by-step analysis of those attacks and solid countermeasures that any development team can use in its Web environment.

The talks are decent, but this year there are 17 tracks!!! It is incredibly difficult to figure out which talks to go to - and if you don’t get into a talk early enough, there is a strong possibility that you will get locked out (this has already happened to me twice!).  Apparently the fire marshall cracked down because standing in the back of the room is no longer allowed.

All this make me wish that there were more conferences like the Source conference in Boston.  Full disclosure - I am on the Source advisory board, so I am clearly biased!  However, Source was small, intimate, and you could actually interact with most of the attendees and speakers during the week.  The talks were as good if not better than anything I’ve seen out here so far.  In some ways it is like a combination of RSA and Black Hat talks.  There were excellent business talks like the CEO Panel, and there were also great technical talks like James Atkinson’s terrifying discussion of physical security issues and Roger Dingledine’s TOR talk.  And of course there was Dan Geer’s excellent keynote and the L0pht panel, which were the highlights of the show for me.  All in all, it really was a blast, and I can’t wait for next year’s Source conference.

In the meantime, I’ve been enjoying the “real” RSA conference, which takes place in the bars after hours.  Last night a ton of ex-@stake folks descended upon the Westin Market Street bar, a pre-cursor to Thursday night’s iSec event at Tres Agaves.