Since my earliest days working in Silicon Valley, I have been involved in computer security incident response management. And so it was with great pleasure that I accepted a keynote speaking opportunity at the upcoming annual meeting of the Forum of Incident Response and Security Teams (FIRST) during 28 June-3 July 2009 in nearby Kyoto, Japan. The conference team asked if I could convey some of my observations about Japan, because I’ve been living here for just over a year now, and talk about how they relate to information security. The talk, entitled Information security: one character at a time uses aspects of the Japanese language as a way to discuss the role of communication in incident handling and, more generally, in information security management.
I remember going to my very first FIRST annual conference in Monterrey, Mexico, back in 1998. At that time, I was an an official representative for Sun Microsystems to the organization and was amazed by the level of international participation. Since then, interest in computer security incident handling has grown exponentially, and therefore the breadth of the audience has become far more diverse, both in geography and in mission, than it was even ten years ago. I think that this change speaks volumes about the information security business, and I think it’s a trend to which we should pay close attention.
My goal for this keynote is to set out what I think incident handling will mean in the context of cultural changes in the information security handling profession. After all, even the smallest of organizations is investing — willingly or not — in response measures to security threats. In the face of the present economic downturn, it will be very interesting to see how many companies will remain interested in computer security. But because even the most Luddite of company executives sees the risk that comes along with ignoring the perils of information security, I doubt the lights in the IT security department will be going out anytime soon.
If you’re in the information security industry, I highly recommend the FIRST annual conference. If you can make it, by all means please attend!
