CISO Forum 2017

Last week I have attended CISO Forum 2017 in Moscow.

CISO FORUM 2017: Austere weekdays of CISO

I was talking there about “Vulnerability Quadrants: automated hot topic detection in public vulnerability (CVE) flow“.

The video record in Russian:

Today I want to share my impressions about the forum itself.

Vulnerability Quadrants: automated hot topic detection in public vulnerability (CVE)

To be short, I liked it very much. Both exhibition and presentations.

At first I was surprised that exhibition and buffet zone were combined together and there wasn’t much of free space. But later I figure out, that it creates a very comfortable atmosphere for effective networking. Wise move!

Buffet zone and exhibition

Of course I payed most attention to the stands of Vulnerability Management-related companies. Two of them I want to mention.

R-Vision GRC vendor. They are making very flexible solutions for managing information security events, going from the real processes and needs of organization. They can also integrate with different vulnerability scanners and vulnerability databases, for example with Vulners. Very efficient company.

R-Vision CISO Forum

Tiger Optics the only official distributor of Tenable Network Security in Russia.

Tenable distribution partner

For a very long time, I haven’t seen much activity of Tenable in Russia, but now Tiger Optics changes it greatly. I see more and more webinars and localized materials about Tenable products, including newest Tenable.io. I feel how motivated this guys are to promote this vendor on Russian market and educate customers. Great job!

Tiger Optics CISO Forum

At CISO Forum there were roughly the same number of presentations from engineers, compliance professionals and security vendors, and several round-tables about various aspects of information security management. All the main knowledge domains that are important for a good CISO. The level of presentations I’ve seen was high.

I can also mention great dinner, as an important component of any good event. 😉 Food was delicious.

When the forum was finished we had a intensive, but friendly discussion about language that can be used in presentation slides. 🙂 Surprisingly, many of my dear colleagues, even those who live abroad and work in foreign companies, have an opinion that English text on the slides is a sign of speaker’s laziness and disrespect to the audience. Something like this:

If I’m selling to you, I speak your language. If I’m buying, dann müssen Sie Deutsch sprechen. (c) West German chancellor Willy Brand

Well, I am strongly disagree with this.

Professional speakers usually have time and skills to adjust their show for particular audience. But those practitioners who appear on the stage occasionally use each rare event as a tool to spread their message more effectively. Their audience is not only the people who sit in the conference hall (they are important for sure!). But it’s also important that the video will appear on YouTube, presentation on SlideShare, and related post in the blog.

Often on conferences speakers say that Russian Information Security market is 1-0.5% of the world market. Maybe it’s true. But the share of Russian-speaking Information Security specialists at the world labor market seem to be even less than that. I am not a big fan of certifications, but it still an indicator “on September 3, 2013, the 184 people in Russia had valid CISSP certificates (total number is 84730)“. In such situation it’s not clear why anyone  should limit himself to the Russian-speaking audience only. IMHO, it would be useful not only to write slides in English, but also make English official language of conferences. Like security professionals do it in Germany, for example. The same thing with language of resume, blog, etc. Nothing personal. What language more people understand, that language we use.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.