Infosec Europe 2012 Review

The end of another week, and the end of Infosec Europe at Earls Court.  Europe's biggest free three day event seemed as popular as ever, with an estimated 10k visitors over the three days (most seemingly at once at Wednesday lunchtime...).

Whilst there seemed to be a vaguely superhero theme (I certainly saw Robocop, a troupe of Wonderwomen and perhaps a Purple Meenie as marketing gimmicks..) there was a selection of some great talks, technical demo's and water cooler chat surrounding the main security issues of the day.

The keynotes were split across a range of topics from general compliance and CISO management through to the general focus on BYOD and mobile devices.  With the latter, many organisations know there is a potential threat with mobile and personal devices, but many are struggling to find the correct balance between policy, controls and manageability.  Thursday on the keynotes was another chance to go over the newer concept of Advanced Evasion Techniques.  Whilst there is a definitive case for separating the APT payload from the AET delivery method as two separate threats that require separate management, many believe it to be a mere marketing campaign and vendor hype.

The Technical Theatre areas were once again pretty much full.  These informal open air style podiums are a great idea for sponsors to perhaps get visitors passing by and taking an interest on a topic which they initially wouldn't go to one of the break out sessions for.  Was good to see Insider Threat and Social Engineering featuring in a couple of these sessions as I think those topics are often over looked for the more buzzy areas like cyber and encryption.

The Business Strategy Theatre pretty much had constant queues which is testament to the quality of speakers and their content.  Some of the big players were presenting in the likes of Barclaycard on payment security and Deloitte and Cisco both taking different angles on Cloud.

The Technology Showcase Theatre again used the 'open air' style to promote vendor products ranging from SIEM, perimeter and virtualization technologies.  Whilst the vendors only get 25 mins or so, many generally go through a product management style approach showing the product in a perfect light against a back drop of latest news articles that prove the business case.  The great benefit though is simply being able to breeze past and get a glimpse of something new and off radar.

This year in particular I noticed more academic and educational institutions than previous years.  I don't have any stats to back this claim up, but the universities of Oxford, Glamorgan and Belfast were present as well as the omnipresent general bodies like ISC2, ISACA and IISP promoting awareness, best practice and training.

Whilst the weather was more like October and the beer (if you had to pay when the freebies ran low) was ridiculously pricey, the week was another great success and one of the best free events in the IT industry  - let alone within security.  In the current economic climate it was good to see so many vendors with new product versions, marketing gimmicks and positivity for the year ahead even if there were some notable exceptions in the form of Oracle and CA.

Whilst many virtual conferences are appearing throughout the year and give a good top up on concepts and new products, it's good to see the physical IT conference is still going strong and Europe can just about keep up with the US events for style and substance.  Except for the weather of course.

(Simon Moffatt)