Three years ago when we set out to create a conference that would bring together the greatest minds in the information security industry, we could not imagine the overwhelmingly positive response and growth MIRcon™ would receive year after year. Our goal for MIRcon is simple: to inform innovators and executives who are on the front lines daily, battling cyber attackers. MIRcon 2012 was no exception as we heard from industry leaders across the public and private sector present to consistently packed audiences.
On day one, Mandiant's CEO, Kevin Mandia welcomed attendees and set the tone for the show, explaining how we had to "attack the security gap". Later that evening, attendees were treated to a keynote from the President of the Miami HEAT basketball team, Pat Riley. Coach Riley gave a great speech on bringing out the winner in each of us that touched on collaboration within the industry. And to conclude MIRcon 2012, Gen. Michael V. Hayden presented a riveting keynote on securing the cyber domain and the challenges that come with that demanding task.
In addition to impressive keynotes that raised key issues within the industry, attendees were treated to top presentations in both the management and technical tracks. I asked each track owner, Mandiant's CSO, Richard Bejtlich, and Manager, Chris Bream, to write a brief summary of their track sessions:
Richard Bejtlich - Managerial Track
This year's management track balanced activity within the enterprise with factors outside the enterprise. For example, from the perspective of an enterprise CIRT, we heard from speakers like Rocky DeStefano, Stephanie Scheuermann, and Michael Cloppert. They talked about incidents, teams, and ways to organize, train, and equip responders in an age of "continuous incident response."
From the outside perspective, speakers discussed pressures on CIRTs derived from legislatures, lawyers, and even the nature of "cyberspace" itself. Speakers like Jason Healey, Greg Rattray, Chris Walsh, Rob Shelton, and Kristen Verderame told us how forces ranging from the Securities and Exchange Commission (SEC) to Senators on Capitol Hill affect security management.
Lastly, we had some hybrid talks, where inside and outside forces came together. Lisa Branco and Jake Sommer provided one example with their third consecutive legal briefing. Mandiant's Grady Summers and Tim Crothers synthesized wisdom from German psychologists and organizational authors to show how to use incidents to drive change.
As I think about next year, I wonder how we will find enough time to accommodate all the topics I would like to see!
Chris Bream - Technical Track
One thing I realized as I emceed the technical track (where technical people learned how to make managers think they were better, faster, and stronger) is that people are starting to "get it". There wasn't any more "targeted threat 101" or "let me explain the attacker lifecycle". The presentations in this year's technical track assumed you knew the basics and, as far as I could tell, pretty much everybody did. To me, we've moved on from "what" to "how". We know what we're up against, now we need to determine how we're going to manage those threats. We also know that prevention is not the solution. We need to be able to detect and respond.
The technical track provided a variety of solutions for the "how", focused primarily on detection and response. The topics ranged from how to improve your IR processes (Josh Bartolomie and Tom Hankins), to how to find the attackers (Will Gibb/Jay Smith, Seth Hall, Nick Bennett/Jake Valletta, Kelcey Tietjen/Graeme Stewart, and Ryan Kazanciyan), to how to limit our exposure (Mike Pilkington), to how to change our view of these threats (Willi Ballenthin).
I had a number of attendees come up to me and say how much they enjoyed the track. For the most part, their message was the same: this is information we can actually use to get better. Practical, hands-on, usable, and directly applicable; all of these phrases came up when I talked with attendees of the technical track.
If you missed the technical track this year, I'm sorry to hear it. You missed out on a lot of great information. Hopefully, you'll be able to make it next year when we try to top ourselves again
I couldn't conclude this wrap-up on MIRcon 2012 without a big thank you to Phil Sides, director of product support, who in his spare time is a world-class beer judge and chooses beer pairings for the Oktoberfest reception. For those of you not familiar with Mandiant's Oktoberfest reception, it is our way of thanking attendees who join us for Mandiant's annual conference by throwing a biergarten-style celebration on the first day of MIRcon.
Throughout MIRcon (including the set-up) we made sure to capture as many photos as possible to document the conference. You can view the full set of photos here.