AusCert Day 2: Does it matter if the presentations are not that good if the dinner is a winner?
What a weird start to the day…Keynote speaker is John Stewart from Cisco but before he starts, the MC (AusCert dude), looking very sombre, tells the delegates that he has read stuff on Blogs talking about AusCert day 1 and also the lack of local content versus overseas presenters after the first day. He seems really upset by it. “Gees!”, is he talking about me? Or this? I cringe and then I think, hell yeah…..if me, good!…if not me……Good! If this is the wake up call you need, then whoever did it, it may well be worth it to get this conference (and organisation) back to reality! (Personally, I have nothing to do with AusCert and neither do any of my clients….I have no idea of their relevance….I have no idea why I do not! I run a team of security consultants and researchers and none of them do either!) But that’s another story.
Anyway, he goes on and on and on about this, and seems very worried to the extent that he asks the whole crowd; “If you have a problem, please tell us”. Maybe I am rating myself and it has nothing to do with BorB but who else has posted the same stuff recently? 
He’s flustered and now apologises that the keynote is from OS and then introduces John.
John, to his credit, quickly ad libs the intro with comments like (similar): “this is the first time as an OS speaker, I have felt bad about being an OS speaker”…”Maybe next time, I will endevour to become an Australian citizen” etc etc ….handled well and with good humour.
While no great substance to his talk, I liked his openness about Cisco and what they do. He did raise good points on accountability and the fact that NAC has a way to go and many mistakes were made with it. (Side Note: Shame Cisco Marketing were not as open about this in recent years!)
Some good comments on policies: “why have policies if you don’t hold people accountable…and if you can’t, why have those policies at all?”. Interesting that Cisco admitted that internally for security, they rely on other vendors! Hmmmm…..thought you did it all?! But hey, if you are happy to admit now you can’t, that’s a start. Good!
Me thinking…thought bubble here: “Hang on,…haven’t Symantec killed off everyone? Hang on….aren’t we all irrelevant now?!
Only William Cheswick could make a 40 minute presentation on passwords enjoyable! Nothing new out of it but a great presentation! This dude I think could make any topic interesting….. Legend as he is!
The German dude talking about phishing was good. His presentation slides were the highlight of AusCert……okay, in case you weren’t there, the photos of the Russian “lady” scamming the German 50 year old, were a change to the usual PPT slides…..okay, I’m a man….sorry!
I missed Peter Gutmann’s presentation sadly, but not overly upset as most of it was the same as the one at Kiwicon, as podcast on Risky Business. Well worth a listen!
Now I missed the rest of the day’s sessions due to real work but Declan will post on those later. The dinner was good and great to meet up with people.
One day to go.
May 21st, 2008 at 1:25 am
You and some like you rate yourselves to highly. It is easy to criticise. If you think you are that good why weren’t you presenting then at Auscert?
May 21st, 2008 at 2:12 am
@Anon…..Now more than likely, you are one of the numbnuts I know and are taking the piss.
If not, and you are serious and have never followed this blog:
1. We have pretty much given up many years ago getting presentations into AusCert. (They work on another planet to us). We had a good one this year, like many others did [companies and individuals], but it did not get in. I told my guys from the outset, “try your best, make it sound good but even then, you probably won’t get in!”
2. Funny how SG and SA formally all one company dominated presentations at Kiwicon (moreso the kiwis) and got a shitload of global press. Do they [AusCert] know us? No! we are strangers to them!
3. Did one preso at AusCert this year blow anyone away? Not yet and one day to go…Will someone release some awesome research? LOL….if they do……I will make a huge apology here if they do!
Anon, I would love to present at AusCert but in the scheme of things, I can’t get any of my guys to take the conference seriously. Aside from that, we’ve tried dude, but we’ve not made the cut for AusCert. Had we proposed a preso on Infosec basics, Russians, banking and pretended to be from overseas, we would have gotten in I reckon!
Okay….lets test this and see what comes out of Ruxcon and Kiwicon…I reckon we’ll get to present!
To be fair as I said. You can’t fail having a conference on the Gold Coast!
DD
May 21st, 2008 at 9:39 am
It is easy to present at Auscert Drazen - become a sponsor - look at the speakers list - the bigger the sponsor the more the speakers.
May 21st, 2008 at 10:16 am
@Anon
AusCERT is a vendor junket - we are not vendors. Our presentations are much more focused and specific which makes them less attractive to a broad audience.
Don’t forget that most of the people at AusCERT are marketing and sales people who know nothing more about security than what is in their product brochures.
I have spoken at a pretty broad range of national and international conferences so please don’t think that we are just throwing stones here. We are not, and put our money where our mouths are as you can see from our site (www.securusglobal.com)
May 21st, 2008 at 10:30 am
I read your Auscert daily updates with a laugh - keep it up – the emperor has no clothes on.
I agree with you 100%. Very few locals get selected to speak as an overseas name appears to pull a better crowd – a perception we locals have nothing here to offer in experience or we cannot sell ourselves.
“… If you have a problem, please tell us” – as we did. After supporting Auscert since the start and having presented at two of the conferences, we decided not to attend this year and rather spend the money on Blackhat instead. Auscert was so sorry to hear this – so long and thanks for the fish – they do care….
Every year while I was at Auscert, when on the stand, as people walked past, I used to ask three questions:
1. Is this your first time?
2. What have you learnt this year?
3. Which vendor gave you that gift?
Responses mostly included;
1. No this is my 2nd year
2. Not much, still waiting, but it is good to see they are re-enforcing security concerns
3. That one over there
I guess it is just the way of doing business, a good one at that for Mr Lack and Aucert, a non-profit organisation who can make enough from Aucert to run for the next year.
As someone in the industry, I would have liked more outcomes from Auscert in helping to shape and drive the next year in InfoSec here in Australia. I guess I am still naïve.
I believe the presentations really do not follow the conference’s named topic as the main and overseas speakers are doing the world speaking tour, and we listen to what the speakers wanted to talked to us about, (since this is what they prepared so why spend time and effort in moulding it into the conference theme?)
Well enough of my waffling, hope you are having a good time down there.
May 22nd, 2008 at 2:45 pm
The $1.5mil profit AusCert generates from this conference should help dry those tears.