Gartner Security Summit in Mumbai in Sep 2016 - A review

Gartner Security and Risk Management Summit , Mumbai 01- 02 Sep 2016.


Why I attended this Summit

In my quest for enhancing my information security knowledge and remaining in touch/keeping abreast with latest trends in this field, I was advised by various InfoSec professionals to attend the Gartner Security and Risk Management Summit. This annual summit was held in India for the first time in 2015 in Mumbai and was held this year in 2016 on 01st and 02nd September in JW Marriott in Mumbai. Gartner is leading research and advisory company whose analysts research and present papers on latest trends in various IT related fields. The Security and Risk Management fields deals with various information security related developments and their impact on business. It aims to equip security professionals with knowledge to solve business problems and make security an enabler to business. My feedback about the summit this year is given below.

Registration

As my registration was individual and self funded I had to apply directly with Gartner. My experience with the registration was quite bad as outlined below :-
  • Firstly, my email to the Garter team was not replied to by anyone for two weeks and only then their representative spoke to me.
  • Second, when I tried to register for the conference only it would not allow me to make payment via credit cased.
  • Third, when I informed their team of their technical glitch, they created another account and send me a fresh payment link. However this one took all my credit card details but the payment was declined. My credit card company on inquiry confirmed that they did not receive any request and my card was working well at other sites.
  • Finally, I had to share my card details over the phone and their representative made the payment off line. I found this arrangement to be very primitive and in secure.

Gartner Mobile App

On registering for the summit, delegates can download the Gartner App which has all the sessions and workshops listed and specific ones can be selected to make your own agenda. This is essential as number of sessions run concurrently and it is imperative that one reviews the PDFs of the topics to choose which talks to listen and talks which ones to leave.

The Gartner App was quite useful as it allowed me to browse through the agenda of the summit as also view all the presentations and see which ones I was interested in attending. The app also allows one to book workshops and select talks which require pre registration. However my experience in the conference showed that it is quite easy to attend any workshop if you arrive 5 to 10 mins in advance at the concerned hall/room as there is adequate space and no of people drop out at the last moment.

The Summit itself
As I had reached early on the first day I found the registration smooth and fast which allowed me time to look at the various vendors showcasing their products at the summit. However the list of vendors showcasing at Garner was limited and is much better at DSCI’s Annual Summit held in Delhi. By 8 AM there were long queues at the registration desk but the processing was fast. There was free WiFi at the summit venue.

The first session I attended was by Gartner Analyst Manjunath Bhatt on Balancing Employee engagement and security needs in the Digital Workspace. He covered the topic well and shared various useful insights. I liked his delivery style and decided to attend to all his sessions.

At 9 AM the opening keynote was delivered by Peter first book, Roggero Canto and Jie Zhang on “Building Trust and Residence at the speed of Business”. They took a fictional Insurance Company which was venturing into India and how would it tackle Risk Management in the Digital Environment. The talk was well delivered and include aspects on how various risks are identified and also the best way to present to the board.

Another good session I attended on the first day was the workshop “Creating your fifteen minute Risk Mgt presentation to the board”. All the participant were divided into groups and then asked to study a fictionalized company which was undertaking a new initiative. Each groups had to identify the selected companies strategic objective, top 3 IT Risks and recommended measures for mitigating those risks and finally an “ASK” from the board to secure their commitment for the security program. This was a very useful workshop with a great interaction.

On the second day I attended certain useful talks on Cloud Security by Steve Riley followed by a presentation on cyber Law by Advocate by Prashant Mali. The second day had more talks from various vendors including RSA, SOPHOS, IBM to name a few. Most of them were sales pitches and not really of much learning value. The summit ended with a recap of the key aspects by Gartner Analyst Partha Iyengar.


What I liked about the Gartner summit. The summit had some specific takeaways for me.

  • The sessions covered latest trends in the field of Security & Risk Mgt and were backed by solid research.
  • It was a good networking opportunity as a large number of information security professionals were attending from all over India and varied industries & sectors.
  • Workshops were a great way of learning and applying new information security concepts.
  • I got a lot of exposure to new topic in Information Security–Citizen IT App development, Bimodal IT, FIDO Alliance.
  • I understood Gartner's Magic Quadrant Hype Cycles Critical capabilities and use cases in context of various security products such as EMM, IAM.
  • Free WiFi, Mobile charging points.

What I did not like about the summit?

  • The summit was primarily comprising of speakers who were Gartner Analysts. This would not necessarily be a negative aspect as they were all qualified in their domains. However most of their talks referred to papers written by Gartner Analyst and these papers would require to be purchased separately. Now this made it more like a pitch for companies to take Gartner service for further knowledge of insight. There was no reference to any external/other research what's ever. Neither were any of these papers provided for further reading which I would recommend.
  • Some of the Analysts did not provide any additional insight besides the presentation slides during their talks. This defeated the purpose of attending the talk and was not expected at this level.
  • There were 3 Sessions going on at the same time which made me miss number of sessions I was interested in. Concurrent sessions should be restricted to maximum two and that too on as unrelated topics. However best solution would be to provide recorded sessions for all delegates to view later offline.
  • The workshops were useful but resulted in one missing 3 sessions as they were for 2 to 2 ½ hour duration. Ideally all the workshop could be conducted one day prior.
  • Certain presentations were organized in an open area called The Theater. It was very difficult to follow these due to surrounding noise.
  • The junior analyst required to be trained in public & speaking as most of them were not up to the mark and not conversant with their topics.
  • The analyst one on one is over hyped. Gartner advertises that participants claim it alone to be worth the investment on the summit. It is useful but certainly not the hype it is made out be as time is less and the analysts are not as knowledge as claimed.
  • Quality of the food was sub par. Especially not of Marriott is standard as I have regularly stayed and dined regularly at Marriott in Delhi and Mumbai.

Interesting Sessions and Talks.

  • Balance employee engagement and security needs by Manjunath Bhat.
  • FIDO Alliance by Manjunath Bhatt
  • The new CISOs crucial first 100 days by Tom Scholtz.
  • To the point : Five tips for better Security & Risk Management Communication by Jie Zhang.

Final View
Though, the conference was useful from a learning point of view and also networking with other industry colleagues and infosec professionals. However I will not attend  a Gartner conference again primarily because of following reasons.
  • It was overpriced. The public sector price should be half of regular price.
  • The sessions should be recorded to be available offline to ensure participants are able to view the missed sessions.
  • Workshops should be a day prior and not run concurrently to enable participants to attend all the workshops.
  • Customer service  and follow up is very poor. The website needs a revamp as it is slow to load and is not easy to navigate.

My view is that the Gartner conference is over hyped, overpriced and overcrowded. I would advise other professionals to attend smaller conferences which are better for networking and learning. Though Gartner covers a  number of new trending topics, these can easily be learnt through online webinars and blogs from sources such as BrightTalk webinars and Information Security magazine.

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more