Information Security Summit 2023 – A Review from a First Timer

This year I had the privilege to attend the 21st Annual Information Security Summit in Cleveland, Ohio for the first time. To be honest, I didn’t originally have high hopes for the conference being a small regional conference. I could not have been more wrong. The Information Security Summit (ISS) is an event based in Northeast Ohio for Information Security professionals, CISO’s and any other security conscious IT professionals. I was fortunate enough to attend and found a few things to be helpful for anyone looking to attend in the future. Since I was far too quick to judge this conference, I felt I should recount my experience and explain why I’m looking forward to attending again next year.

DISCLAIMER

Please understand that the content herein is for informational purposes only. This existence and contents shall not create an obligation, liability or suggest a consultancy relationship. In further, such shall be considered as is without any express or implied warranties including, but not limited to express and implied warranties of merchantability, fitness for a particular purpose and non-infringement. There is no commitment about the content within the services that the specific functions of the services or its reliability, applicability or ability to meet your needs, whether unique or standard. Please be sure to test this process fully before deploying in ANY production capacity, and ensure you understand that you are doing so at your own risk.

Table of Contents

What I Enjoyed Most
What I Enjoyed Least
Why I Plan to Attend Next Year
Conclusion


What I Enjoyed Most

Here are the things I enjoyed most about the event.

Few Pushy Salespeople

I don’t know about you, but I always get annoyed when I attend a discussion that claims to provide instructions on how to solve a specific problem, but then just turns out to be a sales pitch about some solution a company offers. I understand the incentive for companies to attend and send speakers is to sell product, but I get frustrated when it feels like a company is trying to trick you into attending.

It was clear that the only sales discussions were supposed to be held in the vendor area and it was nice to see so many vendors follow that rule. There were plenty of talks lead by different company spokespeople, but for the most part they still had useful information that was vendor agnostic. I’m sure that this is not an uncommon practice at conferences like this, but it was nice to see that even for a smaller event they stuck to this practice. I didn’t talk to any salespeople that I didn’t want to talk to, and it was great.

Several Younger Speakers at the Event

One thing that I noticed was that there were several younger speakers at the event. I’ve attended Microsoft Ignite, and the Gartner Security & Risk Management Summit in the last year. In both cases, it was rare to see younger people earlier in their careers leading talks at those events. That wasn’t the case for the ISS in Cleveland. There were several discussions being led by people in their late 20’s and early 30’s talking about the real-world things they see every day. As someone in my mid-thirties it was nice to feel among peers in these discussions.

While I certainly appreciate the experience and knowledge of someone who has been in the IT field for 15-20+ years, I feel like it can be discouraging when those are the only people leading these talks. For me personally, I’ve always wanted to attend one of these events as a speaker and give a discussion (though I have no idea what I would talk about). To see speakers in my age range gives me more confidence that I could do it.

Additionally, I was attending ISS for the first time with one of the guys on my team who is 10+ years younger than me and just getting started in his Cybersecurity career. To see him so strongly encouraged by the event was awesome and he specifically commented on the sessions featuring some of the people only a few years older than him. This is something I felt was very encouraging for an attendee, and I think it would be great to see it continue.

Panel Discussions

These are certainly not unique to ISS, but I attended several of these and each one was worth the time. In life I’ve found that whenever you have a bunch of smart people in the same room talking about important topics, it’s important to sit down and listen. Two panels in specific I attended that were interesting “So you want to be a CISO” and “Application Security Panel of Power!”.

Jack Nichelson - Inversion6 vCISO at Information Security Summit
Jack Nichelson – Inversion6 vCISO at Information Security Summit

The “So you want to be a CISO” discussion was an excellent hour-long discussion with some great leaders in Northeast Ohio. The panel was moderated by Tom Mathis, and featured Gary Sheehan, Jess Walpole, Keith Fricke and Jack Nichelson. Even though the name implied the discussion was specific to becoming a CISO, it was really more about leadership and transitioning from a technical role to a leadership one. To hear so many perspectives on a topic that is relatable for me was encouraging. They had several excellent points about staying relevant in today’s market and growing as a person. It was an excellent panel, and I look forward to more of its kind next year.

Application Security Panel of Power

The “Application Security Panel of Power!” was excellent. CRob was the moderator for this session featuring Chris Bush, Scott Goette and Dave Russo. The contrast between perspectives was excellent with this group. Chris was an experienced Application Pentester who helped give perspective on the practices in application development that lead to insecure outcomes. Scott described himself as someone who helped developers fix insecure code and provided the right contrast to Chris in their discussions. Dave brought in the perspective of leading developer teams in a security focused environment. Some of the discussion was admittedly over my head, but the overall conversation was excellent, and I was glad to attend.

In life I’ve found that whenever you have a bunch of smart people in the same room talking about important topics, it’s important to sit down and listen.


What I Enjoyed Least

These are the things that I wasn’t so fond of. However, none of these were enough to dissuade me from attending again in the future…

Lunch Time

Look this is a little petty and probably not worth mentioning, but lunch wasn’t the best experience. I don’t have any suggestions about how it could be improved, I’m not sure it could at that scale. However, I’ve attended lunches before where I wasn’t ushered around so much and forced to sit with strangers. I will admit that I met a few people I wouldn’t have met otherwise, and had some good discussions, but it still wasn’t my preference. The tables were a little too overcrowded so I was never very comfortable and couldn’t even pull my chair all the way to the table. I know I’m being nitpicky here, but I found that I was eating quickly and leaving as soon as I was finished. It wasn’t unbearable, but I may consider packing a day or two next year to avoid the rush next year.

The Schedule

To be fair, this is every conference and is not unique to the Information Security Summit. It felt like there were some time blocks where I wasn’t interested in any session, and others where I wanted to attend all of the sessions. I don’t think this was intentional and I don’t think it is something ISS or anyone else could fix. Everyone has their preferences, and plus organizers have to account for speaker availability and everything else. Recorded sessions would obviously help solve this issue, but that is a mountain of a task, and I don’t expect that to be an easy fix. To be honest, it’s probably a good sign that there were more sessions that I wanted to attend than what was physically possible. I’ll just need to make sure I keep attending so I can get whatever information I can when I can.

The Wi-Fi

This is definitely nitpicky, but still kind of a bummer. Since the event was hosted at the International Exposition Center, this could’ve been an issue with the venue and not the host. However, the sessions were underground and there was virtually no cell reception whenever you were in a room. This made it challenging when you needed to send a text or take notes on an iPad. There was Wi-Fi available but it was a bit spotty. You would get disconnected when you were too far from the few AP’s that were available, and so sending texts or even searching the web for information was difficult. It wasn’t a deal breaker as I wasn’t in need of the internet the entire time, but when I needed to respond to some emails over lunch, I had to find a place with good Wi-Fi and stay there until I was done. Not the end of the world, but it seems like this problem could be solved pretty easily.


Why I Plan to Attend Next Year

The conference as a whole was a great event. I met some people local to the area where I work and live. Networking is a key part of growing in this field. Things change too quickly for any one person to keep up, so it helps have people you can call when you need answers. Other organizations may have been through whatever it is you need help with, and knowing those people can make it easier to get through. That works in reverse too, as you may find yourself in a position to help someone else in their time of need. We’re all out here trying to accomplish the same things and protect ourselves, so there’s no reason we shouldn’t be working together.

Knowing people in your area helps for career progression as well. Whether it be through mentorship or through future job openings, networking can be a boon for your career. One key takeaway for me from this event is that I need to find a mentor. Someone who can lend me the benefit of their experience as I grow would be immensely helpful. I have a few mentors in my life already, but it never hurts to meet others who may have more that we could learn from each other. Any opportunity to learn from others is an opportunity I want to take.


Conclusion

There you have it, my review of the 21st Annual Information Security Summit in Cleveland, Ohio. Overall, I enjoyed the event and am looking forward to attending next year. The speakers were knowledgeable, and the sessions weren’t overwhelming large. Each speaker had time to talk after the session and was always willing to do so. The timing for the sessions were great and were evenly spaced so you never felt rushed. There was a wide selection of vendors, and the venue was adequate for the number of people that were in attendance. They even had a coffee bar with free specialty coffee drinks for attendees. I would say it was a success.

One thing I may want to investigate for next year would be the CSO Xchange. This is a chance for leaders in the area to meet and join up for discussions about what they are facing and getting opinions on looming challenges. A few of my colleagues attended the meeting on Monday, and it sounded like something that would’ve been a good event to experience. I think I may sign up and join the CSO Xchange to attend that next year or sooner.

If you have the opportunity to attend next year, I recommend it. It was worth the price of admission in my opinion, and I will be planning to attend it again in 2024. If you found value in this review, please let me know! I’d love to hear what you thought of the event if you attended. Hit me up on Twitter @SeeSmittyIT to let me know what you thought. Or if you are avoiding the bird site, I’m also posted up on Mastodon @[email protected]. Thanks for reading!

Smitty

Curtis Smith works in IT with a primary focus on Mobile Device Management, M365 Apps, and Azure AD. He has certifications from CompTIA and Microsoft, and writes as a hobby.

View all posts by Smitty →