I’ll be moderating a panel at RSA on Monday, Feb 27 between 12:30 and 1:40, session PROF-001. The topic is a continuation of the work we have done in the past year on Stress and Burnout in the Information Security Community. Although the ongoing “attitudes in infosec careers” survey covers a much broader range of topics than stress and burnout, some of the relevant data collected from that survey will be discussed in the panel. A reminder: the Career Attitudes in InfoSec survey is open for another week, please see this blog post for details and I would appreciate it if you consider taking the survey. And thanks to everyone who took the survey and helped to spread the word about it.
I’ll also be leading a peer-to-peer session on “What works in log analysis”. The session is P2P-205C on Wednesday Feb. 29, from 2:10 to 3:00. I really want this to be a peer-to-peer discussion and exchange of ideas, so if you are interested please come ready to share your thoughts and experiences. We gather a lot of information in logs, but we don’t always gather the right information, or use it wisely. The Verizon DBIRs show that log analysis hasn’t led to incident detection in the cases they have worked, but that over 60% of the time there was relevant information in the logs. Does that mean we aren’t using the data properly (or at all)? Or does that mean that the folks who do log management and analysis properly don’t end up having to call Verizon for incident response services? Hmm.