Recently i had the opportunity to attend the Symantec Government Symposium in Washington DC. This is an event sponsored by Symantec and some of its partners. About 1500 customers of Symantec was gathered in one building to discuss what is going on in the Federal Space in regards to IT and IT Security.
The symposium started out with an introduction from John Thompson and Enrique Salem. The former president and CEO of Symantec introduced the new CEO Enrique Salem, who then introduced the keynote speaker Senator Mark Warner, from Virginia. Mr. Warner has a tech background and understand technology. However, I was disappointed in the tone of the speech as it seemed more like a campaign speech instead of a keynote speech. Mr. Warner is newly elected and perhaps that is why it seemed so much like a stump speech.
I attended the track entitled “Secure and Transparent Government.” The first session in this track was called “Assessing Security Standards Today.” The roundtable discussion was made up of Erick Hopkins (U.S. Senate Homeland Security and Governmental Affairs Committee), Ron Ross (Senior Computer Scientist and Information Security Researcher, NIST), and Tony Sager (Chief Vulnerability Analysis and Operations Group, Information Assurance Directorate, NSA). The big take away from this discussion (besides everyone having really really long titles) was in regards to the changes to FISMA (Federal Information Security Management Act). FISMA was originally passed during the Bush Administration and provides guidance on what branches of the government must do. From the discussion I learned that FISMA 2.0 will have a lot more “teeth” to it. FISMA is one new thing I will be learning.
The second session I attended was “Information Security: You can’t secure what you don’t manage.” The members of this roundtable discussion were Jaren Doherty (Associate Deputy Assistant Secretary, Office of Cyber Security, Directory of Veterans Affairs), Holly Ridgeway (Director, Justice Security Operations Center, Department of Justice), and Pete Stark (Manager, Corporate Information Security, US Postal Service). I was disappointed in this session, I thought they would have talked more about how to manage these endpoints, why managing the endpoint, etc. It seemed more discussion about what they did security policy instead of how the endpoints were managed.
The first place to start with a secure endpoint is to have that endpoint managed. This mantra is something we at ITS have been preaching since we started with Altiris back in 2001. In fact this mantra is something Mr. Salem himself has talked about when mentioned operationalizing security. The session was very disappointing.
The rest of the day I spent trying to meet and greet people and to try and get the ITS name out in the public. It was great to meet potentially new customers and more Symantec sales people to work with.
A great event if you do business with the government and with Symantec. Follow the hashtag #symgovsym on Twitter for more information