Forrester's Security Forum 2010

Many of you may already know, but Forrester’s Security Forum 2010 is coming up in September. This year, the theme is “Building The High-Performance Security Organization.” Indeed, as the global economy begins to recover, Security & Risk professionals must transform from a reactive silo of technical security expertise to a true partner of the business and an enabler of forward-thinking business strategies.

This forum is all about technical, tactical, and strategic information to increase the maturity and performance of your IT security organization in this fast-changing economic climate. In the two-day forum, we will explore the principles of:

  • Aligning your objectives and measures of success with the business.
  • Giving business the tools to perform risk management.
  • Preparing for the adoption of cloud services, the consumerization of IT, the proliferation of social technologies, and an ever-changing threat landscape.

I will be running three sessions at the forum this year:

  • The Practical Cloud — Getting Past The Fear Mongering
  • The Role Of Security In An Empowered Enterprise
  • How To Build A Mature Application Security Program

My keynote panel, which I will be moderating, is called: "The Practical Cloud — Getting Past The Fear Mongering." On this panel, we'll bring together a cloud user, a cloud vendor, and a legal expert, to talk about how real enterprises leverage the cloud to deliver real business benefits, and how user organizations and cloud operators manage the responsibility to protect users, their data, and their privacy. I’m especially excited about this panel, because we will have one of the biggest cloud vendor companies, the director of security from a sophisticated cloud user company, and a legal expert specializing in the legal ramifications of cloud computing.

In "Security For Empowered Organization," I will be co-presenting with Ted Schadler, our resident expert on “Empowered Organizations.” We will explore why businesses want to empower their employees with social, mobile, multimedia, and cloud technologies. More importantly, we will discuss how IT professionals can help businesses achieve these objectives without compromising the organization’s security and privacy requirements.

In "How To Build A Mature Application Security Program," I will explore the concept of an organizational application security program, comprised of intelligent, useful tools and technologies, good accountability and incentive structure, and most of all, meaningful processes to realize software security across development, InfoSec, and operations departments. A typical organization today has a plethora of security applications, from in-house developed to outsourced, from open source to off-the-shelf software. Different applications need different sets of processes and technologies to ensure software security. I will present an application security maturity model, with specific steps required to go from one maturity level to the next, and discuss the different types of application security measures for different application types.

This is shaping up to be a very exciting forum. I look forward to seeing all of you in Boston September 16th-17th.