Observations Along the Road

Theatre Writeups, Musings on the News, Rants and Roadkill Along the Information Superhighway

Category Archive: 'acsac'

Decisions, Decisions

Written By: cahwyguy - Wed Nov 28, 2012 @ 7:06 am PDT

Next week is ACSAC (you are coming, aren’t you?), and I’m having trouble making a decision regarding the conference: Do I take my work laptop or my personal laptop with me? Any work data I’ll be taking will be on my Ironkey, so I don’t need the work laptop for the data. The work laptop provides the ability to VPN, but I generally go in over the web interface (RemoteOffice) anyway, so that’s no big deal. Taking the home laptop allows me to update Quicken on the trip, plus it gives me access to iTunes and my iTunes library, meaning I can update podcasts. Both laptops have the basic tool suites I need. So which to take…

--- *** ---

Training in the Modern Era

Written By: cahwyguy - Wed Nov 14, 2012 @ 7:43 am PDT

I’ve been the training chair for the Annual Computer Security Applications Conference since 1990. In my over 20 years in this position, I’ve seen what was a very popular training program decrease in attendance. Whereas in the past we regularly had attendance for courses in the 15-35 student range, of late the attendance has been in the single digits (of course, there are always a few exceptional courses). That’s true again this year, even with (what I believe to be) one of our strongest training programs in years (look at Monday and Tuesday). [I certainly encourage all of my readers to attend the conference, and to encourage your friends to attend and take training courses.]

I’ve been trying to figure out the reasons for the decline in the program, and what to do about it. This post is part of that effort: I’d love comments that might help me figure out how to move the program forward in the future. Here’s what I think are some of the problems:

  • Publicity. As always, our publicity for the courses is poor. They tend to be subsumed into the technical program, and it is difficult to figure out what is a tutorial/training course and what is not. Part of this is due to how the Advance Program has changed: there used to be a separate section highlighting the training program and the courses, and it’s not there anymore. Part of this is due to a change in format: I’m of the strong belief that our move to electronic notification methods makes publicity in general less effective. People ignore email blasts and web pages except when they are seeking information. At least with mailed advance programs, if the target wasn’t interested, they could put it on a board or hand it to a colleague.
  • Growth of the Field. When ACSAC started back in the late 1980s, it was one of three major computer security conferences: ACSAC, IEEE (Oakland), and the NCSC. Today? There are hundreds and hundreds of conferences, each providing their own aspect of training. There are also online webinars, courses at local universities, and such. People don’t need to go to ACSAC to get their training, especially in a short course format for which they pay $$$.
  • Changing Budgets. Related to the last point is the change in budget. It is harder and harder for commercial contractors, defense contractors, and government to get funds to go to conferences. When they do, they need to be able to get something they can’t get elsewhere. That’s certainly true for the technical program–you only get the papers at the conference. That’s also true for workshops, where there is interaction with others in the field. Training courses? As noted above, those are increasingly available. With tighter budgets, it is harder to justify travel dollars for courses, even with CISSP requirements.
  • Changing Audience. One problem the conference has had is a changing audience. We’re working to fix that, but right now, the conference has become more academic. Contractors and government need tutorials to keep abreast of a changing field (and to maintain their CISSPs). Academics? Much less so. As the conference has become more academic, I believe the interest of that side for tutorials has gone down.

So what should the conference do about the situation. I haven’t fully worked that out yet. We already have an effort underway to restore the mix of the conference. Hopefully, this will increase the participation of industry and government. Doing that should help out the training courses some. Beyond that, however, what should we do? Here are some ideas:

  • Reduce Tutorial Days. If we reduce the number of paid tutorials, we can ensure that what we do present are the strongest and most attractive. I’m thinking right now of experimenting with only a single tutorial day (3 tracks), and using the second day for something training-related in a different way. Perhaps this might be more workshops related to the conference theme; perhaps this might be more interactive seminars.
  • Integrate Tutorials Into The Conference. Right now, we have two training approaches. We have our formal tutorials, for which attendees pay separately, and our government track, which has training sessions during the conference and is included in the conference fee. We could eliminate the training as a separate gated event, and just have a training track across all the days of the conference. This would provide more space for technical papers and discussions, and may increase attendance at the training courses.
  • Fix the Topics. I’ve begun to realize that general introductory topics are not good draws, even though they may be good courses. If I could get the material at a local university course, why have it at the conference? Our topics need to either be unique or something that clearly cannot be easily gotten elsewhere. Looking at our top draws this year, they are topics you are not seeing elsewhere. In past year, a regular strong draw was a tutorial on botnets. We need ACSAC-unique topics… and I need to find presenters to propose them.

Right now, I’m just at the musing stage on how to fix things. I’d welcome your ideas.

--- *** ---

Writer’s Block: B.Y.O.B. Holidays

Written By: cahwyguy - Mon Dec 12, 2011 @ 11:19 am PDT

Well, I always celebrate the Annual Computer Security Applications Conference (ACSAC), which is always in December. Great people. Great technical content. A conference committee that is like family. Wonderful food. Interesting locations. What more could you want?

[Wait, you mean there are other holidays in December? Well, I don’t celebrate Christmas (I observe that it is on the calendar), and Chanukah moves around. New Years Day is in January. So I guess it is ACSAC.]

--- *** ---

Conference Report

Written By: cahwyguy - Fri Dec 09, 2011 @ 5:37 am PDT

I know I’ve been mostly quiet this week—that’s because I’ve been busy! I’m in Orlando FL at ACSAC, which means (as a long-time conference committee member), I’ve not only been running the training program, but I’ve been handling the setup and breakdown of projectors, distribution of room signs, and helping provide the NSS perspective in the FISMA track. In fact, I’ve spent most of the conference in the FISMA presentations, with the exception of one panel on Trusted Identities. Today should be a little different—I’ve no interesting in the 800-39 session, and will be attending some of the other technical sessions.

The conference itself has been great. What really sets this conference apart are its attendees—ACSAC has the best attendees hands down. I”ve had some wonderful lunchtime and evening discussions. The sessions I’ve been in have been good (no useless sessions), food has been excellent (and alas, quite caloric), and the hotel is lovely. We’ll be back here next year, which will be my 23rd year at the conference, and my 22nd year on the committee!

--- *** ---

Arrived in Orlando

Written By: cahwyguy - Sun Dec 04, 2011 @ 3:15 pm PDT

We’ll, I’ve made it to the 2012 ACSAC. Yup, it’s that time again. One quick observation: Mears seems to own a hell-of-a-lot out here… busses, shared ride vans, taxis, and the whole Disney bus fleet.

--- *** ---

Long Day’s Journey into Fog

Written By: cahwyguy - Sat Dec 11, 2010 @ 11:10 am PDT

Yesterday was a long day. Well, it wasn’t longer in terms of length of time than any other day, but it just seemed longer. Perhaps I should explain.

The day started out as most final days of ACSAC do: with the conference committee meeting and packing the office. Other than the morning migraine, that went well, and we were all packed and done by noon. Lunch was good: we went out to Stubbs BBQ and had a wonderful buffet lunch with brisket, ribs, and chicken (although the spinach was too spicy). Got to the Austin airport around 330p, and unenventfully waited until my 555p flight. That flight was on time to DFW, arriving around 7pm.

That’s when the fun started. It was a long wait until my next flight (3.5 hrs). Evidently, there were earlier flights back to LAX, but our booking tool at work never gave them to me as options. I get on the 1030p flight, and it’s only 60% full. But the pilot leaves the seat belt sign on during the entire flight, and whenever I did get up, there was a reasonable amount of turbulance. It also seems he is flying very low—I could often see cars moving on the highways we flew over.

Coming into LAX, he does the normal approach. Lowers the landing gear…. and keeps going past LAX. I think perhaps due to the fog he is landing from the other direction. But he circle to the south. I think perhaps he is diverting to John Wayne… but then he heads north… so I think Ontario. He confirms: diverted to Ontario to refuel (supposedly). We land in Ontario, and there’s no estimate on when we will leave again, but it would be at least an hour. My guess was that the MD80 we were in was so old the pilot could only do VFR, and this guy couldn’t land in that.

It’s now about 1245am Pacific Time. So I call Karen, and she gets out to ONT around 2am. We’re back home around 3am, and back to sleep around 4am. For me, it was a 26+ hour day, plus I’ve still got to pick up my car at the flyaway (plus I have no idea how to enter all this on the expense report). Oh, and that migraine… it’s back.

ETA: Oh, and what if I had stayed on that flight? It would have touched down on the runway at 2:42am, meaning it would have been after 3am when I got down to the flyaway. I might have caught the 3am bus, but more likely the 330am or 4am bus, meaning I would have been back to the valley between 330a and 430a. I probably saved at least an hour having my wife pick me up.

--- *** ---

ACSAC Update

Written By: cahwyguy - Fri Dec 10, 2010 @ 6:13 am PDT

Today’s the last day of ACSAC, and so far, the conference has been pretty good. For me, the highlights have been the plenary speakers:

  • Wednesday morning, Doug Maughn of DHS opened the conference with an interesting talk about the problems of taking research projects and commercializing them.

  • Wednesday evening, Giovanni Vigna of UCSB revisited his NetStat paper with some interesting observations about the state of network intrusion detection… which contrary to some reports isn’t dead… it’s just been renamed botnet detection.
  • Wednesday evening there was also moving tributes to two of the computer security luminaries we lost in the last year: Paul Karger and Bob Arnold.
  • Thursday morning, Tom Longstaff spoke about the lack of the scientific method in Computer Security and Computer Science. I’m not sure I agree with him, but it was a provacative talk. In some sense, Computer Science is as much science as Software Engineering is engineering.
  • Thursday evening, Ches (Bill Cheswick) gave an entertaining talk about his history and of Berferd.

I also attended an interesting paper session on security in social media, and to that end, I’d like to highlight an interesting exporation of bots on Livejournal.

Lastly, a question for folks reading my journal. I’ve had the suggestion to rename the tutorial program to increase attendance. Which of the following names would make you more likely to attend the Monday/Tuesday educational program:

--- *** ---

One Day Down… and a Delightful Dinner

Written By: cahwyguy - Mon Dec 06, 2010 @ 9:39 pm PDT

Well, the first day of ACSAC 26 is history. We had a good first tutorial day, with no major SNAFUs. This is always good thing. The ACSAC Security Blankets seem to be going over well (this year’s conference good is a good size polartec fleece throw with the ACSAC logo).

Further, I’ve been good for meals. Went to Starbucks and got oatmeal for breakfast instead of conference pastries (as well as a nice travel mug—they say “cold only”, but it seemed to work OK for hot today). Didn’t eat all of the steak for lunch, and only part of the dessert. Worked out both last night and tonight as well!

Dinner was a chance to see a friend I haven’t seen in years: gyesika. We ended up going to a nice southern restaurant: Threadgill’s. Interesting place. Good food.

--- *** ---