When many people think about conferences, this media created image comes to mind of the conventions of yore that are pure boondoggles. But those who attend technical conferences and symposia know that the media image is far from the truth. Conferences are serious affairs during business hours with training sessions, papers, panels, keynote speakers. Much of that you could get through a web course or a book, but a conference goes beyond that and gives you something even more important: that chance to network and interact with your peers in the industry, and to make those connections that prove critical as you do your job.
I’m mentioning all of this because registration is now open for the 30th Annual Computer Security Applications Conference (ACSAC), being held December 8–12, 2014 at the Hyatt French Quarter in New Orleans, Louisiana. ACSAC is a great mid-size conference — it’s not the gigantic RSA or Blackhat with thousands of people making it impossible to network, nor is it a small symposium with a narrow technical focus and insufficient critical mass of attendees. ACSAC typically has an attendance around 200, and provides well rounded technical program with training and workshops on Monday and Tuesday, and papers, panels, speakers, and case studies on Wednesday through Friday. I’ve been attending the conference since the 4th ACSAC in 1989 in Tucson, and have continually found it to be of value in what I do.
Let me give some highlights for this year’s program:
- Monday. Training sessions on Android Malware, Building Secure Web Applications, Security Risk Management, and Virtual Machine Introspection. The first day of the Layered Assurance Workshop and the special TracerFire Training Exercise.
- Tuesday. Training sessions on Advanced Digital Forensics, Cloud Security and Privacy, and Systems Security Engineering: NIST SP 800-160. The second day of the Layered Assurance Workshop and the special TracerFire Training Exercise. The Malware Memory Forensics Workshop (MMF). The Program Protection and Reverse Engineering Workshop (PPREW).
- Wednesday. The Distinguished Practitioner Keynote Panel, looking at Multics. Sessions on Cyberphysical security, Secure Configurations, Mobile Systems Security, the DHS’s Continuous Diagnostics and Mitigation Program (CDM), Social Computing and Networks, System Security, the NIST Cyber Security Framework. The day ends with the invited keynote: Aviel D. Rubin, Johns Hopkins University, on taking two-factor authentication to the next level.
- Thursday. Sessions on Cyberphysical security (it’s a conference theme), Insider Threat, Moving Target Defenses, Securing Systems, Securing Communications, Mobile Systems, Usable Security, Systems Security Engineering, Privacy, Network Infrastructure Security, and more. There will also be a works-in-progress session.
- Friday. Sessions on SCADA, Access Control and Malware, Software Security, Web Security, and Cyberresiliency.
You can see the full program at the ACSAC website; each session has links with more information. Information on conference registration and hotel registration is here. Please spread the word about the conference with your friends, colleagues, coworkers, and associates.
Disclaimer: If you know me at all (and I hope you do, if you are reading this), I’ve been involved with the Annual Computer Security Applications Conference (ACSAC) for a long time. I’ve been the chair of the training program since 1990, and over the years I’ve also done local arrangements and been general chair of the conference. I’m also the Secretary of the sponsoring organization, ACSA. ACSA, the sponsoring organization behind ACSAC, also runs the New Security Paradigms Workshop, and is the initiator and sponsor of the Scholarship for Women Studying Information Security (SWSIS).
P.S.: ACSAC 31 (and 32) will be at the Universal Hilton in Los Angeles near Universal City December 7-11, 2015 (and December 5-9, 2016). Mark your calendars now to “save the dates”. I’ll be doing local arrangements for those conferences, and would love to demonstrate why Southern California is the best draw for cybersecurity!
