Three powerhouse keynotes served as the backbone of a solid day of presentations, networking, and vendor solutions at the 11th annual SecureWorld Denver on Sept. 19 at The Cable Center on the edge of the University of Denver campus.
The day got off to an inspirational start with Michael Gregg, CISO for the State of North Dakota, presenting on "Lessons from a CISO: Increasing Your Cybersecurity Footprint Despite Worn Soles." He talked about how he stood up and improved the cybersecurity efforts of the Peace Garden State with OKRs (objectives and key results) serving as the method for improving efficiencies of the state's cybersecurity posture.
"So if you asked me if OKRs have super powers, well, yes I do," said Gregg, who is based in Houston and runs North Dakota's cybersecurity program fully remotely. "Now, this isn't like Marvel, this isn't like a Batman or Iron Man thing. It's not those kinds of super powers they had. But I will tell you this; it gives you priority and commitment because you know what the team is going to work on and what are the priorities."
"You're always going to have the day-to-day work. You're just going to have the bright and shiny stuff that pulls you off in one direction or the other. But this aligns your people on their priorities. You've also now got that commitment because you've made clear to everyone that everyone understands these three to five things that are your key results. You're looking forward to the objectives you're looking to achieve over the next three months. You've got a way to track this."
Gregg had a line of attendees after his talk asking follow-up questions and giving kudos for his presentation.
For the lunch keynote, the audience was treated to a presentation by Krista Arndt, CISO at United Musculoskeletal Partners, who presented for the first time on "Drag Racing & Cybersecurity: The Crossover."
Arndt artfully weaved the similarities between cybersecurity and drag racing, a life-long hobby, talking about preparation, contingencies, diversity, and paying attention to the little things. She shared how she was in a severe crash a few years ago when a simple clip in the breaking system was left off. The result was her having no brakes at the end of a run as her speeding car plowed through the safety sand area and safety net at the end of the track, leaving a demolished car and Arndt with, thankfully, only minor injuries.
"Learn through failure," said Arndt, who is based out of the Philadelphia area and put this presentation together at the request of SecureWorld after telling her race crash story to a SecureWorld team member on a break at SecureWorld Philadelphia in the spring. "The concern there is you don't want the failure to be so massive that you cannot recover and that your company cannot recover. So as security leaders, as security managers, or maybe a team lead, we want to make sure we instill a culture of being able to fail fast, incremental failures, so we can continue to iterate and continue to learn."
"It is so important not only for the team to learn together, but personally for folks to realize what they are capable of and iterate on those capabilities, as well. It's saying, 'hey, I would have approached that situation differently.' Just like a hot wash, just like lessons learned, it is so critical to allow for failure."
"So as you can tell, failing fast early in my racing career allowed me to learn a lot. It really changed my perspective. It made me realize there's a huge correlation between my personal life and lessons that I can learn there, and my hobbies, and how I can implement that within my career."
The closing keynote panel tackled the topic of career pathing and was recorded for a Colorado = Security podcast episode. The panel featured Frannie Matthews, President and CEO, Colorado Technology Association; Richard Staynings, Teaching Professor, University of Denver; Alex Wood, CISO, Uplight, Co-Host of the Colorado = Security Podcast; and Robb Reck, Co-Host of the Colorado = Security Podcast, who moderated the session.
The group shared its thoughts on the cybersecurity profession and what it takes to groom, hire, and retain top talent.
Staynings also delivered a session earlier in the day on "AI: The Good, the Bad, and the Ugly." He will present that same presentation as the closing keynote at SecureWorld Detroit on Thursday, Sept. 28, at the Suburban Collection Showplace in Novi, located just outside of Detroit.
Other topics covered on the Denver agenda included privacy and trust, API security, quantum computing, desktop threat attacks, cloud security, the current threat landscape, forensics, social engineering, shared file security, insider threat programs, and a DevOps approach to security.
Check out the SecureWorld Events page for the five remaining regional conferences in 2023, as well as virtual conference offerings and Roundtable Dinners for our regional Advisory Councils.