IT Security on the Road: Tales of Protectia

Oct. 27, 2008
The Wizard, the Tech, and the Warrior

Dateline: Orlando, FL

I am finally ensconced in my hotel room after a whirlwind trip to another conference—this one, the big Protectia Security Conference and Exposition, held the last five years in sunny Orlando, FL. My flight leaves tomorrow for the return trip to Washington, DC.

Protectia is a big show with hundreds of attendees, but it wasn’t always that way. The show organizers began by targeting government security professionals, and they initially decided to hold the conference in Washington, DC, to encourage optimum attendance. They felt more security people would be able to attend if travel was not involved.

Although that strategy makes perfect sense at first pass, everyone eventually learns that if you want an audience of high-ranking government personnel, you hold the conference anywhere but in Washington. If the conference is local, people will sign up, but work demands and last-minute schedule changes inevitably make it easier to skip the show and stay at the office.

The conference organizers saw their conference really take off when they held the event in Orlando during spring break time for Washington-area schools. It became a venue everyone could endorse. Now the show was packed with government attendees (potential buyers), security vendors (aggressive sellers), and various academics (job seekers). Attendees were guaranteed to be present for at least a couple of days while the spouse and kids got a discount vacation. It was now a win-win, and the show became one of the largest of its kind.

I have been attending for several years now, and I’m always happy to see so many old friends, colleagues, and acquaintances. The sessions are educational as well as mostly entertaining, and I enjoy hearing about new technology and methodologies. However, I’m always amused by the predictability of the speakers. How many of these people do you recognize?

Wally the Wizard
Wally is smart. He is really smart. He has to be. Wally stands at the podium with a ponytail that would be the envy of Yvonne DeCarlo. His ears are pierced in multiple places, and his exposed arms display the edges of extensive tattoos. He is wearing a pair of black combat pants, studded boots, and a black t-shirt festooned with shadowy skulls and alchemy symbols.

Wally is one of those technical wizards with extensive and deep experience in a key technology. It may be encryption, electronic locks, or perhaps highly-specialized surveillance tools. Wally’s looks are always more entertaining than his presentations. Everyone knows he’s an expert, so no one is going to take issue with what he says about his area of expertise. He knows he is never going to be hired to be a salesman or customer-facing executive. But he also knows that when you need his help, you won’t be hiring him for his appearance.

Boomerang Bob
Bob used to be big. Really big. He had an office in the Old Executive Office Building next to the White House, a dedicated administrative assistant, and a staff of twelve. He rode around in government cars and most people called him “Sir.” Bob and his team were responsible for developing a fat government security directive. He used to sit at the conference table with assistant deputy secretaries, departmental program directors, rear admirals, and once was even asked into a meeting by the vice president.

Today, Bob’s business card identifies him as the business development manager for MegaTech Government Consulting. He now has a much smaller office in one of those glass towers on the Beltway. He has to make his own travel arrangements, and everyone in the office just calls him Bob. He is expected to arrange meetings for MGC with government executives when asked. Other than that, no one really knows what he does.
When Bob is introduced as a keynote speaker, his biographical sketch features the word “former” quite a bit. It cites him as the primary driver for the big security directive, and mentions all the industry awards he received during his government career. After his speech, many people who remember him come up and call him “Sir.” He looks forward to this annual trip to Florida.

Teresa the Technician
Teresa has a great technical mind. She also works for MegaTech Government Consulting. Once a contract is signed with those senior government executives, Teresa is often called upon to lead the project. She knows more about those government security regulations than the people who wrote them. She also knows how to implement the right technology and processes to satisfy the inspector general.

Sadly, her vast technical knowledge doesn’t come with similar communication skills. For her, there is only one way to implement security: her way. Her presentation has all the charm of a royal bailiff reading the Riot Act to a tavern full of sailors on shore leave. You know you are getting sound advice; you just may not like how it is delivered.

Crash the Warrior
Clayton “Crash” Craddock was a sergeant in the U.S. Army and is a veteran of the Persian Gulf War. He spent four months in rehabilitation at Ramstein Air Base in Germany after being awarded a Silver Star and a Purple Heart. He came home a hero. He’s as tough as nails and has nothing to prove.
For Crash, security is personal. His presentation certainly is colorful. He shares personal anecdotes of his wartime service and delivers the stories at a volume and timbre that obviate the need for amplification in all but the largest conference halls. Although his presence is captivating, children and the more sensitive attendees must be escorted from the room before he begins. Crash is not for the faint of heart.

Fred the Fearmonger
Fred is one of the older attendees. There are rumors he was the security chief for Pearl Harbor Naval Base throughout most of 1941. That may be stretching the truth a bit, but it doesn’t change the fact that Fred has been around for a long time. Fred now works for a security industry trade association as a spokesperson. He travels a lot and has thousands of PowerPoint slides.

Fred’s presentation is as predictable as a North Carolina sunrise. He is often an opening speaker because his job is to make sure we are all aware just how scary the threats are to our corporate well-being. His slides are replete with disasters, natural and manmade. They feature death and destruction. He makes sure you know these horrors will most likely be visited upon you and your organization in the near future. You have to hand it to Fred—he’s a passionate man.

Rhinestone Rita Rowley
Rita was a marketing and promotions executive who got tired of pitching perfume in New York and decided homeland security was the next big growth industry. She anointed herself a security expert and started showing up on CNN, MSNBC, and the national press as Ms. Security Soundbite. She is called Rhinestone Rita because she keeps her sleek, expensive cell phone in a rhinestone-studded case in her $5,000 Louis Vuitton handbag.

In the wake of the terrorist bombing of the London Underground, Rita was asked by newsman Chris Matthews whether such an attack could succeed on the DC Metro system. She first looked pensive, then stared into the camera and said, “Yes, Chris, the same thing could happen to us right here.” When he asked if we could stop an attack like this, she responded, “Perhaps if we knew who these terrorists were, when they’d attack, and what target they had selected, it would be possible to stop them.” Experts: where would we be without them?

Yes, Rita considers herself one of security’s best spokespeople. You’ll find her racing into the conference from the airport for her keynote speech, then grabbing her Tumi travel bag and racing back to the lobby to catch a taxi back to the airport. She will be in town for all of three hours. All that Florida sun isn’t good for her complexion.

I guess it’s time for me to go home, too. The lobby is full of whiny, tired kids and sunburned parents who are equally exhausted. It is time to use those valuable upgrade coupons to get in first class, put on the headphones, and enjoy the flight back to Washington, DC. I find myself wondering who was watching the place while all the security experts were gone.

John McCumber is a security and risk professional. He is the author of Assessing and Managing Security Risk in IT Systems: A Structured Methodology from Auerbach Publications. Mr. McCumber can be reached at [email protected].

About the Author

John McCumber

John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail [email protected].