In case you missed it, HighGround.io CEO, Mark Lamb, planted his feet on foreign soil to participate in the Barcelona IOT and Cyber Security Congress at the end of January. Our industry is rife with events, whether it’s a full blown exhibition back with a vengeance post-Covid19, or an overwhelming schedule of webinars to sign up for but, more than likely, not attend. Determining the real value of traversing the country (or the continents) can and should be a strategic discussion, wherever your business sits in terms of maturity. Though it’s also hard to free ourselves completely from the idea that ‘we should be seen to be there’, and many organisations with a healthy expenses budget still follow this gut feeling, often coming out the other side feeling frazzled and with barely a lead to show for it.
Here’s how we got strategic about taking a couple of days ‘out’ to network and be seen – and you can trust us: cheap cervezas didn’t even enter our minds.
Justifying taking time out of the day-to-day takes serious consideration when you’re running a startup that’s just launched its product, even if it does mean jetting off to see the sunshine for 48 hours.
For Mark, there’s both a personal side and cyber security start-up side involved in grabbing another ticket to the next industry event. It’s absolutely critical that the excursion is going to be worthwhile from every perspective, because spending time away from family life always comes with a cost. Mark kept actual business costs to a minimum thanks to securing two speaker slots for the brand which meant a handful of free passes in return, and took a rigorous approach to planning in advance every last session he hoped to attend to contribute towards compensating for his absence in the office that week.
Thanks to his penchant for being organised and a hyper-efficient mindset, Mark came away with a renewed sense of what’s trending. You can’t beat getting out amongst the people for a healthy dose of inspiration after being head down in product development mode for a good couple of years. Crucially for HighGround.io, the topic of supply chain management and monitoring is just as huge as Mark always knew it should be…stay tuned for more on that one in the coming months. Allan Freidman, Senior Advisor and Strategist at CISA grabbed our attention with his session on the Critical importance of SBOM (undoubtedly one of the biggest problems since the Log4j vulnerability), meanwhile Pawan Sharma, Senior Engineering Manager, Maersk shared plenty of original perspectives on supply chain disruption in How Maersk is Driving Sustainability and Disrupting the Supply Chain Industry Using IoT
And yes, being in the speakers lounge paid off too. For Mark, that was the most useful piece of the programme and he’s come home with a long list of new contacts to follow up with. So, the consensus is to get more involved than simply being a delegate in whatever way you can to squeeze the most value out of this kind of thing. A huge thanks to Dasha Diaz and itrainsec, Hacking Village mastermind and influential female founder, for featuring us on the speaker programme.
To make the most of the investment, we bagged not one but two slots on the agenda in the Hacking Village. The concept behind this part of the expo aligned much more closely with our brand and our mission than simply attending an industry event.
“The Hacking Village was absolutely the right place for us to be as part of the event agenda.” Mark surmised. Our main target buyer is pretty technical, and was much more likely to be in the Hacking Village audience than some of the larger auditoriums where your CISOs were hanging out. The whole concept in this part of the exhibition is not only new to the Congress, but it’s been carefully and specifically designed to deliver a more interactive conference experience. The agenda was full of actionable content, stuff to learn, and even get hands on with and do. We met plenty of engineers in the crowd and were pleased to see groups of more than 50 stop by to listen in to HighGround.io talks. Next time (yes!) we’d love to share even more that people can really learn from and get practical with.
We did our research to make sure we’d maximise the time we had at the congress.
Large congress events are exhausting, and this one served as a valuable reminder that if you didn’t go in with a game plan, you’d come away with nothing. When was the last time you really headed off to a conference knowing the real reasons why you were going? Mark recognised fast that the whole event existed to be informative, and was much less commercialised and less product driven than perhaps he’d expected. For this reason, it wasn’t the time to indulge in a whole lot of competitor research, especially as the SME/mid-market also lacked much representation.
It was, however, the perfect complement to kicking off part of HighGround.io’s brand strategy focused on thought leadership. In just two days on site, Mark made his way around enough live talks (oh yeah, some recorded content would have been super useful!) to catch diverse and multi-faceted perspectives on supply chain that all measured up as positive reinforcement that HighGround.io solves a set of very real challenges. It was an eye-opener to the many opportunities outside our existing community to connect and collaborate with organisations and governments in a holistic effort to tackle the threats facing businesses today.
Never negotiate with criminals! Insights about ransomware tactics used with victims in the negotiations with Marc Rivero Lopez, Senior Security Researcher, Kaspersky, was one of the most attended sessions Mark dropped in on, and he waited around to have a chat with the speaker after. This talk demonstrated research into advanced threat actors, what they’re targeting, and how they work together in a chain to achieve their goals. It spoke directly to the ongoing challenge we face with the delay between malicious activity taking place, and becoming known. The faster you can process threat intelligence, the faster you can take action to stop bad actors, limit damage, and start remediation.
Sunshine aside, networking to expand your community usually delivers reward, and it beats a faceless LinkedIn request any day.
Cyber security is known as a particularly incestuous industry – though perhaps it’s just a whole bunch of silos in the community convincing us there’s nothing new beyond our social networks. For Mark, who’s prevalent in the UK and US cyber security communities, spending a few hours immersed in the European market definitely presented new perspectives and insights. The key for Mark is making sure each and every new connection is meaningful. In his experience, people who are superconnected often don’t really know who they’re connected to – Dunbar’s number certainly backs that one up. Upon departing the congress, Mark made a note to connect with more speakers in advance next time in the hope he’d be able to extract even more from the hours onsite to attend live talks.
ICYMI (in case you missed it)…
Who would win in a technology smackdown – the IT or Cyber department?
Mark Lamb, CEO, HighGround.io and Cristi Cornea, Lead Security Engineer, HighGround.io
The delicate balance of forging a vibrant new future through technology whilst doing it safely and securely creates friction in every business, and nowhere is this felt more than in the technology department…or is it the IT department? IT is forever tasked with forging ahead with improvements in business capability and efficiency. Cyber has the unenviable task of ensuring that organisations don’t fall foul to a cyber-attack or data breach. Tensions can run high, and in the heat of the moment, we can easily forget we are on the same side and fighting towards the same goal. The Solution? Join us in our friendly debate with battle-hardened IT Infrastructure and Offensive Cyber Security professionals who have, against all the odds, learned to understand one another, forged an incredible bond, and created something truly special that we can all learn from and use.
Bypassing Windows Defender using BadUSB
Cristi Cornea, Lead Security Engineer, HighGround.io
You (as an attacker/pen-tester) compromised a low-privileged user on one of the workstations of the victim organization. You noticed that the organization is using Windows Defender, with all the protections in place, but your task is to execute multiple scripts and enumeration tools to find a privilege escalation vector, but Windows Defender blocks all your attempts. To do that, you must find an evasion technique.
Congratulations, you now have some great tips for getting the most out of a conference while bootstrapping your company. Check out the app Mark was promoting, and see how you can manage your cybersecurity easily and affordably. If you’re an IT manager at an SME struggling with cybersecurity, this could be the solution you’ve been looking for. HighGround.io sign up, its free.