Reflections From SecTor 2024

Disclaimer: SecTor is now run by Informa Tech , which is my employer. I was able to attend the event with zero/minimal cost. That said, I've been attending SecTor well before being an employee and I am commenting below as a member of the local Toronto cybersecurity community.

Another Security Education Conference Toronto (SecTor) wraps up. 18th year!

The event continues to grow and evolve. It was so rewarding to run into many, many friends, old and new, and just touch base, catch up on industry news, and more. My observations on the event:

• The business hall was active! As I commented to someone on the floor, it felt very much like a (obviously scaled-down version) of Black Hat USA, in the context that key vendors were there and conversations were flowing. Kudos to all the sales and sales engineering professionals for maintaining the energy level and having great conversations. Of particular note about the expo floor, it was great to see that the local cybersecurity organizations have been moved to the show floor, allowing for much better interactions. The community lounge was also a nice addition, as was the direct linkage between show floor and meals area. Oh, and Legos! :-)
• The pre-briefings summits (CISO, AI, and Cloud) are a nice addition over the past few years. I wish I could have cloned myself and attend all three at the same time. For me, I had the privilege of sharing some findings from Omdia 's research into security platforms in the CISO/Exec summit. Other phenomenal content from that summit (shared under the Chatham House rule) included really insightful looks into how to think about Generative AI (we can't not talk about it, right?), how security can work with engineering using software testing as common ground, and more.
• Both keynotes I attended were extremely informative: Leigh Honeywell opened our eyes to the challenges around elections, misinformation, and more, and for me the key takeaway from her talk is, other than remembering that we have a role to play, is the notion of 'trust anchors'. On Thursday, Omkhar Arasaratnam had us glued to our seats as he took us through the xz-utils incident, artfully navigating between high-level topics (the role of open source in modern society) and geeking out about kernels (ifunc optimizations and more!). He deeply understands the challenges around how we can support open source development, and it showed!
• Regarding the briefings, there were multiple tracks, that suit interests across Red, Blue, Purple, ... teams and more. I really enjoyed being able to watch content around career improvements ( A. Stryker was simply phenomenal as a speaker), AIBOM ( Helen Oakley and Larry Pesce ), and cyber insurance ( Danny Pehar ).

To me, SecTor is very much about community, and it was incredible to spend time with friends from TASK ( Max Cizauskas , Ali S. , Darlene Llewellyn-Konecny , Andy Konecny , and others, thanks all!) As I mentioned before, kudos to the conference for bringing those groups into the broader area.

Anything I'd change for next year? Honestly, nothing material comes to mind! I personally always struggle with the mobile app, but even that worked well enough. Hoping to see more vendors show up so we can efficiently chat about things on the floor. As an analyst, looking at demos in the areas I'm interested in (SASE, cloud security, appsec, and others) are an effective use of my time.

What I want to leave with is that we're all working hard to deliver the value that's expected of us, regardless of your role in this industry, at the same time that we all (should) try to upskill, all the while building our professional networks along the way. SecTor was a really, really nice opportunity to work on these topics, and I look forward to next year's event!