I went to my first ever banking-focused infosec conference a few weeks ago (WBA's Secure-IT) and learned a ton.

I met some really great people and had many productive conversations around security. The main takeaways from the conference that I talk about in today's episode:

• Standing all day and talking about security is exhausting!

• You can thwart "swag whores" (sorry mom, but I learned that that's what they're called!) by pushing your merch table deep into the booth so it's touching the rear curtain. That way people have to go through your "people perimeter" and engage in conversation with you in order to be granted access to the swag!

• From the conversations I had with the staff at these small banks, they're definitely wanting to slurp up as much helpful info from the sessions as possible. Specifically, finding ways to better improve security posture using free/cheap tools is ideal!

• I attended a few sessions that got my blood boiling. The outline of these talks went something like this (slight exaggeration added, but not much):

  • Hackers are way smarter and more physically attractive than you, and they can get by all your defenses with ease
  • You're helpless, hopeless, and not physically attractive
  • Luckily we (Vendor X) are here and we offer our patented Super Solution Y that will thwart the APTs 100% of the time, no question, guaranteed

• People don't appreciate being talked down to, nor do they want to be shamed, blamed or scared into making security better.

More on today's episode...