Vancouver presented a solid week of world-class information security conferences and courses geared at developers and hackers between CanSacWest and BSides. I attended these events for work and personal interest and wanted to help everyone understand more about what security means, and means to them. I approached Sarah and Stefanie at Unbounce with the idea of collaborating on a Tech Security Talk (#techsec) event. We decided on an evening fireside chat with industry experts followed by a Q&A session that would be geared towards covering the implications of security issues ranging from bugs, to privacy laws and began reaching out to developer and business/startup focused groups.
Salesforce.com provided the venue and pizza, and Unbounce emceed the event and supplied the beer. The 110+ attendees included graphic artists, lawyers, legal and financial professionals, virus/threat researchers, software developers, and business development consultants.
Carl Schmidt, the CTO of Unbounce, opened the event with a conversation with Chris Evans, the head of security for Google Chrome, about Chrome web browser security. Chris answered questions about the Google bug bounty program and his advice to other companies who are thinking about implementing a similar program. He also talked about software security in general, internet-facing security, auto-updating, certificate pinning, and hiring from the bug-bounty program.
Salesforce.com’s Devanshu Patel discussed how human vulnerability affects security and illustrated how to influence more secure behavior using gamification and behavioral psychology. He talked about drawing employees in using games as intrinsic motivators to understand the importance of their role in keeping customers’ data private and safe. Devanshu demonstrated how salesforce.com makes employees partners in security efforts through awareness and training programs. He concluded with some takeaways for other companies interested in using these principles for their own awareness programs.
Jack Newton, CEO of Clio – a cloud Software-as-a-Service provider targeted at lawyers and legal professionals, talked about reliability and trust. He covered data escrow, data-locality requirements, and the importance of understanding the contract with your provider. He provided an example of how many service-level agreements guaranteeing reliability merely promise to refund payment pro-rated to the actual delivered service-level. A small refund may be little comfort if you haven’t been able to access your and your client’s data for days. He also talked about what customers need to do to fulfill due diligence requirements in the selection of service providers.
The speakers came together at the end for a group Q&A and fielded a wide range of audience questions. They stayed after the event ended, taking more questions and socializing.
Let’s continue the discussion: What other ways can companies reinforce the importance of security, internally and to their customers?