Passing up our security opportunity

Net Results: Security is easily one of the most interesting - and important - areas of computing

Net Results: Security is easily one of the most interesting - and important - areas of computing. It has such a broad catchment area, taking in everything from viruses to hackers, phishing to forensics, child internet safety to global terrorism, cryptography to social management. And, of course, politics and privacy, international and local concerns, desktops and global networks.

In fact so pervasive and encompassing is the whole remit of computing and security that it must be on the agenda of anyone who uses a computer for any reason.

Needless to say we have an extensive industry in Ireland established around computing security concerns - from major multinationals based here, such as Symantec, to the computer forensics divisions of consultancies like Deloitte, in-house IT departments and specialist firms like Espion.

Curiously, however, Irish participation at one of the more interesting international security conferences, held here annually, has always been very low. The event, on October 1st and 5th at Killashee House in Naas, is the Cosac Security Conference (www.cosac.net).

READ SOME MORE

It's been held in Ireland for 13 years now, and brings in some of the top international figures in the area of security - not the corporate headliners that some might see bandied about at other conferences, but the ones that security folks really respect. There's often a big difference.

But I'll come back to Cosac in a moment. First, I have to make a confession. Maybe I need to get out more, but I really love security conferences. The granddaddy of them all, and the largest, is the RSA Data Security Conference, a kind of Silicon Valley area hooley for the security geeks. Last time I attended, there were 10,000 people there, from punkish hackers to FBI agents.

I've been to most of the RSA events in the past decade - enough at any rate that, to my amazement, I got a little pin and an invite to a special lunch a few years back as part of the "founder's circle".

It was at this moment that I realised that I had, perhaps not to the benefit of my social life, crossed an invisible line; the line that separates normal people with normal interests from those like me, who could (and worse, would) laugh at algorithm jokes made during the famed annual RSA cryptographer's round table session.

All this is by way of explaining both that my chance attendance at an RSA event in 1996 is what really kick started a long-running fascination with writing about this area and that I know a good security conference when I attend one.

And Cosac is a really, really good one - due to the speaker line-up and to its compactness which allows for free discussion between presenters and audience. The fact that it isn't run by a corporation or a professional conference company, but by volunteers, all security insiders who get the best people, year after year is another compelling plus.

And I do mean free discussion. Not only is audience participation expected, but demanded. Speakers are quite honestly disappointed if they are not grilled from the floor. Good natured heckling - albeit at a pretty cerebral level much of the time - is actively encouraged.

In short, you won't see the normal conference stuffiness, or hackneyed and dull corporate presentations, at Cosac. Instead, there's real head-to-head chat within sessions, ample opportunity to engage with speakers, some interesting arguments, plenty of encouragement even for a wannabe like me and very little formality (I'm told whatever formality remains goes out the door the night of their big dinner anyway, but attendees say what goes on tour, stays on tour).

Cosac's chairman, David Lynas, doesn't actually need more Irish attendees - the conference tends to sell out - but he sure would like to see more Irish participation and involvement from individuals, companies and professional organisations.

"Every year Cosac receives enquiries from across the Irish professional spectrum. Organisations such as Irish Information Security Forum, Information Systems Security Association and the Information Systems Audit and Control Association regularly make contact and their members are offered discounted attendance. Unfortunately the statements of support are not reflected in participant numbers from within Ireland," he told me.

"My experience is that these professionals desperately do want to participate but it seems that they are not permitted to do so. Whether it is a question of budget or release time from duties at the office, I cannot be sure."

Lynas, a global security expert based in Moira, Co Down, says he's also had numerous requests to move the event elsewhere, with offers of practical support and financial assistance from professional bodies and governments in places like Britain, Australia and Singapore, but nothing from Ireland - though he says he wants to keep the event here.

"I have always believed that despite the lack of numbers from home, there is a combination of work ethic and warmth of hospitality here that is perfectly suited to an event that actively encourages 24 hour a day participation rather than the usual 'listen to a speech and go home' approach."

The event this year, as last year, is sponsored primarily by - guess - the British Computer Society, plus some other British and Australian companies. Which is all very nice, but surely, it's time to see some active Irish support for such a high calibre international event?

This is the type of annual technology conference that should be high on the radar of IDA Ireland and Enterprise Ireland, the Irish Software Association and Irish Computer Society - and any company seriously interested in security issues.

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology