Info Security Europe in London 2024 observations¶
And it is official: Info Security Europe 20241 has drawn to its close. Having attended with low expectations following the 2023 event, I was positively surprised by the quality of the event, vendor stands, and associated event Cyber 100 Club. I already look forward to the InfoSec Europe 2025!
I would like to mention the people I met during the show: Raj Samani, Robert Rodger, Justin Coker, Francesco, Alfonso Eusebio, Stephen Khan, Nick Thomas, Rob Demain, Clive Room, Christiaan Beek, Shakeeb Niazi, John Quinn
General observations¶
InfoSecurity Europe has moved from The Olympia to the ExCel venue in 2022. Personally, I preferred the Olympia venue as it has good character, is in the town, the layout of the venue is better for browsing. Somehow, the layout in ExCel gives the feeling of the show being smaller in size. But perhaps that is just me thinking it. What is your opinion? Comments welcome.
Young talent in cyber security¶
As I was browsing through the show I noticed a considerably larger percentage of young people. Maybe it is evidence of me getting older - that’s the fact - or the industry has been succeeding to attract more talent. In any case, my offer to the younger generation wanting to break through in cyber security: Connect with me on LinkedIn and send me a message explaining where you would like to be in 1–3 years in the cyber security industry.
AI ‘everywhere’¶
Twelve years ago, it was ‘The Cloud’. Now it’s Artificial Intelligence everywhere. I get that AI does have its use cases, especially as it’s excellent at spotting patterns, such as in the threat detection. However, the generative AI (the use of Large Language Models) is far from ‘intelligent’. I certainly don’t need the AI to recommend I put a glue into the cheese to stop it sliding off the pizza. 2 Indeed, relying on Artificial Unintelligence in your critical business decisions is dangerous. I do believe, however, that the generative AI (Gen AI) can be useful in creating summaries from the content it is given; if it’s carefully trained by experts. A great example was Qualys showing how the Gen AI generates a summary of risks, vulnerabilities and recommended actions for different types of stakeholders. I believe it is a great use case for the Gen AI. However, I would caution vendors not to overstate the gen AI capabilities and its accuracy. It’s better to be truthful and downplay the capabilities.
Vendors & Organisations¶
Companies I visited or talked to (listed in no particular order):
Security Phoenix¶
(disclaimer: I am an investor in this company)- their stand strategically positioned just next to the Innovation stage ensure good footfall. I admire what Francesco and his team achieved.
Island Technologies¶
The web browser is a new operating system. Almost anything we do today can be done in a web browser. In businesses, the security of the browser has typically been attempted by hardening, restrictions and patching. However, that does not go far enough. Enter Island Technologies (https://www.island.io) and their service “Secure browser”. I like the full control IT admins can have about screenshot restrictions, secure sharing, remote access to internal applications, and more.
Rapid 7¶
I attended a Threat intelligence update by Raj Samani and Christiaan Beek; I attended well run and delivered seminar on threat actors and their techniques. As always, Raj and Christiaan do not disappoint with their engaging delivery. Medium and large organisation should put Rapid7 services on their selection list.
Qualys¶
I have been working with Qualys since 2001. It was the first security company to deliver the services from the cloud. Qualys continues to excel in the vulnerability management space - which encompasses asset discovery, external posture assessment, secure configurations, cloud security. Qualys stand at the show was very busy, a good sign indeed.
YubiCo¶
The company that has pushed through the hardware security tokens for multifactor authentication is still at the top of their game. I learned that their token release 5.7 now supports up to 100 Passkeys, great improvement from the measly 25 in the Yubikey 5. That said, it is sad that the FIDO alliance dismissed Steve Gibson’s SQRL protocol. If they adopted it, there would be NO limit on the number of Passkeys a hardware token can secure.
WithSecure¶
After visiting this stand towards the end of the first day I was thinking ‘How could I have missed that memo!’. WithSecure is the old F-Secure and still featuring famous Mikko Hypponen. A great company to follow.
Cyber 100 Club event¶
The title is a bit misleading as I am sure I am not one of the top 100 cyber security professionals, yet I got in. However, this even, organised by excellent Pulse Conferences led by Clive Room, exceeded my expectations: loads of people attended having great discussions over drinks and food. Well done Clive.