Insights from ISACA ConferenceTakeaways from the Two-Day Mumbai Chapter Conference
I recently had the opportunity to host the ISACA Mumbai chapter's two-day conference, held between August 1-2 at the Westin Hotel Mumbai. I was asked to anchor the event by ISACA and was delighted to do so, having performed the task once before in 2013 - an enjoyable experience.
See Also: Passwords Alone Aren't Enough
The conference is in its 19th edition this year. ISACA events usually have good attendance, given most attendees are members. ISACA's total strength in India is around 6,000, and the Mumbai chapter is one of the largest. The conference held by the Mumbai chapter is something of a tradition and finds people travelling distances to attend - from as far afield as Kerala.
That people are willing to stay all day on a Saturday and a Sunday speaks volumes for the regard in which this conference is held by its audience.
Between 150 and 200 people were in attendance, and sessions ran to packed rooms, despite that it was a weekend. That people are willing to stay all day on a Saturday and a Sunday speaks volumes for the regard in which this conference is held by its audience.
Satish Pillai, CEO of CIBIL, was the chief guest at the event and brought the management outlook on the importance of security to business. He spoke to the importance of trust in an information-centric world. Pillai elaborated on the pivotal role security and assurance play in his business and likened it to similar views of security in the larger financial domain. An eloquent speaker, his message was well received, setting a positive tone for the conference.
Each year, the organizing committee of elected ISACA leadership from the chapter puts this conference together with the help of volunteer members around a certain theme. This year the theme was the internet of things. The conference grid was designed around this theme with sponsor/partner sessions interspersed with knowledge sessions presented by experts.
Other themes discussed include cloud security, privacy and advanced threats, with some variations. Returning from RSA Conference Asia Pacific & Japan several days back - supposedly one of the largest security conferences in the region - I find it encouraging that conferences such as these are holding their own, when it comes to discussing the cutting edge security topics. While the session titles may have been broad and unimaginative sometimes, the sessions themselves were packed with insight, figures and takeaways.
However, I would venture, judging by their level of response, the audience awareness on some of these issues still leaves much to be desired, given the realities of the current threat environment. That said, understanding of the Indian complexities, regulations and ground realities are knowledge that is hard won, and without equal in most other Indian security conferences - not that we have many of those left.
The highlight of day one to me was the panel discussion on the risks from the Internet of things. Moderated by Sunder Krishnan, CRO of Reliance Capital, the panel saw security stalwarts such as Sameer Ratolikar, CISO HDFC Bank, and Madhavan Kandadai, CTO IndusInd Bank, among others.
It was interesting to see some of the panelists thinking outside the box on issues and really taking a futuristic look at what IoT might mean to India. In this regard, I enjoyed Madhavan's pragmatic comments the best. Why allow IoT and BYOD asked a lady in the audience to which Madhavan replied, why not?
Audience interaction was lively, and people remarked on various concerns from IoT, including data ownership, the IoT patching challenge and the expanding attack surface. Honestly, if it weren't for an intervention in the interest of time, I would have let that discussion go on for an hour more.
Cyberlaw expert Pavan Duggal had a spectacular session on day two which was mixture of anecdotes and a tour-de-force through Indian jurisprudence in the cyber domain. The talk was an audience favourite and one of mine too, in which Duggal succinctly analysed the need for change in the cyber legal space in India. A suave speaker, Duggal had a clear message: compliance. Complete compliance to the IT Act will absolve you of legal liability in cyber issues, he advised the audience. [Hear Pavan Duggal's interview on Why India's Cyberlaw Must Rapidly Evolve]
Sameer Joshi's session on data leakage and privacy of customer data was also a crowd favourite, packed with anecdotes and hands-on experience of real-world issues in India. SV Sunder Krishnan's closing session on aligning information security management to enterprise risk management elicited a lot of interest from the audience, where Krishnan presented a very mature model to achieve this goal. I hope to interview Krishnan on this model soon.
Nanda Kumar Shenoy's famous ISACA Mumbai Chapter quiz was an essential highlight, without mention of which, no description of the Mumbai Chapter conference would be complete. Quite an organized affair, with buzzers, teams, rounds, elimination, prizes, the activity helped the audience break the tedium of the typical conference. A great initiative that I hope continues.
Vote Of Thanks
It was a great chance to meet with many a professional acquaintance and make new friends. I find it interesting that so many of the security practitioners in India are from an IS audit background - most hold CISA certifications. But I think that may change with ISACA's new CSX program, which is its first program focused on cyber security. [More details see interview with ISACA CEO Matt Loeb: Why an InfoSec Pro is Like a Doctor]
I thank the ISACA Mumbai Chapter leadership for giving me this opportunity. It was an honour to play host to this large gathering of professionals and share some of my insights. I enjoyed the experience and found on more than one occasion that I came away with startling insights from my conversations with attendees and speakers.
Definitely something I would like to look forward to next year! Share some of your experiences and feedback with us below.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.