Quick ISSA-Be Meeting Wrap-Up

Quick wrap-up about the last ISSA-Be chapter meeting… Wim Remes (@wimremes) was on stage to speak about visualization and his project to join the (ISC)² board.

In our world (information security), we collect a lot of (technical) data. How to present them in an efficient way to manager or non-techies? Wim’s talk title is “In the land of the blind, the squinter rules“. Wim does not present himself as a security visualization guru but tries to display information in a more efficient way. Some goods quote from his presentation: “When two worlds collide!” or the one of Edward Tufte: “Data can be beautiful, data should be beautiful“. I already saw Wim’s presentation in BlackHat Europe but he added more examples and changed lot of slides.

Do you know what represents the number “73”? This is the amount of slide types available in Microsoft Excel 2010! Some facts from the presentation:

• Sometimes text is enough! Example to represent statistics about passwords length (using a mix of different font sizes)
• Take care of your colors. Some color blind people might have difficulties to interpret them
• The best visualization tool is the one you can choose to represent your data! If you’re not satisfied with the graphics generated by your solution, grab raw data and build your own dashboard.
• Some visualization looks like “Sponsored by Crayola” 🙂
• Sometimes legends are not required
• Position of key elements is critical on your dashboard (top-left or center for most important stuff and top-right for less interesting information)

Second part of the event was again focused on Wim, but now with his “future (ISC)² board member” cap! An open-discussion started about the upcoming election of the new (ISC)² board. Wim successfully passed the first phase and is hoping to get enough votes to be elected in November. Everything started with a reflexion about the value of the CISSP certification. Once you got your CISSP certification, you have to pay your AMF (“Annual Maintenance Fee“) but what can you expect in return? Today, almost anybody who attend a bootcamp or read books can pass the certification. “Why not imagine a CISSP+ if you submit white papers and some material?” said Wim. What did drive Wim?

• “at least I tried”
• Where are going my AMF? What’s the real value of the cert? (certification, content, process)
• Need for more internationalization of the organization
• More knowledge transfer between members
• Crossing the board between countries and different security point of views
• Transparency: is the income = outcome?

More information about Wim’s project at (ISC)² is available here.

Some news about the ISSA-Be chapter upcoming events:

• CERT
• SCADA security
• Mobile device security
• (Safely) Rolling out IPv6
• Solving the Hex-Factor
• Exploiting over DNS-tunnel

Follow them via their website.