I was fortunate last week to attend the NERC, E-ISAC, and MRO co-hosted Grid Security Conference last week in Minneapolis Minnesota. This was the first time in my 22 year career where I was able to make it work with my schedule.
My primary initial reaction was “why have I not made this a priority before this year?”
The exhibit hall was filled with the right vendors and since I am vendor agnostic, it was great to hear the innovative ways each were solving unique challenges.
The classes were great and, in some way, a little overwhelming in the sense that I had to select the ones I could learn the most from. I truly wish I could have sat in on all of them. My recommendation if you plan to attend in the coming years is to bring a few folks from your team and spread the classes out, take notes and share what you learned amongst your team.
A few of the classes I attended were the Cyber Intelligence Team fundamentals. Neil the speaker was extremely knowledgeable on the topic and during an 8 hour course walked through how to select your first cyber intelligence team member, building the team, and creating daily reports in an easy to digest method for metrics/KPIs. I genuinely believe a proper enterprise Security group needs to have a solid cyber security team.
Another class I got great value from was the VISA method of Physical security threat assessment methodology, from some very seasoned security managers. This is just one really solid methodology to assessing threat and vulnerabilities and it aligns with a similar process we do in my organization.
Â
The General sessions were all great and the highlight of day one was from Sunny Wescott, a chief Meteorologist and Federal Emergency Response Official, where she successfully packed about 2 months of information into a one hour presentation on how 100 years of climate data is telling us how to anticipate and prepare for extreme weather patterns.
Â
All of this to say, if you have a small or large security group/team, there is something for everyone. Lots of great hall conversations and sharing of best industry practices on what is or isn’t working for them.