What to expect from (ISC)2 Security Congress

When thinking about the end of October, most people's minds turn to a light-hearted dose of fear topped off with an unreasonable amount of sweets. But, preceding the pumpkins, face paint and the inevitable sugar crashes, I've signed up for three days of talks on the real threats out there at the annual (ISC)2 Security Congress, held this year at Disney World Florida.

While I'm not expecting to learn much from Donald and Mickey (although I absolutely will track them down for a selfie), with more than 175 sessions on the cards I'm banking on hearing some interesting talks.

Opening the proceedings is Captain "Sully" Sullenberger, the American aviator best known for "the miracle on the Hudson" when he safely crash-landed a plane on the Hudson River after an engine failure in 2009 , saving the lives of all 155 passengers. What he can tell me about cyber security remains a mystery, but it's quite a headline act, nonetheless.

What I'm excited to get my teeth stuck into are the thought leadership sessions, in which I'm hoping to learn more about the challenges facing cyber security professionals and what tomorrow's cyber attacks might look like. For example, one session on the opening day, shortly after Sully's keynote, is focused on how security teams should be implementing honeypots and machine learning to automate the search for attacks.

One aspect of the topic-rich show I'm especially looking forward to is the focus on human factors and how attackers can exploit behaviours of businesses and their employees. One talk I'm eager to catch is based on how security awareness professionals can learn from the behavioural principles used to explain Fortnite's supremacy in the gaming sector and build enterprise-ready awareness programs based on these.

Elsewhere, the security of Internet of Things (IoT) devices seems to still be a hot topic, there are so many talks about securing endpoints and smart devices. Smatterings of 5G and all-things Industry 4.0 naturally follow suit but there are also sessions for those interested in cloud, cyber crime, legislation and many more.

Away from the seriousness, there's also some grown-up playtime too. (ISC)2 has put on some cyber security-themed escape rooms for attendees to test their infosec mettle. With two different scenarios on offer, I'll certainly try to find the time to give my problem-solving skills a workout while the other, more adept attendees take part in Panoply a risk-free red/blue team exercise.

Fun and games aside, you can think of (ISC)2 as the grown-up version of Black Hat; an industry-leading event that always attracts top speakers and fascinating talks just without all the attendees trying to hack each others' FitBits. The congress is definitely a must-attend for cyber security professionals and even more so for budding infosec specialists. For those of you who can't make it this year, though, be sure to check back regularly for all the news and insights I can bring you from the show.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.