So this week is RSA, and I wanted to offer up some advice on how to engage. I’ve already posted my “BlackHat Best Practices/Survival kit.
First, if you want to ask great questions, pay attention. There are things more annoying than a question that was answered while the questioner was tweeting, but you still don’t want to be that person.
Second, if you want to ask a good question, ask a question that you think others will want to hear answered. If your question is narrow, go up to the speaker afterwards.
Now, there are some
generic best practice questions that I love to ask, and want to encourage you to ask.
- You claimed “X”, but didn’t explain why. Could you briefly cover your methodology and data for that claim?
- You said “X” is a best practice. Can you cover what practices you would cut to ensure there’s resources available to do “X”?
- You said “if you get breached, you’ll go out of business. Last year, 2600 companies announced data breaches. How many of them are out of business?”
- You said that “X” dramatically increased your organization’s security. Since we live in an era of ‘assume breach’, can I assume that your organization is now committed to publishing details of any breaches that happen despite X?
I’m sure there’s other good questions, please share your favorites, and I’ll try for a new post tomorrow.