Notes on the GrrCON Information Security Conference

Thursday, September 22, 2011

Jim Palazzolo


First, I'd like to thank Jaime and Christopher Payne for putting on a great convention.  So, GrrCON was great, but what is GrrCON? 

GrrCON is a Midwest Information Security and Hacking conference.  It was specifically held in the city of Grand Rapids.  There were guest speakers, as well as, various vendors such as ArcSight and Q1 Labs were in attendance at the conference. 

It ran from early morning to early evening, with speakers stacked every hour or so in two large conference halls; and, there was free beer!

While not browsing the vendor booths I had the chance to listen in on two of the guest speakers that attended that day.  The first speaker was Rob Rachwald of Imperva.  Although most industry professionals know that SQL injection is still a viable means of attack, what was interesting was the fact that more of these attacks are becoming automated. 

I had often wondered about the development of a "Master-Slave" system, and a remote capability to control multiple attacks from various central servers.  Rob basically put that one to rest for me.  It was also interesting to hear how there are actually individuals who are infiltrating black hat forums to delve for counter intelligence. 

The second speaker I sat in on was Johnathan Norman from Alert Logic.  Johnathan's presentation basically was an informative look at the "experts" in the Information Security field.  Mr. Norman basically laid out that not all CIO / CISO tier individuals can be classified as "experts". 

From a student perspective this was very interesting from the point of view that most times I do consider such individuals within the industry to be experts; and, never taking the time to see if those that are speaking about certain topics also have products for sale on the market as solutions to issues in Information Security.  Hint: self promoting over expert.

However, what really impressed me the most was the diverse pool of individuals at the conference.  It was not uncommon to see someone sporting a purple mohawk, or pin stripe suit. 

The goal of the conference was dissemination of information and giving individuals the ability to network face-to-face with others in the same field. 

Long gone are my days of long hair, bandanas, biker rings, and combat boots; but, I can tell you that years ago I would have never set foot into an IT convention sporting such attire.  It was refreshing to see individuals that were solely concerned about the information and not particularly about the style of suit you're wearing. 

So in conclusion GrrCON was great!  Michigan has a huge pool of very intelligent and talented people interested in Information Security to pull from; but, very few places for individuals in Information Security to meet. 

The staff was fantastic, the location very nice, the information was spot on, the vendors interesting to speak with, and the people who attended were fantastic.  I very much look forward to attending again next year. 

A full list of sponsors and speakers can be found at:

Possibly Related Articles:
Security Training
Information Security
Hacking Training Chief Information Officer Information Security Conferences GrrCON
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.