SECtember 2021: Why I’ll Be There
Written by Larry Hughes, Principal Compliance Consultant, LJH Compliance Consulting
I first got involved in the Seattle information security scene in 1996. I was busy building a security consulting practice for a startup. It wasn’t long before I met this affable fellow named Jim Reavis, who had already established himself as a security consultant even in those early days of internet commerce. At first, I considered Jim a likely competitor and I was guarded in our early conversations. Jim, on the other hand, only ever viewed me as a welcome colleague. It wasn’t long before I considered him a friend.
I remember Jim saying sometime during 2008 that as of January 2, 2009, he was going all in on cloud security. I wasn’t exactly sure what he meant. I soon learned he was co-founding a non-profit called the Cloud Security Alliance with an ambitious agenda. I already knew Jim to be a big thinker, but I had no idea that CSA would flourish into what it is today: the world’s leading organization dedicated to raising awareness of cloud security best practices and an incubator for best practices.
Some impressive stats as of July 2021:
- 400 corporate members
- 100,000 individual followers of CSA's LinkedIn group
- 1,335 entries in the STAR registry
What is SECtember?
SECtember is going to be THE cloud security conference of the year. It’ll be held September 13-17, 2021, at the Meydenbauer Center in Bellevue, Washington. Mere blocks from local offices of AWS, Microsoft, Google, Facebook, SalesForce and others. Count on meeting some of the best cloud security minds in the world. Set your expectations high, and you'll learn even more than that.
The outstanding cast of speakers will include Christopher Krebs, former Director of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and security overseer of the 2020 US presidential election. If you’ve never witnessed Christopher speak, you’re as short changed as I have been. If I wasn’t participating, I’d attend SECtember for this reason alone.
In what is probably an administrative error, I’ve also been asked to present. I’m a die-hard fan of the CSA Consensus Assessment Initiative Questionnaire (CAIQ), a remarkable investigative tool for assessing the security posture of any CSP. The CAIQ (pronounced "cake") has more uses than you think. I’ll be talking about how I’ve used it for acquisition diligence.
How Do I Register?
Drop what you’re doing and visit the registration page.
Worried about justifying this to your employer? Grab this template justification letter. If you don’t think that’ll be enough, then reach out to me or any other CSA participant and we’ll do our best to help you build a persuasive case.
Will SECtember be Virtual, In Person, or Both?
It will be in person. Rest assured that CSA’s Duty of Care plan will ensure the health, safety and wellbeing of all event participants. You will be safe, comfortable, and benefit from measures that will ensure optimal health and sanitary conditions in all environments where in-person interaction takes place. Read CSA’s health and safety guidelines here.
Last But Not Least
Be aware that your participation in SECtember will do the world more good than helping to improve cloud security across the globe. CSA will be donating 5% of attendee proceeds to the fabulous Seattle Children’s Hospital.
SECTember – be there or be uninformed!
About the Author
Larry Hughes has been in the security industry for more than twenty years. His notable former roles include GRC Director at Equinix, the world’s largest interconnection company, and Head of Information Security at Amazon.com. He is currently the Principal at LJH Cybersecurity Compliance Consulting.