Had an all around good time in Cleveland last week @ the (8th annual) Information Security Summit 2010. I had not previously attended this event, I was impressed. Good mix of speakers/topics and not too many vendors. I was grateful my employer allowed me to do the pre-conference training Mon/Tue/Wed.

Monday was a pretty good overview of 'next-gen' firewalls. Well, specifically Palo Alto Networks firewalls but they didn't push their product hard and the concepts behind application aware firewalls makes sense as a way to have better control of the things you want to allow vs. those you don't.

Tuesday/Wednesday was the highlight of the week for me, Intro to Malware Analysis taught by certifiable reverse engineer ninja Tyler Hudak. Tyler works for Richard Bejtlich at a little outfit known as General Electric. The course was very well thought out, great curriculum/flow and a good deal of hands-on with some of the current tools of the trade. Just enough to make me want to do more of this myself, while still realizing that it is an area of InfoSec where keeping skills sharp and moving to the next level is no small feat.

My favorite talk for the conference would have to be David Kennedy's Social Engineering Toolkit demo and evangelism soapbox. Mr. Kennedy created the SET and the demo struck fear in most of the people in the audience, me included. SET is no doubt an amazing tool, and David makes a strong case for SE becoming a standard part of pentesting.