Right Of Boom Security Conference 2023

Written By Adam Evans, CISSP

Recently, I had the opportunity to attend the Right Of Boom security conference down in Dallas. This conference is focused on the defensive operations that managed service providers should be taking in order to respond to the ever evolving threat landscape. I left this conference with a ton of ideas to increase the security posture for our clients, but also to be better prepared in the event of a security incident.

This conference started out with a pre-day hacking event, presented by some industry experts. In this hands on lab, we got to build out some detection capabilities before pivoting into network forensics and analysis. We ended the day creating malware in our virtual environment and analyzing the actions the malware took in the environment. This was so much fun, and it gave a rare opportunity for me to break out the hacker mindset.

All of the sessions were fantastic, but I do have some of my favorites.

I really enjoyed hearing John Hammond from Huntress discuss the remote access markets that threat actors utilize to compromise organizations. It was really neat to see how these actors operate at a technical level, and then understand the measures that defenders must take to reduce their attack surface.

Later in the day, we were presented with the opportunity to hear from Brandon Wells, Deputy Director of CISA talk about the role MSPs play in the supply chain and some of the risks out there for us. This was an excellent conversation and I’m really looking forward to seeing how the public/private relationship evolves with MSPs.

Lastly, we wrapped up the day hearing from Phyllis Lee from the Center for Internet Security speak about the CIS Critical Controls and the Community Defense Model. If you’ve been around me long enough to get me rambling about security posturing (which let’s be honest, it’s pretty easy to get me started on this topic) you’ve heard me mention the CIS Controls. It was incredible to hear directly from them about the value they have for organizations.

Of course, there were many other fantastic speakers and sessions at this conference. I could honestly spend ages writing about all of this, but the idea of proofreading all of that just sounds horrific. So I think it’s time I conclude. That said – here’s my biggest takeaways.

  1. The threat landscape continues to evolve, with more advanced and persistant threats to worry about. However, a well defined security posture (including risk management) can, and will, have tangible benefits to an organization.

  2. The security community, within the managed service provider industry, is especially strong. There were so many wonderful and brilliant people there all with the goal of protecting our companies and our clients. Together, we can make a major impact on the SMB market.

This has been one of my favorite events I’ve attended, and I cannot wait for next year. But for now, I’m glad to be home for a while so I can focus my efforts on the incrdible clients we serve.

See ya at MSPGeekCon in May!

Adam Evans, CISSP

About Adam Evans, CISSP

Adam is a seasoned cybersecurity professional with more than a decade of experience in the MSP industry. He started his career as a helpdesk engineer and worked his way up through various technical roles to specialize in cybersecurity – specifically GRC, security architecture, and defensive operations. 

Adam is passionate about sharing his expertise and insights with the next generation of security professionals. He believes that by working together and sharing knowledge, we can make the world a safer and more secure place for everyone.

Connect with Adam on LinkedIn: https://www.linkedin.com/in/grcadame/

Previous

Welcome Sarah!
Next

Zero Trust World Conference 2023