Rocky Mountain Information Security Conference (RMISC)

I recently attended the Rocky Mountain Information Security Conference (RMISC), a rather impressive and unique gathering that prompted several relevant notions.

First, about the conference. Looking around the room, I saw about 1000 attendees. This conference is in its 10th year, and started by the Denver chapters of two Information Security conferences: the Information Systems Audit and Control Association (ISACA), and the Information Systems Security Association (ISSA). While it may have started small, there is nothing small about two local chapters holding a conference of about 1000 attendees.

What brings so many attendees to a conference held by local chapters? It seems there are at least two drivers: a large community of practitioners in security in the area, and a strong program. While the greater Denver area has a lot of companies and professionals working in Information Security, the profession is a critical contributor on many hot topics in engineering and society. Further, this conference brought some important names in InfoSec to the keynotes: John McAfee, Gene Spafford, Dave Cullinane, and Chris Wysopal. The technical content was sound as well, with four sessions in eight tracks, so 32 separate presentations by researchers and practitioners, ranging from use case experiences to emerging concerns in InfoSec.

But there were several points of note that struck me while attending this conference.

  • Reliability and InfoSec are more than kindred spirits: the reliability community should have been at the forefront of InfoSec, and should have driven its progression, but it’s not too late to help. I say this because so much of what was discussed at this conference, by the keynote presenters and the contributed presentations alike, were almost the same thoughts I saw being discussed a few decades ago in reliability. And many of the techniques used to mitigate InfoSec issues are adopted from the same tools born out of the reliability community. We’ve seen this happen time and time again, of course. The general skills of reliability are adopted by a context and profession that needs these skills, and adopts them to their own. Unfortunately, the reliability experts aren’t always coming along to help speed the development and share the knowledge. I witnessed a large room of practitioners discuss ways to capture risk sources in a risk assessment framework that was no different than an FMECA. But the discussion was about the mechanics of what works, and an experienced reliability engineer could have provided the answer before the question even came up, well before the first attempt to capture risk in an InfoSec context.
  • When corporations truly need a skill set, and see clearly the value contributed to their business by that skill set, they hire a skill set in large enough numbers to support a community. Denver and InfoSec is a clear example. How did that happen? Where was the tipping point? And how can the reliability community learn from it, or from our own examples? While members of the IEEE Reliability Society may clearly see that reliability is the mechanism for developing research into marketable products, and generally engineering better, it is rare to see any local community with a large number of researchers or professionals who see themselves as working in reliability. There is a disconnect somewhere.
  • Local chapters can do big things, like hold a quality conference with 1000 attendees. It takes a strong community to do that, with corporate sponsors, and relevant program content. But it can be done, and done well. RMISC is a great example of that. Knowing what is possible, how do we help our local chapters take steps toward that level of growth?

One idea seems to be common among these points: partnerships. As we recognize the market for our capabilities is broad, and interdisciplinary, we can spread value more widely, and grow in very important ways. I would like to find ways for the Society to do more outreach to other disciplines, and support local chapters expand their horizons as well. By finding opportunities to add value outside our immediate disciplines, we spread knowledge, add value, and grow the community. While it can be done at all levels of interaction, it has to be done locally.

About Rupe

Dr. Jason Rupe wants to make the world more reliable, even though he likes to break things. He received his BS (1989), and MS (1991) degrees in Industrial Engineering from Iowa State University; and his Ph.D. (1995) from Texas A&M University. He worked on research contracts at Iowa State University for CECOM on the Command & Control Communication and Information Network Analysis Tool, and conducted research on large scale systems and network modeling for Reliability, Availability, Maintainability, and Survivability (RAMS) at Texas A&M University. He has taught quality and reliability at these universities, published several papers in respected technical journals, reviewed books, and refereed publications and conference proceedings. He is a Senior Member of IEEE and of IIE. He has served as Associate Editor for IEEE Transactions on Reliability, and currently works as its Managing Editor. He has served as Vice-Chair'n for RAMS, on the program committee for DRCN, and on the committees of several other reliability conferences because free labor is always welcome. He has also served on the advisory board for IIE Solutions magazine, as an officer for IIE Quality and Reliability division, and various local chapter positions for IEEE and IIE. Jason has worked at USWEST Advanced Technologies, and has held various titles at Qwest Communications Intl., Inc, most recently as Director of the Technology Modeling Team, Qwest's Network Modeling and Operations Research group for the CTO. He has always been those companies' reliability lead. Occasionally, he can be found teaching as an Adjunct Professor at Metro State College of Denver. Jason is the Director of Operational Modeling (DOM) at Polar Star Consulting where he helps government and private industry to plan and build highly performing and reliable networks and services. He holds two patents. If you read this far, congratulations for making it to the end!
This entry was posted in Engineering Consulting, IT and Telecommunications, ORMS, RAMS - all the -ilities and tagged , , , , , , , , , , . Bookmark the permalink.

Comments are closed.