Bruno Kerouanton

I’ve been very busy travelling the last two weeks, I had promised to send some posts but as I had limited Internet access (and expensive too), I concentrated on the most important : text email reading. I’m now back home, so I can use 10mn (or more) for more futile tasks such as blogwriting

Since the last three weeks, I took the plane 3 times, drove 14 hours long (2 x 7 hours, that’s quite exhausting), took the train 5 times, worked with friends from USA, Spain, Italy, Denmark, Ireland, UK, Switzerland and obviously France…

Let’s start about what I did three weeks ago.

I had to come back to Paris to give my annual 5 day Security training lesson for the IPISO Master’s degree for Ecole des Mines and France Telecom, as usual since the last three years. The only problem I had is that because of Easter’s day I had to split in 4 days of theorical training and come back two weeks later for the final day of practical exercices. I promised my students a glossary and link references that I should post on the Blog, but I didn’t take the time to do it. I apologize and will do it as soon as possible.

The week following those training lessons, I went back to work and intensely focused on ISO 27000 series and other projects. Last week was really intense : I left my home to Paris, gave my final lessons for Ecole des Mines on monday, remotely worked on tuesday, left on the evening to Lille for the annual NetFocus seminar (NetFocus is a meeting for CSOs. More on this below or on my post last year about the 2006 event), back in Paris on thursday, I worked remotely during the morning, took my plane to London at 2PM (nearly missed it thanks to Air France unions that were on strike - as usual - but was lucky since the plane itself was 1 hour late so I left anyway), and worked intensely from saturday to monday may 1st (yes, I work on weekends and holidays !), then took a flight to Germany, visited the countryside and I’m back to work today.

A word about NetFocus 2007: Unlike previously, it took place in Lille instead of Paris. One of the reasons the organizers wanted this was to capture all the CSOs without a chance for them to escape during two days (we were in an isolated hotel near Marcq-en-Bareuil), so everybody would have the chance to meet and follow all talks and meetings. Basically quite interesting as usual, but since it was my 5th year, I was a bit used to all those speaches. The growth of the event (around 140 CSOs from large companies) makes it interesting to meet and see old folks, but it now reaches the critical mass that causes problems for working sessions, since when I started back in 2003 we were around 10 for a session, hence now we approach 25 participants around the table, that is becoming troublesome. But to conclude I was happy to be there, and I could rest a bit since exceptionally I didn’t speak this year. Most of the talks were concentrating on IT security normalization and conformance, from ISO 27000 and ITIL to risk management and other crisp-looking things (just kidding !). I’m quite interested since it’s a major project I’m involved too. If you too are being involed in ISO 27000 compliance, I would recommend you to assist the Club ISO 27001 led by Hervé Schauer and Eric Doyen.

The London event was my annual workshop for (ISC)2 CISSP item reviewing and writing. Last year was in Roma. The same participants, coming from different european countries, and representatives from the USA. Three days of intense concentration and working in english language (I love such events, the greatest way to practice my english), which I won’t detail since I signed an Non-Disclosure Agreement.

Now I’m back to work, and have many things to do since I wasn’t “productive” (at least for the organization who hires me) for nearly two weeks…

As for previous years I was supposed to speak for Eurosec, and was even listed in the speaker’s page, but I declined since the event’s organization was really messy (at least from my point of view) and they wanted me to speak on another topic I had initially submited. I am now boycotting NetFocus unless they organize themselves better. There are enough other quality events around

However, I’ll attend SSTIC as usual, this one is great. I was aware that all was booked within a few days last year, so when I received the notification bookings were open, I rushed into the website, grabbed my credit card and quickly paid online. Lucky I was : a couple of days later it was booked-out. The only thing that worried me is that Diamond’s website for online reservation described the 180.00 Euro event as being a “medium sized T-Shirt”. Not only expensive for a piece of clothing, but also quite difficult to explain to my accounting department ! Hopefully they then mailed me a normal invoice

Time to have lunch… and intense work since this post took me 30mn to write… meaning lost time : I hate this !

RESUME : 3 semaines vraiment chargées m’ont empêché d’écrire ici, mais j’ai bien apprécié mes différents déplacement à Lille (NetFocus 2007), Londres (ISC2) et ailleurs… Ben oui quoi, y’a pas que Sid qui a le droit de se promener, d’abord !!