#SecChat Antivirus
Emerging Trends in Healthcare Security: Join @McAfeeBusiness For #SecChat Thursday 2/23
Healthcare demands a degree of confidentiality and privacy that exceeds almost any other industry. As a result, trends such as cloud computing and the consumerization of IT have unique implications for security professionals working in this sphere. With increased integration of electronic records, as well as evolving regulatory pressures and privacy laws, the complexity of managing these systems has grown significantly – underlining the urgency of addressing security risks.
During this month’s #SecChat, we hope to open up a discussion that will provide insight into how healthcare organizations effectively monitor networks, optimize incident response, and assess and mitigate the risk of a security incidents including breaches – particularly in the wake of emerging trends in IT.
Is the healthcare industry ready for cloud adoption? Or is a reluctance to migrate to the cloud justified, given both information security and HIPAA compliance concerns? What are some of the security and compliance implications of growing tablet use among clinicians, and how has your organization reacted to having so much sensitive information outside of the traditional IT infrastructure? Has social media use among healthcare professionals sparked any security issues at your org, and what kind of policies have been set in place to mitigate this risk?
Join us next Thursday, 2/23 at 10am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed, and share your opinion on emerging trends in healthcare security – from cloud adoption and mobile applications, to social media, incident response and more.
Logistics: How do I participate in #SecChat?
- Find
- Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream.
- Follow
- @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
- Engage!
- Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
- #SecChat should last about an hour.
6 Trends for 2012: @McAfeeBusiness January #SecChat Recap
With the McAfee Labs’ 2012 predictions report as a guide, we started off this month’s #SecChat by crowdsourcing the question to our participants: what did the security community believe would be the most influential threats of 2012? We received a wide variety of speculations and well thought-out arguments, and we’ve collected what we hope is an accurate representation of the most buzzed-about topics of the hour:
1. Mobile & BYOD
Similar to what we reported in the McAfee whitepaper, many of you predicted that mobile threats would remain one of the most prominent vectors through 2012. But while nearly all of our 2011 sightings were concentrated on the Android platform, @rpermeh, @msarrel and others predicted that we are also due to see an increase in malware for iOS devices. In light of these increasing mobile threats, this presents a challenge for enterprises that have embraced BYOD policies. @hrbrmstr noted that organizations will struggle with increased demand for BYOD, but will continue to lack effective means to control and monitor the practice. @ChetWisniewski predicted that the mobile market would start to specialize, as did the market for desktop exploitations. While today’s attacks are for the most part opportunistic and interested in a quick monetary payoff, exploits will continue to evolve throughout 2012 to a focus on data theft.
2. Hacktivism
The threat of hacktivism is a particularly interesting case, because while most of our followers agreed that hacktivism would continue through 2012, many did not think that that it would necessarily increase in real-world influence. @jenatsafenet noted that “hackers love free publicity,” citing that hacktivist exploits often get much more buzz if they are timely – around holidays, elections, etc – influencing the time and type of attacks. @KPHaley in particular believes that the hacktivist threat will increase around this year’s election. Still, @FSLabsAdvisor predicts that some of the “fame-seeking” segments of hacktivist groups will burn out in 2012, causing a subsequent drop in media coverage which could affect how the world views them as a threat.
3. Social Engineering
As @chort0 pointed out, “social engineering is the only true multi-platform tool in the tech world”. As a result, no matter what #SecChat topic we choose, social engineering always seems to make an appearance by the end. Many of our participants voiced some of the best practices advice we discussed during our December chat on security awareness. @ChetWisniewski noted that we must partner with users, provide tools and education with practical advice, and remember that IT only becomes ‘the enemy’ when we act like dictators. @chort0 advised showing employees examples of real-world attacks, to encourage them to modify behavior.
4. Critical Infrastructure
As we moved on in our conversation, critical infrastructure stepped into the spotlight; a threat the McAfee Labs also predicted would be influential in the coming year. While @sam0910 agreed that critical infrastructure is more at risk than ever before, @ChetWisniewski asserted that those systems are no more vulnerable than anything else – the attacks just get more press, because there is a larger real-world impact when facilities are breached. @chort0 and @Shpantzer added that most hacktivists lack the skill and motivation for kinetic damage, and that nation-states could be influenced by the deterrent of MAD. Nevertheless, @KPHaley believes that infrastructure providers should be looking at exploits like Stuxnet and Duqu as a warning, and take steps that will allow them to mitigate the threat of attack. @rpermeh agreed, saying that these are particularly good targets for nation-state actors and hacktivists, as they provide a bridge from the cyber to the real world.
5. Cloud
We’ve heard time and time again that for many organizations, 2012 is set to become the “year of the cloud”. @KPHaley and @ChetWisniewski addressed the security implications of this New Year’s resolution, predicting that many companies will migrate to the cloud and only afterwards worry about data security. @ChetWisniewski in particular noted that very few organizations have a “cloud data” policy, and awareness is very low among end-users. There is a great need to provide contextual warnings, as well as an easy and secure means to share files and data. Many of our participants mentioned the problem orgs are now facing with systems like Dropbox, and the need to create something that will work well in place of it.
6. Showing how security is material to the business
To wrap up with a thought we think is important to bring home, one of the most poignant topics in our discussion was the importance of effective communication between IT/security and the business. As @securelexicon pointed out, the inability of information security professionals to communicate risk in business terms could be one of the biggest threats of all. It’s time to form alliances with executives beyond the IT bubble, work to understand their culture, and learn how to explain to a board how a more secure company is a more profitable company. @msarrel gave a particularly interesting tidbit of advice – he likes to show C-level executives material evidence showing how news of a data breach can directly correlate to a drop in stock price. Whatever method you choose, it is crucial that security advocates learn to speak the language of business if any of the above threats are going to be fully addressed going into 2012.
Thanks again to everyone who contributed to this month’s discussion. We are always so impressed by the breadth of knowledge shared, and the many professionals who take time out each month to share their experience with our community. For those of you who haven’t yet joined a #SecChat discussion, look out for our next topic announcement here in the blog and on Twitter at @McAfeeBusiness. We always enjoy welcoming new faces and opinions to the table, as well as suggestions for future discussion topics.
Join @McAfeeBusiness for #SecChat this Thursday 1/19: Share Your 2012 Threat Predictions
Last month, McAfee Labs released its 2012 threat predictions report, taking its annual stab at predicting the course of our industry in the coming year. The McAfee researchers foresaw several new scenarios and significant evolutions in some of the most established threat vectors, including industrial threats, embedded hardware, hacktivism, virtual currency systems and more.
During this month’s #SecChat, we want to hear from you, the greater security community, to find out what you think will be the most pervasive threats of 2012.
Do you agree that top threats will emerge from industrial vulnerabilities, mobile attacks, or cyberwarfare? Why? Are there scenarios that you don’t expect to materialize in the coming year? Given your predictions, how would you advise businesses to prepare for what 2012 has in store?
Join us next Thursday, 1/19 at 11am PT, by following the #SecChat hashtag and @McAfeeBusiness Twitter feed to share your opinion and discuss how emerging threats will affect information security trends in the coming year.
Logistics: How do I participate in #SecChat?
1. Find
- Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream.
2. Follow
- @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
3. Engage!
- Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
- #SecChat should last about an hour.
December #SecChat Recap: Building an Effective Enterprise Security Awareness Program
As all IT professionals are painfully aware, it is impossible to ignore the role of people in an organization’s information security program. Information security, like everything else, is at its core a human enterprise influenced by factors that impact the individual. During our December #SecChat, we set out to address this topic with our followers, looking to gain insight from the community and learn more about what it takes to design and implement an effective security awareness program.
We began our conversation by asking what kind of security awareness programs participants had seen implemented, and what they believed made those initiatives more or less successful. A few of the main points that many of our followers brought up revolved around the importance of thinking outside the “yearly compliance video” box – making sure security awareness education is ongoing, relevant and fun.
First, @jadedsecurity reminded us that one big problem in many organizations is that security awareness is seen as a one-off thing – there is no reinforcement. And not only is there no reinforcement or ongoing education from the IT side, all too often there is no collaboration between IT and the rest of the business. As @BrianContos brought up, it is imperative that orgs include non-IT/security employees in the crafting of policies and awareness programs in order to set the foundations for strong governance. @hrbrmstr suggested developing a quarterly plan at the beginning of the year designed to pace in-depth messaging with smaller, more frequent bits. Again, this always requires collaboration between departments to make sure that IT messages do not overlap or conflict with any standard, all-hands business messaging.
The next big point of our conversation was that organizations need to do a better job at helping employees see the relevance of cybersecurity to their everyday lives – answering the question, “What’s in it for me?” Many of our participants cited this as one of the most critical angles of a security education program. As @lewisnic explained, you need to hook users and get them interested in the topic by explaining how they can affect their personal security (like online banking, phone, etc.) and then translate that to how it applies to the business. @msarrel brought up that a couple of ways to make enterprise security more “real” to users is to give concrete examples and demonstrations of what you have seen in your environment, or to tie in big-news events with internal analysis and personal advice.
Finally, nearly all of our participants agreed that one of the top priorities in any security awareness program should be to make the content engaging, interactive and fun. @grap3_ap3 suggested holding contests to encourage positive behavior, and rewarding employees who bring security issues to light. In an effort to make learning more engaging, @hrbrmstr’s organization actually created Flash games for topics like data classification, and hosts their policy and standards education class as a game of Jeopardy (winners are rewarded with a gift card). One of @djbphaedrus’ clients identified 5 new legitimate security issues with this gamification approach, “employees were thrilled, and awareness increased.” @451wendy also touched upon the importance of reinforcement through reward – public praise, compliments to the employee’s supervisor, or of course, the ubiquitous power of food.
As we approached the end of our hour, we asked our contributors if they had any lasting words of wisdom for those looking to start an awareness program. There was one important message voiced by a number of our participants that I think is summed up best in the words of @grecs: “Getting people to “get it” is sorta like raising kids. Kids learn their lessons in different ways.” Organizations can’t be afraid of reaching out and trying different techniques that may not be familiar. In turn, don’t be afraid to change your approach as time goes on and to tailor your program to your org’s individual culture, personality, and evolving security needs. Above all, be enthusiastic, and remember that awareness is an ongoing process. As @451wendy pointed out, security awareness should be seen as an ongoing dialogue, not a one-time lecture.
Thanks to everyone who joined in and helped to make our December #SecChat such a success. Stay tuned here in the blog and on Twitter at @McAfeeBusiness for next month’s topic, as well as regular updates on McAfee news and events.
#SecChat next Thursday 12/8: The Holiday Threat Landscape
In early November, McAfee released its “Twelve Scams of Christmas”, a rundown of the 12 most dangerous online scams this holiday season. The list included mobile malware, malicious apps, and phony Facebook promotions and contests, among other threats. With so many vulnerabilities surrounding us, all it takes is just one weak link in the chain for an attacker to gain a foothold into your network. Too often, this weakest link is an employee – while your enterprise may be full to the brim with the latest security technologies, all of that money can be wasted when a naïve user ushers in an attacker through the back door.
Next week during our December #SecChat, we want to hear what you and your organization are doing to address this challenge, especially during the holiday season, when heightened web traffic becomes an alluring draw for cybercriminals. We’ll be examining the importance of security awareness from an enterprise perspective, and how it supports the fundamental goals of an organization’s information security program.
How have you helped employees to understand their role in your organization’s security strategy? What are some common obstacles you have encountered when implementing a program for security awareness? What are some of the key goals and aspects of your awareness program, and have these changed over time – especially with regards to evolving trends in the consumerization of IT, and cloud computing?
Join us next Thursday, 12/8 at 11am PT, by following the #SecChat hashtag and @McAfeeBusiness Twitter feed to share your thoughts and get constructive feedback as we discuss trends, challenges and solutions in building a comprehensive security awareness program.
Logistics: How do I participate in #SecChat?
1. Find
- Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream.
2. Follow
- @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
3. Engage!
- Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
- #SecChat should last about an hour.
Questions? Find us on Twitter at @McAfeeBusiness.
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
October #SecChat Recap: Physical & Virtual Security for the Next-Generation Data Center
Last week, we hosted our monthly Twitter #SecChat on data center security, focusing on questions of physical and virtual security in the face of a modern environment that is going through rapid transformation. While the industry is being driven by trends in virtualization, cloud computing and more, data centers are now not only called upon to store mission-critical data, but to also deliver the benefits of cost reduction and simplified management associated with virtualization.
We kicked off the conversation by asking about the top security challenges participants have faced in their data centers. For @jtyrus, the answer was balancing application availability and performance with security needs, while @sam0910’s top challenges were total data protection, and protection of ever-increasing back-ups.
Next, we went on to discuss the point at which security becomes a consideration in projects and initiatives in the data center, and @BrandenWilliams made the point that all too often, security is bolted on as an afterthought, rather than built in from the get-go. @sam0910 and @jsokoly seconded this, saying that security should be considered at design, but unfortunately, is almost always thrown in at the end of a project. I added that this is exactly why we need an integrated, holistic solution across the data center. @wireheadlance and @armorguy also chimed in, noting that this lack of consideration for security is a challenge we’ll face for years to come, and is especially true when it comes to apps.
From there, our participants went on to discuss the topic of both virtual and physical security challenges in the modern data center – the importance of managing security personnel and properly investing in an effective physical security infrastructure. @mckey noted that we have a long history with physical security, and thousands of mistakes to learn from in this area. Still, contributor @phyllisgardner made the point that companies seem to be taking security much more seriously than they were just 5 years ago – or even, according to @jtyrus, even 1 year ago. @BrandenWilliams agreed, but noted that while companies are taking security more seriously, the bad guys have become more serious as well. Hacking is a much bigger businesses now, with larger organizations of professional bad guys, not to mention legions of malicious amateur hackers.
And while some companies have indeed upped the ante when it comes to both physical and virtual security practices, @mckeay made the point that most are getting distracted when it comes to implementation. @sam0910 agreed, saying that just being “serious” about security doesn’t help – companies need to be proactive and open to new ideas if they are to meet the challenges of securing their data center. @armorguy sees this tendency to distraction as a challenge – we need to make businesses understand that information security is a value-add, not just a cost. Orgs need to realize that security breaches are in fact preventable to a certain degree, so long as they take the proper steps forward.
And if the companies are taking steps forward, @ShawnHooper brought up a key point – how important it is that orgs are going about security in the right way. To go along with this, @armorguy noted how types of security - virtual vs. physical – are often valued differently in different industries. In certain spaces, like healthcare, information security carries much more importance, while in others, like commercial airlines, physical security is the biggest concern. Nevertheless, no matter the industry, @jack_daniel argued that physical security often moves to the forefront of people’s minds – the focus is on having a strong defense on the perimeter, even while the inside is weak. Companies need to be able to truly understand where their priorities lie, and realize that even when a data center is virtual, the data itself is real – and just as (if not more) in need of protection.
To wrap up, @danielkennedy74 posted a rather amusing piece of advice on the topic of physical security – making sure to install proper mantraps:
(OK – so, perhaps not this type of mantrap)
Until next time, thanks to everyone on who participated in our October #SecChat, and stay tuned here in the blog and on Twitter at @McAfeeBusiness for our November #SecChat topic. To learn more about what McAfee is doing to optimize security in the next-generation data center, you can also visit our Data Center Solutions page.
Join Us for #SecChat Thursday on McAfee and Intel DeepSAFE Technology
This month at Intel’s Developer Forum in San Francisco, McAfee unveiled DeepSAFE with Intel, a new security technology that sits beyond the operating system, close to the silicon, and allows for a unique vantage point in the computing stack to better protect systems.
During our next #SecChat this Thursday, we’re opening up the discussion around DeepSAFE to the larger security community, and want to hear your feedback to the announcement. I’ll be joining the chat alongside a few other representatives from McAfee to hear your thoughts on DeepSAFE.
What questions do you want answered as DeepSAFE evolves, and we cover the technology more in our blogs and tweets? How do you think silicon-level technology will impact the greater security industry? Where do you see the benefits or pitfalls in this type of technology, and what could it mean to the enterprise? How do you see McAfee and Intel moving forward together?
Join the conversation this Thursday at 11am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed, and share your input on how and DeepSAFE could impact your organization’s security program.
Logistics: How do I participate in #SecChat?
1. Find
- Create a search for the #SecChat hashtag to watch and participate in the real-time stream – we’ve found the easiest tool to do this is TweetChat, but other Twitter clients like TweetDeck work well too.
2. Follow
- @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
3. Engage!
- Tweet your reactions, questions and @reply to other chat participants.
4. Our One Rule: Use the #SecChat hashtag!
- Tag all your tweets with #SecChat so everyone can see your thoughts/comments during the chat. #SecChat should last about an hour.
Some of the latest resources on DeepSAFE include our FAQ, landing page on McAfee.com, and demo video at IDF, if you’d like more information before the chat. Other questions before Thursday? Don’t hesitate to reach out to us @McAfeeBusiness.
#SecChat this Thursday 8/25 – Securing the Next Generation Data Center
The modern data center is in transformation. Driven by industry trends in virtualization, cloud computing and green IT, data centers are now called upon to store, process and secure more information than ever before. Still, the data center remains the heart and soul of an enterprise’s technical infrastructure, and gaps in security can result in everything from brand damage and legal fees to regulatory fines and service downtime.
On Thursday we’ll host another #SecChat, and open the floor to discuss the challenges associated with securing the next generation data center. Some topics we’ll touch on:
-What types of initiatives and projects do you have underway or planned for your data center, and at what stage – design, post-design, implementation or post-implementation – do you think security should be a consideration?
-When it comes to consolidation, virtualization and cloud computing, are you using the same security solutions to protect both your virtual and physical environments?
-What and how many security products do you have deployed, and do you feel that having multiple vendors is causing any gaps in your protection?
-On the technical side, how important is protecting your hypervisor in your virtual environment, and which industry associations or analysts are you following to get guidance on your data center initiatives?
Recently, we ran a data center security study with Brocade, and discovered 62 percent of respondents are planning or engaged in data center upgrades, (many due to increased use of virtualization). Additionally, 29 percent of the respondents report that scaling server virtualization is a concern, and 32 percent report that bandwidth and traffic engineering are pressing issues. We’d like to hear from participants around these concerns, and if the survey results reflect a similar sentiment in your enterprise.
Join us this Thursday (8/25) at 11am PT by following the #SecChat hashtag and @McAfeeBusiness Twitter feed to share your thoughts and get constructive feedback as we discuss the latest trends, challenges and solutions in data center security.
As always, we welcome your comments and suggestions on this and any future #SecChat topics.
Logistics: How do I participate in #SecChat?
- Find
- Search for the #SecChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream, starting at 11am PT this Thursday (8/25).
- Follow
- At 11am PT @McAfeeBusiness will get the conversation rolling by posing a few questions to participants.
- Engage!
- Tweet your reactions, questions and @reply’s to the chat, making sure to use the #SecChat hashtag.
- #SecChat should last about an hour.
Questions before Thursday? Find us on Twitter at @McAfeeBusiness.
July #SecChat Recap – Security Conferences
Last month, we hosted our monthly #SecChat on Security Conferences – what makes them worthwhile and how they can be improved. We wanted to gain insight from you, the attendees and presenters, into what conference organizers are doing right and wrong, and how mainstream security events will need to evolve in order to stay relevant in a web 2.0 world.
To begin the conversation, we asked if our participants thought that security conferences kept up with the latest trends, and if not, what should be added or updated. @JGamblin responded that large security conferences have a natural tendency to be behind the curve 3-6 months due to the CFP process, an observation supported by several participants, including @chort0 and @msarrel. @SecRunner and @gattaca also pointed out that larger conferences tend to have too many vendor-focused presentations.
Many participants recommended smaller conferences for their ability to organize quickly, which in turn allows them to deliver more timely information. @gattaca recommended BSides, SchmooCon and DefCon as conferences that are more likely to have current information, while @danielkennedy74 noted that though smaller conferences have a community feel, they also tend to be quickly overwhelmed.
We then asked participants what the benefits were in attending large security conferences. The majority of participants believed that networking was the biggest draw, with @lewisnic, @chort0 and @SecRunner (among others) all saying that they looked forward to discussions with different people and being exposed to new views and approaches. Indeed, as @danielkennedy74 pointed out, “A strategic security person must be exposed to different things (like both vendors and hard tech), and be wary of comfort zones.”
@Wh1t3Rabbit then noted that a main problem of security conferences is the lack of audience participation, while other participants criticized conference speakers for failing to engage the audience. @gattaca asserted, “if you can’t tell a story without slides, you can’t tell a story.” Participants then offered creative ways for presenters to increase audience participation, such as through quizzes, polls and raffles, as suggested by @jtyrus. @JGamblin shared his creative way to increase audience engagement, by giving away boxes of movie candy at all of his talks. Overall, as @djbphaedrus put it, speakers must make their environment dynamic and give participants a chance to find and speak about their own ideas.
Another recommendation that cropped up was the idea that security conferences need to take better advantage of social media. As I mentioned during the chat, so long as an audience can connect to a channel like Twitter through a smartphone, laptop or other mobile device, a presentation can become instantly interactive through real-time polls and Q&A sessions. Many participants, including @danielkennedy74 and @msarrel, also suggested that conferences broadcast their talks live online. Speakers can then phone in or join the conversation through social media channels and, as an added incentive for organizers, @lewisnic noted that posting slides and content online is a great way for conferences to showcase their content and attract attendees.
In sum, many participants agreed that interaction and communication are crucial to the value of any conference, whether big or small. Stay tuned for our next #SecChat towards the end of August, topic will be announced soon. Feel free to tweet at @McAfeeBusiness with any questions/feedback in the meantime.