The first Security Zone event was held in 2011, as a group of people within the Colombian infosec community decided to do a national event on information security. They reached out to Ian Aamit and asked him to name a selection of recognized information security speakers to invite to Cali, Colombia. Good sport that he is, he not only gave them the names, but also helped talking these experts into coming.
In only two years, Security Zone went from being an event held only in Cali (a city south-east in Colombia) to one taking place both there and in Bogota, the nation's capital. Technically, there are two events, and I only went to the one in Cali due to time constraints on my part.
The ambitions of Security Zone organizers does not stop at Bogota. They have set their sights on creating an event that will target the entire South- and Latin American region. If they continue with the good work they have done so far, I have no doubts about them reaching this goal.
The two-day event was officially opened by Maria Isabel Mejia Jaramillo, the Colombian Vice Minister of Technology and Information Systems / Government CIO. She spoke of the importance of information security, and how important active involvement and ownership of the C-suits are for creating and maintaining a good level of security. She also mentioned how important security culture is, both at a national level and in organizations.
Colombia is also very concerned about privacy. They are actively cooperating with many entities around the world to create their own quality privacy laws.
In 2012, Law 1582 was officially passed. As the comparable European privacy law, its focus is on purpose, transparency of use, and informed consent.
The aforementioned Ian Aamit was one of the Cali eventís two keynote speakers. He made the message very clear that all infosec efforts must be aligned to business targets and goals. "Your job as a security professional is risk management. That means you must focus on business first, not technology first," he stated.
The second keynote was done by me, and I spoke about security culture, focusing on reasons why the security professional needs to ask for help from both HR and Marketing when it comes to designing and implementing successful awareness programs.
Most of the other sessions were technical, and ranged from mobile hacking to the ISO/IEC27002 standard. I got the impression that the participants of the conference enjoyed it a lot, and that they appreciated the high quality of the sessions.
I was very taken by the beauty of Colombia. The nature and the people there are simply fantastic - open-minded, welcoming and caring.