March 18, 2012    /    by

Perspectives on IT Security in Eastern Europe: First Impressions from Two Very Different Cities

I traveled to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012.

I was blessed with the opportunity to travel to Eastern Europe last week to speak at two different one day cybersecurity conferences that are a part of a series of events known as the IDC IT Security Roadshow 2012. This was the tenth anniversary of this excellent IDC conference series. I previously had the privilege to speak at their event in Moscow two years ago. (After that Moscow conference, I wrote this blog.)  

So here are my initial impressions. I intend to write another piece over the next few months with some more detailed observations. (At the end of this blog, I’ll offer some answers to several background questions related to the trip.)

First Impressions:

1)      Almost everyone I met in Eastern Europe speaks English – Both conferences had simultaneous translation with headsets. However, the majority of conference attendees didn’t need the headsets, since they spoke both English and their local language. Most of the sessions were in English.

2)      The people were wonderful – I met dozens of people during the trip. Everyone I met was kind, professional and articulate. The discussions were similar to the questions asked at conferences I speak at in the USA. However, conference attendees wanted to know more about governance, how we get (or strengthen) a security budget, how to get buy-in for cyber and how many security staff we have in Michigan.

3)      Cybersecurity (or “IT Security” as they called it) is a hot conversation topic all over Eastern Europe – Take a look at the specific conference agendas for both Prague and Sofia.  You may not be surprised by what you see, since the items are just as in depth and intriguing as most US security events. No doubt that the breadth of speakers was wider in Prague, as the conference was larger (over 200 people in Prague versus about 175ish in Sofia).

4)      Cloud Computing and mobile applications are also hot issues – just as in the USA. What was on the mind of attendees during Q/A panel sessions? Implementing public and private clouds as well as smartphone security. 

5)      The security appliance market is the fastest growing segment with products like “Unified Threat Management” coming on strong. 

6)      Prague is a headquarters for many European companies. I was surprised by the number of businesses that had their European HQs in Prague. On the other hand, there was a lack of the same technology buzz in Sofia.

7)      Budgets (and staffing levels) are lower for security in Eastern Europe. The organizations described to me were all struggling with justifying even a few dedicated cyber professionals.  

8)      IDC has their act together. These were great security events that were well-planned and professionally orchestrated.

9)      Prague is a beautiful city with a rich history and pride that I vastly underestimated. We had a great time relearning about Charles IV and the amazing history of Prague. The many tourist stores were everywhere, and mall prices were similar to the US mall prices.

10)   Bulgaria is economically poor in the European Union with a tragic history. Average monthly Bulgarian income in 2008 was 384 Euros. One recent IDC report stated that last year the country purchased a total (public and private sector) of $9 million (US) worth of IT security goods and services. (This will shock my security team who think that we are way under-staffed.) Still, there one million smartphones and seven million citizens in Bulgaria.

11)   Bulgaria has beautiful mountains, excellent skiing and seashore resorts on the Black Sea. The history of the country is amazing – dating back thousands of years. Over the past hundred years is a sad tale that they are trying to overcome. They have great wines and nice restaurants in Sofia.

12)   Best complement I received - One person was very surprised that I was a government employee – saying that government speakers in their country are “boring and put us to sleep.” He wanted to know, “Why are you in government?” And yet, both countries had many governments employees and attendees at the conference.

13)   Most interesting person I met – A man named Boris from Bulgaria who was a CISSP, go-getter. He started as a bodyguard (he’s big) without a degree or any qualifications, but he’s worked his way into a senior consulting role in cybersecurity. His passion and expertise were obvious as he spoke and answered questions fluently in several languages. Very impressive. I also met an FBI agent from the Baltic region as well as several cyber experts from the US who are now expats living in Europe.

14)   I was surprised to see New Horizons training as well as many other western companies represented at these events. Many of these businesses have parent companies in the USA. The FBI is also helping the law enforcement agencies with cyber cases in many of these Eastern European countries as well.

15) The students that I spoke with in Sofia, after a special speaking event at their IT Academy on Weds night, were very smart with good questions. Despite a lack of modern university facilities, there was a thirst for knowledge and a passion to learn. Local software companies were helping with building local technology talent.

Here is some other information that you may find interesting. These are the typical questions that I have been asked in the past by my colleagues in government and the private sector when I return from overseas as they try and process what I’m telling them about technology and security in a very different part of the world.

Why do I speak at these overseas technology and security events?

Beyond the kind invitations, I truly enjoy seeing and hearing about our security business from other perspectives, in other cultures, in other languages. We all know that the Internet is a globally-connected mesh of devices, and yet many professionals only see the network from an American (US) perspective. The articles and speeches we hear in the USA on cyber can become fairly predictable and repetitive, if we’re not careful to listen to others.

Although I have traveled fairly extensively around Western Europe and even lived in the United Kingdom (UK) for almost seven years in the 1990s, this was my first visit to both Prague (Czech Republic) and Sofia (Bulgaria). My daughter Katherine, who is on Spring break from her college in Chicago, traveled with me, which made the trip especially enjoyable. I also enjoy sightseeing in new places and different cultures with very unique histories. 

Nevertheless, I limit my overseas travel - turning down the vast majority of international invitations to speak at conferences, so I can get the work done at home. I often route conference requests to respected colleagues around the country when I can't attend. Many friends are surprised that security and technology conferences are becoming much more widespread, with new events in Asia and even the Middle East now starting up.  

Who pays for this and how do I get work done in such remote places?

OK – this always comes up. For all of my auditor-friends out there who (rightfully) keep track of these things…  Yes, I was on annual leave all week (smile). Since we did quite a bit of sightseeing, I need to be above reproach on any overseas trips, even though my management insisted I did not need to use leave time on the days when I was participating in the conferences. Of course, IDC paid for my travel and conference entry expenses, so I didn’t charge the Michigan government for the trip.

In both cities, the excellent hotels had free (fast) Wifi that worked with my iPad. I was able to keep up with work email and even stay in touch with my family using Facetime video, although the video cut out at times and needed to be reconnected. (Note: even though my 3G Verizon mobile connectivity did not work on my iPad, this was only a minor inconvenience.) 

Why do I bring family members along?

I plan on doing a separate blog on this topic later in April. But needless to say, this is always the best part of the trip for me.  Katherine has been on many trips with me over the years, including a similar trip to speak at a global ICT conference in 2009 in South Africa. I’m a big believer in not just bringing our daughters and sons to work, but bringing our children on the road with us, when they are at the appropriate age to understand and handle the situations.

I love this saying: “If you want to go fast, go alone. If you want to go far, go together.”  Not only does Katherine enjoy and learn from the experiences, I am a better speaker through her advice and help.

I started bringing Katherine to conferences with me when she was nine years old. She is now 19 and seen numerous cities with me all over the USA and the world. I ask skeptics: is there a better way to build strong, positive relationships and teach our children at the same time? More than that, it makes the trips fun and memorable.

As in the trip to Moscow, I sometimes bring my wife Priscilla with me rather than my children. And yet, oftentimes, she cannot get away due to family and school commitments. So why not bring one of you children with you to a conference or training event? 

Wrap-up

In conclusion, cybersecurity is a hot topic all over the world – as you might expect. According to the conference organizers and colleagues I spoke with, the IT Security Roadshows events are the most popular events that IDC offers in Eastern Europe – surpassing even their Cloud Computing and Datacenter Transformation Roadshows over time.

I learned a lot on the trip about cybersecurity projects and programs around Europe. But perhaps no lesson was more important than to be thankful for the resources and teams we have in the USA to fight cyber crime and mitigate risk.

 

 Photo: Dan and Katherine Lohrmann in Prague