Hello from a stopped Amtrak train near Aberdeen, MD.
I just wanted to spend a few minutes to let you know that the SCAP Conference was almost a total bust. This would be mainly due to no new information. At least last year, I left the conference with the hope that things would change through a new 800-37 or the final release of the 800-53A.
This year was mainly about scanning. For someone who has done more than a couple scans, it was painful. Dr. Ron put on his usual show about the future and how great things will be eventually. Other speakers lacked public speaking ability which took away from their content. Don't even get me started on the grammar errors in the presentations or the blatant "I am great. Look at what I can do, but you f%#!ers are screwed".
If you were a vendor, then this was probably a dream for you. Captive audience with a narrow focus. If you could spell SCAP, then you were set. But I am not here to ding the vendors, that's just how capitalism works. There were a few good sessions on how SCAP works, which some of those vendors found to be news. While empowering the attendants to understand what to look for when choosing a product.
CSAM is now a web based product which I somehow missed. I didn't get to see it but my new friend Shawn likes it.
They seem to be very proud of themselves for getting the IC and DoD on board with some of the 800 series. I suppose that is good, but I got tired of hearing about it after the 16th time.
I would have preferred to have seen more discussion around turning assessment results into meaningful risk management processes. But alas (as the Rolling Stones said), you can't always get what you want.