Network security: What do Britney Spears, the Wizard of Oz and the Dark Market have in common?

Last week's RSA Conference in San Francisco was as intriguing as past years. In fact we’ve found that security experts can say the darndest things. Here are a few choice memories from the RSA Conference 2009:

* Enrique Salem, Symantec’s new president and CEO since April 4 following John Thompson’s retirement. Who is this dude? Well, in an interview he told me when it comes to music, he likes classic rock, grunge and in particular Don Henley. But he’s so fond of his 12-year-old daughter, he’s willing to endure a Britney Spears concert on her behalf. He’s an avid cycling and skiing nut, hitting the winter slopes at Park City, Utah. Formerly Symantec’s chief operating officer and in much earlier days a software engineer, Salem says his first hours as leader of the multi-billion security, storage and systems management giant, with consumer and enterprise lines of business, have been an interesting shift. That’s because he’s noticed his top assistants “don’t want things to come to me” from people inside the organization pressing for his attention. They’re worried he’ll be subsumed by endless detail. So he says he’s quickly learning “you want to delegate the decision-making” while maintaining “a level of accountability in an organization.”

* Lt. General Keith Alexander, director of the National Security Agency and chief of the central security service. The NSA has this reputation as the shadowy but giant agency of the U.S. government involved in high-tech surveillance, so Gen. Alexander’s appearance for a keynote at RSA was a bit like the Wizard of Oz stepping out from behind the curtain. He made it clear he’s just a regular guy who finds it “wonderful” to be “digitally connected.” But he reminded us we might want to be concerned about terrorists, the Chinese military and the type of “cyber-riots” that hit Estonia, but from where? He was too tactful to say. And oh yes, he acknowledged that at the NSA “we make mistakes, And when we do we self-report.” By the way, they’re hiring…Speaking of the NSA, Dickie George, the agency’s technical director in the information assurance evaluations group, was on a panel at RSA discussing interoperability and he opined about the NSA experience: “You can’t have special users with special needs. Getting people to understand they’re not all that special is hard.”

* Keith Mularski, FBI special agent. It is special when you are involved in an FBI sting operation, as Mularski was last year in infiltrating undercover an online carding forum selling stolen payment-card information spanning several countries. Mularski described how the success of the so-called “Dark Market” operation take-down can be attributed to international cooperation with law-enforcement abroad, including Turkey and Germany. And the amazing part: The undercover Mularski had convinced the crime bosses online he was just another cyber-crook. Then he managed to get the entire crime operation to migrate from their server, which was having problems, over to his—which gave the FBI a clear look into entire operation. Mularski’s remarks about the cyber-crook mindset: “They always want instant gratification. If you’re not online all the time, they think you’ve been arrested.”