I was fortunate to speak at QCon San Francisco, CA on November 20 discussing Service Security and my own journey on understanding security but more importantly how services can be hacked. It was interesting when examining the audience to see a mixture of participants but the lack of questions was a little disconcerning. I could take three things from that:
1) Everyone in the audience was familiar with service hacking / security.
2) People are not very familiar and were afraid to ask questions or didn't understand the content.
3) People were not interested.
Since the audience stayed for the entire presentation and questions were basic, I think the majority of the audience was in category 2.
With the increasing discussion on Cloud Computing (QCON was loaded with Cloud presentations as was SOA / Cloud Symposium 2.0/1.0) security had very little presence. In understanding security, my own education was due to a client requirement. With just a couple months of effort, I was able to better understand the security technology. The harder part has been in understanding the hacking culture, finding helpful material and approaches and how that impacts services I create. Here is the link to the QCon presentation.