eBay Red Team confab aims to help security officers

eBay is trying to help CISOs (chief information security officers) build a common front in the war against cybercrime.

The company played host to chief security officers and a handful of technology vendors this week, holding its annual Red Team security conference at the company's San Jose campus, billing it as a networking opportunity for security professionals where they could discuss areas of common concern.

"What we were trying to do was to get all the CISOs together," said eBay CISO Dave Cullinane. "We're dealing with similar problems, almost all of us."

While companies using Internet technology may be facing a common set of problems these days, they haven't always shared information with their peers. That's because if news of a hacked server or a data breach is leaked to the press, it can become a public-relations disaster for the company involved.

This has helped keep many cybercrime victims quiet, even when dealing with law enforcement. Cullinane, who came to eBay in late 2006 after working in the banking industry, wants to change that.

That's why he kicked off Red Team a year ago, inspired by the BITS forum, an information-sharing confab hosted for the financial services industry.

Although BITS has been around for more than 10 years, there wasn't a comparable event for technology companies such as eBay before Red Team started, Cullinane said. "I think the IT piece was so specialized that everybody had the idea that, 'My company is unique,'" he said.

It turns out that this isn't necessarily the case.

At this week's conference, CISOs discussed common issues, including how they are pursuing cross-border investigations and what they think of the security products they were using.

The second-ever Red Team conference ran Monday and Tuesday. The first day of the conference focused on CISO issues, while on day two, the discussion was opened up to security vendors such as iSight Partners and Cisco, which gave presentations on the state of security.

While there are a lot of security conferences, Red Team is unusual because it is hosted by a company facing many of the same challenges as CISOs, said Robert Rodriguez, a security consultant who attended this year's conference.

That's important because a venue such as Red Team gives executives a way to get to know and trust each other, he said. "CISOs are talking more about sharing data than ever before," Rodriguez said.

Microsoft hosts a similar security conference, called Blue Hat, but that event is designed to educate Microsoft executives and developers. While plenty of eBay's technical staff were on hand at Red Team, it was also open to attendees from other companies.

eBay isn't the only Silicon Valley company hosting a technology gathering this week.

Starting Thursday, Yahoo will host the fourth Internet Security Operations and Intelligence conference at its Sunnyvale campus. This is another closed-door event where security professionals have a candid exchange of information about the latest security threats. In the past it has been hosted by Microsoft and Cisco.